W3C home > Mailing lists > Public > public-webcrypto@w3.org > November 2012

Re: PKCS#7 digital signature in WebCrypto API

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 29 Nov 2012 17:29:06 -0800
Message-ID: <CACvaWvZzMoXzrPD5w4mh-d1K2TZQ64egt92_nqS5TRM0-33C3A@mail.gmail.com>
To: Mountie Lee <mountie.lee@mw2.or.kr>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
On Thu, Nov 29, 2012 at 4:52 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
> Hi.
>
> is it possible to generate PKCS#7 digital signature with current API?
>
> the current API spec seams supporting only PKCS#1 for digital signature
> format.
>
> I know discussions about certificate is not on the rail.
> but my question is
> is our API is ready to expand supporting PKCS#7?
>
> regards
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>

CMS is not a signature format. It's a message encapsulation format.

JOSE is ideologically equivalent to CMS, except using a JSON representation.

Regardless, you can implement CMS with the necessary low-level
primitives afforded by this API. I do not believe we should provide a
high-level API for it. I view this as equivalent to the built in
"built-in jQuery/MooTools/prototype.js" argument - which is to say, I
do not support working on CMS, for the same reasons that no one in
WEBAPPS would consider it viable to implement syntactic sugar like
jQuery.

Can you point to any aspect of PKCS#7/CMS that cannot be implemented
in client-side Javascript when backed with browser-provided keys?
Received on Friday, 30 November 2012 01:29:34 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:14 UTC