Re: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API] from Jarred Nicholls on 2012-08-08 (public-webcrypto@w3.org from August 2012)

From: Jarred Nicholls <jarred@webkit.org>
Date: Wed, 8 Aug 2012 13:22:53 -0400
To: David Dahl <ddahl@mozilla.com>
Cc: Ryan Sleevi <sleevi@google.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CANufG2Pdtphrb8fGGRhVnwcWQww3r29dGjJYuC-oOUHFGBzYNw@mail.gmail.com>

On Wed, Aug 8, 2012 at 11:25 AM, David Dahl <ddahl@mozilla.com> wrote:

> ----- Original Message -----
> > From: "Ryan Sleevi" <sleevi@google.com>
> > To: "Web Cryptography Working Group" <public-webcrypto@w3.org>
> > Sent: Sunday, August 5, 2012 9:56:12 PM
> > Subject: Re: crypto-ISSUE-13: Relationship between the W3C Web
> Cryptography  work product and the IETF JOSE WG [Web
> > Cryptography API]
>
> > I'd like to propose that the current low-level API specifically
> > clarify that there is *no* specific or priviledged relationship to
> > the
> > IETF JOSE work.
> >
> > Specifically:
> > 1) Algorithm/AlgorithmParams does *not* need to be on-the-wire
> > equivalent to JWA parameters
> > 2) It is *not* required that algorithm short-names match their JWA
> > counterparts.
> >
> > My opinion is that this represents a generic API for use in the
> > client. One possible consumer, of many, may include the work-products
> > of the JOSE working group. However, I believe that they do not
> > represent the only consumer of this API, therefore I do not believe
> > it
> > makes sense to primarily design or tightly-couple this work to the
> > JOSE WG.
>
> +1 As this is a low-level API, I agree. I think JOSE is more directly
> compatible with a higher-level API. I can see using JOSE for either a
> high-level spec produced by this WG or by a high-level API written in
> content JS that consumes the Web Crypto API.
>
> Regards,
>
> David
>
>
+1

Received on Wednesday, 8 August 2012 17:23:42 UTC