--- a/Overview-UseCases.xml Tue Dec 18 16:45:09 2012 -0500
+++ b/Overview-UseCases.xml Tue Dec 18 16:56:27 2012 -0500
@@ -128,7 +128,7 @@
<ul>
<li><p><dfn id="WRAP">WRAP</dfn> which allows a web application to use a key to <em>wrap another key</em>, so that the wrapped key can be unwrapped by a party with the corresponding wrapping key, but is hard to obtain or unwrap by anyone without the corresponding wrapping key. While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript. <div class="ednote">Would WRAP and UNWRAP benefit from -SYM or -ASSYM qualifiers?</div></p></li>
<li><p><dfn id="UNWRAP">UNWRAP</dfn> which allows a web application to use a key to unwrap another encrypted key or key pair, which can then be used in standard cryptographic operations. While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript.</p>
- <div class="ednote"><p>This feature is subject to discussion, including further work by the <a href="#JOSE">JOSE WG</a>. See <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a> logged by the WebCrypto WG.</p></div>
+ <div class="ednote"><p>This feature is subject to discussion, including further work by the JOSE WG. See <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a> logged by the WebCrypto WG.</p></div>
</li>
<li><p><dfn id="NAMEDKEY">NAMEDKEY</dfn> which allows an application in JavaScript to discover a <dfn id="pre-prov">pre-provisioned</dfn> key within the scope of the application's origin, which exists at the time of the application's first invocation, and has not been derived, generated or imported by the application using any of the features listed above; such keys may have been provisioned by a device manufacturer, for example, and the JavaSript application can access them for initial authorization and authentication at time of first invocation. </p>
@@ -355,7 +355,7 @@
<div id='encryptedWebMail' class='section'>
<h3>Encrypted Communications via Webmail</h3>
<p>Tantek wishes to communicate with Ryan securely. Moreover, Tantek wishes to use an email web application (EWA) provided by a third party, which is a web site that allows users who have accounts to set up email accounts of their own choosing -- that is, users can enter in existing POP/IMAP/SMTP username and password credentials, or simply use an email address provided by the EWA at its own address. The EWA serves to send messages, as well as provide a message store available from anywhere. It allows for the possibility of sending encrypted messages.</p>
- <p>Ryan provides a PGP key on his website, encoded in the relevant conventions. For instance, he uses <a href="#microformats">microformats</a> where relevant, and follows the common practice of including a Base64 text string that represents his public key.</p>
+ <p>Ryan provides a PGP key on his website, encoded in the relevant conventions. For instance, he follows the common practice of including a Base64 text string that represents his public key.</p>
<div class="example">
<p>Ryan uses the <a href="#hcard">hCard</a> format to encapsulate contact information with some semantic annotation within the markup of his webpage. Within the <a href="#hcard">hCard</a>, he does something like this:</p>
<x:codeblock language="es">
@@ -372,9 +372,9 @@
</x:codeblock>
<p>The ellipsis have been added for brevity.</p>
</div>
-<p>Logging on to EWA, Tantek is prompted to import Ryan's contact information from his web page, and is notified that Ryan's public key will also be imported. EWA then begins the process of importing Ryan's PGP key, since it understands how to parse public keys within <a href="#hCard">hCard</a> content. In order to import the key for storage under EWA's origin, it must first "scrub" the key format to be in one of the accepted import formats of the <a href="#WebCrypto">WebCrypto API</a>.</p>
+<p>Logging on to EWA, Tantek is prompted to import Ryan's contact information from his web page, and is notified that Ryan's public key will also be imported. EWA then begins the process of importing Ryan's PGP key, since it understands how to parse public keys within <a href="#hCard">hCard</a> content (see also <a href="#keyexamples">key examples</a>). In order to import the key for storage under EWA's origin, it must first "scrub" the key format to be in one of the accepted import formats of the <a href="#WebCrypto">WebCrypto API</a>.</p>
<div class="example">
-<p>Here, the Contacts API [cf. <a href="#MozillaContacts">Mozilla</a>][cf. <a href="#GoogleContacts">Google</a>][cf. <a href="#DAPContacts">DAP</a>] could be used to procure Ryan's contact information, and can be one way of importing the key for use by an application such as EWA. Due the same origin policy [cf. <a href="#HTML">HTML</a>], EWA must import the key, so that operations conducted with it fall under the domain of EWA. Assume this importing is done, and convert the key to <a href="#JWK">JSON Web Key</a> format, which the <a href="#WebCrypto">WebCrypto API</a> accepts if converted to octets.</p>
