W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > January 2013

Re: Prioritization of secondary features

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 31 Jan 2013 06:29:01 -0800
Message-ID: <CACvaWvY0YosDGe949M5r5KnGdoymVOTytOWcQ4mPUzzvWUUpqQ@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: Mountie Lee <mountie.lee@mw2.or.kr>, public-webcrypto-comments@w3.org, Aymeric Vitte <vitteaymeric@gmail.com>
Harry,

Surely when you said "put in the spec" you meant "put in a spec" - that is,
some other spec entirely. Right?

Because I absolutely positively do not see anything like this making it in
to our current work - both for reasons of interest (I have explained
several times the problems with what is being asked) and for reasons of
complexity.
On Jan 31, 2013 5:46 AM, "Harry Halpin" <hhalpin@w3.org> wrote:

>  On 01/31/2013 01:57 PM, Aymeric Vitte wrote:
>
> Hi,
>
> I think it's not in your list, then I would add :
>
> "Exposing the server certificate (possibly structured, if not we'll need a
> bullet-proof, signed, X.509 library) and path of the TLS connection as
> JavaScript objects." (
> http://www.w3.org/2012/webcrypto/wiki/Use_Cases#Miscellaneous)
>
> I have given examples already why it's needed [1], see another use case
> here [2] chapter 4.2 (and [3] for more details - the client identifies the
> server by checking that the pub_key used in the TLS handshake matches the
> certified_key received from the server in CERTS messages, where the
> certified_key is the pub_key signed with the id_priv_key of the server and
> therefore verified with its public id_pub_key)
>
>
> What is missing from these proposals is concrete, well-specified
> proposals. In other words, WebIDLs that we could put in the spec. Also,
> implementers would have to agree its reasonable to implement this
> functionality within the current WG's timeframe.
>
> So, please specify some example code!
>
>    cheers,
>      harry
>
>
> Regards,
>
> [1]
> http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Nov/0037.html
> [2]
> https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt
> [3] http://archives.seul.org/or/dev/Jan-2011/msg00052.html
>
> Le 31/01/2013 02:17, Mountie Lee a écrit :
>
> Hi.
>  at WebCrypto WG Charter (
> http://www.w3.org/2011/11/webcryptography-charter.html)
> following secondary features are listed.
>
>    - control of TLS session login/logout
>    - derivation of keys from TLS sessions
>    - a simplified data protection function
>    - multiple key containers
>    - key import/export
>    - a common method for accessing and defining properties of keys
>    - the lifecycle control of credentials such enrollment, selection, and
>    revocation of credentials with a focus enabling the selection of
>    certificates for signing and encryption
>
>  as discussed in previous concall,
> we need to set priority for secondary features.
>
>  I feel certificate related features has more priority than others.
> also TLS related features also have relationship with certificates.
>  so with my view, I listed following certificate related secondary
> features
>
>    - certificate enrollment
>       - this is different from key generation
>       - CMP can be considered.
>    - certificate validation
>       - certificate chain validation
>       - CRL or OCSP validation
>    - certificate selection with binded private key
>       - has UI related requirement
>    - access certificate extension fields
>       - including optional fields
>    - multi-origin crypto operation with certificate associated.
>    - control of TLS session login/logout
>    - derivation of keys from TLS sessions.
>
> any comments?
>
>  regards
>  mountie.
>
>  --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>
>
>
>
>
>
> --
> jCore
> Email :  avitte@jcore.fr
> iAnonym : http://www.ianonym.com
> node-Tor : https://www.github.com/Ayms/node-Tor
> GitHub : https://www.github.com/Ayms
> Web :    www.jcore.fr
> Webble : www.webble.it
> Extract Widget Mobile : www.extractwidget.com
> BlimpMe! : www.blimpme.com
>
>
>
Received on Thursday, 31 January 2013 14:29:29 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 31 January 2013 14:29:30 GMT