Re: IANA registry for WebCrypto? from Richard Barnes on 2013-01-18 (public-webcrypto@w3.org from January 2013)

From: Richard Barnes <rbarnes@bbn.com>
Date: Fri, 18 Jan 2013 15:19:24 -0500
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-Id: <911FF91A-F30D-4D43-9454-815DCE982A2A@bbn.com>

On Jan 18, 2013, at 2:56 PM, Harry Halpin <hhalpin@w3.org> wrote:

> On 01/18/2013 08:53 PM, Richard Barnes wrote:
>> Another way to solve this would be to kick the algorithm ID specification over to JOSE.  ISTM that it would be a good idea in general for the two groups to use the same algorithm identifiers.
> 
> I believe that was already discussed and there were two different levels of abstractions re ciphersuites/defaults. That is, I think, still the case. Is it not?
> 
> Regardless, I'll bring that option up with the Security ADs and see if we can find a quick way to solve this.


I don't think that's really accurate.  There aren't any defaults in JOSE either.  The main differences are: 

1. JOSE provides some short names for combinations of algorithms

WebCrypto: { name: "HMAC", params: { hash: "SHA-256" } }
JOSE: "HS256"


2. JOSE stores algorithm parameters outside the algorithm field (all of the information is still there)

WebCrypto: { name: "AES-GCM", params: { iv: /* ArrayBufferView */ } }
JOSE: { enc: "A128GCM" }.[base64(iv)]


In both cases, the net semantic content is the same.  Honestly I think both sides could benefit from aligning; the end result might be less verbose than the current WebCrypto syntax, and more clearly constructed than the current JOSE syntax.

--Richard









>   cheers,
>      harry
> 
>> 
>> --Richard
>> 
>> 
>> 
>> On Jan 18, 2013, at 2:47 PM, Harry Halpin <hhalpin@w3.org> wrote:
>> 
>>> Folks,
>>> 
>>> W3C had an internal review of the WebCrypto speak, and it was brought up that W3C doesn't normally run registries once a WG is closed, in general it remains closed and so there's so lack of clarity about who would run the registry. However, we have a good history with working with IANA over such registries. Would anyone in the WG be opposed to modifying the spec so that the registry for algorithms in WebCrypto was run by IANA?
>>> 
>>> I've opened up the discussion with IANA folks and we'll have their answer back at some point fairly shortly I think.
>>> 
>>>   cheers,
>>>      harry
>>> 
>>> 
> 
>

Received on Friday, 18 January 2013 20:19:51 UTC