+<p>Here, the Contacts API [cf. <a href="#MozillaContacts">Mozilla</a>][cf. <a href="#GoogleContacts">Google</a>][cf. <a href="#DAPContacts">DAP</a>] could be used to procure Ryan's contact information, and can be one way of importing the key for use by an application such as EWA. Due the same origin policy [cf. <a href="#HTML">HTML</a>], EWA must import the key, so that operations conducted with it fall under the domain of EWA. Convert the key to <a href="#JWK">JSON Web Key</a> format, which the <a href="#WebCrypto">WebCrypto API</a> accepts if converted to octets, and then import it for use within the web application.</p>
<x:codeblock language="es">
<span class="comment">/**
1. First convert the PGP key format into an "importable" format by the WebCrypto API; assume "keyString" is the PGP format
@@ -460,10 +460,6 @@
<dd><cite><a href="http://tools.ietf.org/html/rfc5246">The Transport Layer Security (TLS) Protocol</a></cite>, T. Dierks, E. Rescorla. W3C</dd>
<dt id='OTR'>OTR</dt>
<dd><cite><a href="http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html">Off-the-Record Messaging Protocol version 3</a></cite>, cypherpunks.ca</dd>
- <dt id='JOSE'>JOSE WG</dt>
- <dd><cite><a href="https://tools.ietf.org/wg/jose/">The JOSE (JavaScript Object Signing and Encryption) WG</a></cite>, IETF</dd>
- <dt id='microformats'>Microformats</dt>
- <dd><cite><a href="http://www.microformats.org/">Microformats</a></cite>, microformats.org</dd>
<dt id='hcard'>hCard</dt>
<dd><cite><a href="http://microformats.org/wiki/hcard">hCard</a></cite>, T. Celik, B. Suda, microformats.org</dd>
<dt id='keyexamples'>Microformats Key Examples</dt>
@@ -477,7 +473,7 @@
<dt id="DAPContacts">Pick Contacts Intent</dt>
<dd><cite><a href="http://www.w3.org/TR/contacts-api/">Pick Contacts Intent</a></cite>, R. Tibbett, R. Berjon, W3C</dd>
<dt id="HTML">HTML</dt>
- <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html">HTML Living Standard</a></cite>, WHATWG</dd>
+ <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html">HTML Living Standard</a></cite>I. Hickson, WHATWG</dd>
</dl>
--- a/Overview.html Tue Dec 18 16:45:09 2012 -0500
+++ b/Overview.html Tue Dec 18 16:56:27 2012 -0500
@@ -144,7 +144,7 @@
<ul>
<li><p><dfn id="WRAP">WRAP</dfn> which allows a web application to use a key to <em>wrap another key</em>, so that the wrapped key can be unwrapped by a party with the corresponding wrapping key, but is hard to obtain or unwrap by anyone without the corresponding wrapping key. While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript. <div class="ednote"><div class="ednoteHeader">Editorial note</div>Would WRAP and UNWRAP benefit from -SYM or -ASSYM qualifiers?</div></p></li>
<li><p><dfn id="UNWRAP">UNWRAP</dfn> which allows a web application to use a key to unwrap another encrypted key or key pair, which can then be used in standard cryptographic operations. While it is possible to create a key-wrapping and unwrapping mechanism with the other features listed, this feature provides a way to do so without exposing the key to be wrapped to JavaScript.</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>This feature is subject to discussion, including further work by the <a href="#JOSE">JOSE WG</a>. See <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a> logged by the WebCrypto WG.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>This feature is subject to discussion, including further work by the JOSE WG. See <a href="https://www.w3.org/2012/webcrypto/track/issues/35">ISSUE-35</a> logged by the WebCrypto WG.</p></div>
</li>
<li><p><dfn id="NAMEDKEY">NAMEDKEY</dfn> which allows an application in JavaScript to discover a <dfn id="pre-prov">pre-provisioned</dfn> key within the scope of the application's origin, which exists at the time of the application's first invocation, and has not been derived, generated or imported by the application using any of the features listed above; such keys may have been provisioned by a device manufacturer, for example, and the JavaSript application can access them for initial authorization and authentication at time of first invocation. </p>
@@ -371,7 +371,7 @@
<div id="encryptedWebMail" class="section">
<h3>3.4. Encrypted Communications via Webmail</h3>
<p>Tantek wishes to communicate with Ryan securely. Moreover, Tantek wishes to use an email web application (EWA) provided by a third party, which is a web site that allows users who have accounts to set up email accounts of their own choosing -- that is, users can enter in existing POP/IMAP/SMTP username and password credentials, or simply use an email address provided by the EWA at its own address. The EWA serves to send messages, as well as provide a message store available from anywhere. It allows for the possibility of sending encrypted messages.</p>
