W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: Defaults: Getting concrete (round 2)

From: Richard Barnes <rbarnes@bbn.com>
Date: Tue, 23 Apr 2013 09:28:46 -0700
Cc: public-webcrypto@w3.org, Wan-Teh Chang <wtc@google.com>
Message-Id: <13B1CEA1-01D3-4BFE-97F9-4E176E1A113D@bbn.com>
To: Ryan Sleevi <sleevi@google.com>
/me notes that ISSUE-42 has been resolved in the ED.  Thanks!

--Richard



On Apr 23, 2013, at 9:19 AM, Richard Barnes <rbarnes@bbn.com> wrote:

> One point of consistency:  If you're truly going to have no defaults, there should be no "?" characters in AlgorithmParameters interfaces.  So every time you want to use GCM, you have to specify everything:
> 
> {
>  name: "AES-GCM",
>  iv: new Uint8Array(16), /* TODO: Make this random */
>  additionalData: new Uint8Array(0),
>  tagLength: 128
> }
> 
> This just seems mean-spirited, unnecessarily creating extra work for developers.  Am I the only one that hates to use APIs that don't make default things that are obvious?
> 
> (Also, the above reminds me: http://www.w3.org/2012/webcrypto/track/issues/42)
> 
> --Richard
> 
> 
> On Apr 23, 2013, at 7:25 AM, Ryan Sleevi <sleevi@google.com> wrote:
> 
>> 
>> On Apr 23, 2013 7:10 AM, "Richard Barnes" <rbarnes@bbn.com> wrote:
>>> 
>>> 
>>> On Apr 22, 2013, at 5:20 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>> 
>>>> On Mon, Apr 22, 2013 at 5:13 PM, Richard Barnes <rbarnes@bbn.com> wrote:
>>>>> 
>>>>> On Apr 22, 2013, at 7:50 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>>>> 
>>>>>> On Mon, Apr 22, 2013 at 4:36 PM, Richard Barnes <rbarnes@bbn.com> wrote:
>>>>>>> 
>>>>>>> As I've argued above, the implementation complexity is trivial, random generation plus maybe a counter.  It's not clear to me how you think this is inconsistent, given that there are already defaults for some parameters already (e.g. tagLength).  The only difference is that these are reset per operation.
>>>>>>> 
>>>>>> 
>>>>>> Good point. This seems like an oversight that tagLength has a default
>>>>>> - it should be removed, to be consistent.
>>>>> 
>>>>> Huh?  I thought we had agreed a few threads ago that it was sensible to have tagLength = 128 as a default.
>>>>> 
>>>>> --Richard
>>>>> 
>>>>> 
>>>> 
>>>> It was pointed out a few threads ago that = 0 was a bad default.
>>>> 
>>>> The real issue was supplying a default at all.
>>> 
>>> 
>>> That latter issue is new to the discussion.
>>> 
>>> In any case, summarily making a change like that without any WG discussion seems presumptuous of the editor.
>>> 
>>> --Richard
>> 
>> We've been over this before.
>> 
>> The WD reflects WG consensus. The ED reflects the editors' attempt to build that through ongoing changes to reflect the nature of discussion in the WG. The ED does not reflect a consensus document, but is used to inform and evaluate the options on the path to consensus.
>> 
>> Regardless of your personal position, you have heard (repeatedly) from others about the danger of defaults. You have rightly pointed out that there is a spec bug in tagLength default of 0. The natural resolution to this is to remove the singular case of defaults within this document, rather than use it as a point to advocate for more.
>> 
>> This is the W3C work mode, Richard. There are no unilateral decisions being made, so there is no need to suggest otherwise.
>> 
> 
> 
Received on Tuesday, 23 April 2013 16:29:14 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC