I think it'd be cool if the browser had some sort of crypto "black box" (although open to inspection) that you could just send messages to without using JavaScript. Sorta like a software-defined TPM that handles crypto-related doodads.
"But doesn't TLS cover that???"
Only if you trust your server.
"Why wouldn't you do that???"
The National Security Letter.
idk how you'd divert messages to this black box. It'd probably have to be HTTP level and signalled with special headers as to what cryptographic operations you want performed.
@Elizafox it this point that's probably why we added javascript
@Elizafox arent you thinking of like a gpg plugin
but without the gpg part
@CobaltVelvet I am kinda thinking of that
@CobaltVelvet thinking about it more
yeah
@Elizafox @CobaltVelvet also, you need to decide whether a softtpm is acceptable
@CobaltVelvet We added JavaScript so people could make bloated atrocious websites that didn't really need it