- <p>Ryan provides a PGP key on his website, encoded in the relevant conventions. For instance, he uses <a href="#microformats">microformats</a> where relevant, and follows the common practice of including a Base64 text string that represents his public key.</p>
+ <p>Ryan provides a PGP key on his website, encoded in the relevant conventions. For instance, he follows the common practice of including a Base64 text string that represents his public key.</p>
<div class="example"><div class="exampleHeader">Example</div>
<p>Ryan uses the <a href="#hcard">hCard</a> format to encapsulate contact information with some semantic annotation within the markup of his webpage. Within the <a href="#hcard">hCard</a>, he does something like this:</p>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
@@ -388,9 +388,9 @@
</code></pre></div></div>
<p>The ellipsis have been added for brevity.</p>
</div>
-<p>Logging on to EWA, Tantek is prompted to import Ryan's contact information from his web page, and is notified that Ryan's public key will also be imported. EWA then begins the process of importing Ryan's PGP key, since it understands how to parse public keys within <a href="#hCard">hCard</a> content. In order to import the key for storage under EWA's origin, it must first "scrub" the key format to be in one of the accepted import formats of the <a href="#WebCrypto">WebCrypto API</a>.</p>
+<p>Logging on to EWA, Tantek is prompted to import Ryan's contact information from his web page, and is notified that Ryan's public key will also be imported. EWA then begins the process of importing Ryan's PGP key, since it understands how to parse public keys within <a href="#hCard">hCard</a> content (see also <a href="#keyexamples">key examples</a>). In order to import the key for storage under EWA's origin, it must first "scrub" the key format to be in one of the accepted import formats of the <a href="#WebCrypto">WebCrypto API</a>.</p>
<div class="example"><div class="exampleHeader">Example</div>
-<p>Here, the Contacts API [cf. <a href="#MozillaContacts">Mozilla</a>][cf. <a href="#GoogleContacts">Google</a>][cf. <a href="#DAPContacts">DAP</a>] could be used to procure Ryan's contact information, and can be one way of importing the key for use by an application such as EWA. Due the same origin policy [cf. <a href="#HTML">HTML</a>], EWA must import the key, so that operations conducted with it fall under the domain of EWA. Assume this importing is done, and convert the key to <a href="#JWK">JSON Web Key</a> format, which the <a href="#WebCrypto">WebCrypto API</a> accepts if converted to octets.</p>
+<p>Here, the Contacts API [cf. <a href="#MozillaContacts">Mozilla</a>][cf. <a href="#GoogleContacts">Google</a>][cf. <a href="#DAPContacts">DAP</a>] could be used to procure Ryan's contact information, and can be one way of importing the key for use by an application such as EWA. Due the same origin policy [cf. <a href="#HTML">HTML</a>], EWA must import the key, so that operations conducted with it fall under the domain of EWA. Convert the key to <a href="#JWK">JSON Web Key</a> format, which the <a href="#WebCrypto">WebCrypto API</a> accepts if converted to octets, and then import it for use within the web application.</p>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">ECMAScript</span></div><div class="blockContent"><pre class="code"><code class="es-code">
<span class="comment">/**
1. First convert the PGP key format into an "importable" format by the WebCrypto API; assume "keyString" is the PGP format
@@ -476,10 +476,6 @@
<dd><cite><a href="http://tools.ietf.org/html/rfc5246">The Transport Layer Security (TLS) Protocol</a></cite>, T. Dierks, E. Rescorla. W3C</dd>
<dt id="OTR">OTR</dt>
<dd><cite><a href="http://www.cypherpunks.ca/otr/Protocol-v3-4.0.0.html">Off-the-Record Messaging Protocol version 3</a></cite>, cypherpunks.ca</dd>
- <dt id="JOSE">JOSE WG</dt>
- <dd><cite><a href="https://tools.ietf.org/wg/jose/">The JOSE (JavaScript Object Signing and Encryption) WG</a></cite>, IETF</dd>
- <dt id="microformats">Microformats</dt>
- <dd><cite><a href="http://www.microformats.org/">Microformats</a></cite>, microformats.org</dd>
<dt id="hcard">hCard</dt>
<dd><cite><a href="http://microformats.org/wiki/hcard">hCard</a></cite>, T. Celik, B. Suda, microformats.org</dd>
<dt id="keyexamples">Microformats Key Examples</dt>
@@ -493,7 +489,7 @@
<dt id="DAPContacts">Pick Contacts Intent</dt>
<dd><cite><a href="http://www.w3.org/TR/contacts-api/">Pick Contacts Intent</a></cite>, R. Tibbett, R. Berjon, W3C</dd>
<dt id="HTML">HTML</dt>
- <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html">HTML Living Standard</a></cite>, WHATWG</dd>
+ <dd><cite><a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/network.html">HTML Living Standard</a></cite>I. Hickson, WHATWG</dd>
</dl>