- From: Charles Engelke <web-platform-tests-notifications@w3.org>
- Date: Wed, 08 Jun 2016 19:43:51 GMT
- To: public-web-platform-tests-notifications@w3.org
Thanks. As for the RSA-PSS/RSA-OAEP issue, there should be no way to create an RSA-PSS key with the "encrypt" or "decrypt" usage (per tests for generateKey and importKey), and there are tests here for keys without the needed usage. So wouldn't that cover things? Charlie On Wed, Jun 8, 2016 at 3:36 PM, Jim Schaad <notifications@github.com> wrote: > The check for 1 does not need to check just the variations of the same > algorithm. It would also check that one does not use, for example, an > RSA-PSS key in an RSA-OAEP operation. One of the things that people have > managed to mess up with JOSE implemenations is that they permit the use of > an RSA key object to be used as the key for an HMAC operation. This check > prevents this type of thing from happening assuming you do the key and HMAC > operation separately. > > I'll review everything again later today. > > — > You are receiving this because you were mentioned. > Reply to this email directly, view it on GitHub > <https://github.com/w3c/web-platform-tests/pull/3110#issuecomment-224703277>, > or mute the thread > <https://github.com/notifications/unsubscribe/AAE_N780V6YpkSYqlhHZhT0bqqgl533Oks5qJxmmgaJpZM4ItxzV> > . > View on GitHub: https://github.com/w3c/web-platform-tests/pull/3110#issuecomment-224705280
Received on Wednesday, 8 June 2016 19:43:59 UTC