W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2013

Re: IANA registry for WebCrypto?

From: Ryan Sleevi <sleevi@google.com>
Date: Wed, 23 Jan 2013 20:24:49 -0800
Message-ID: <CACvaWvaHNxhUK02p2EHfoBM0Sowj0FhHHK380K--wANjJp+hcw@mail.gmail.com>
To: Richard Barnes <rbarnes@bbn.com>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Jan 23, 2013 at 7:43 PM, Richard Barnes <rbarnes@bbn.com> wrote:
> To try to direct this to a more concrete proposal for what would go in an "algorithm identifier" document / registry:
>
> -----BEGIN STRAW-MAN-----
> 1. An algorithm identifier is a JavaScript dictionary of the same general form defined in the current WebCrypto spec.  Entries in the dictionary may be JSON types or ArrayBufferViews.
>
> 2. Algorithm identifiers may be serialized/deserialized by applying JSON encoding/decoding, with Base64 encoding/decoding applied to fields that contain ArrayBufferViews.
>
> 3. Algorithms may have "short names" that represent an algorithm identifier with some fixed parameters.  The expansion of short names must be specified in a separate document.
>
> 4. Define the following registries:
> 4.1. Algorithms: names, parameters, spec reference
> 4.2. Algorithm short names: name, spec reference
> -----END STRAW-MAN-----
>
> This is basically the WebCrypto spec (1, 4.1) with some bits about how to play nice with serialization and abbreviation (2, 3, 4.2).  The function of the "short names" part is to make explicit the connection between shorter on the wire identifiers and API identifiers, so that developers don't have to figure it out on their own.
>
> I don't care if this document gets written in the IETF or W3C, as long as it's common to WebCrypto and JOSE.  I would be happy to edit it.
>
> --Richard

And now, added to the registry proposal, is a proposal for
1) JOSE parallelism (which was previously resolved)
2) An attempt to provide a wire-level encoding for all API parameters
(by attempting to define a "toJSON" / "fromJSON" function for WebIDL /
web native objects)
3) Create an API where all sorts of weird or ambiguous combinations of
parameters must be handled, and which makes error handling ambiguous,
at best,

eg: { 'iv': 'foo' }

a) Did the author intend for the IV to be the octets corresponding to
the US-ASCII representation of the string 'foo'?
b) Did the author intend for the IV to be the octets corresponding to
the UTF-16 representation (eg: DOMString) of the string 'foo'?
c) Did the author make a mistake and treat a byte sequence as a string?
d) Or is that a base64 encoded string 'foo' that should be decoded?


>
>
>
>
> On Jan 18, 2013, at 2:47 PM, Harry Halpin <hhalpin@w3.org> wrote:
>
>> Folks,
>>
>> W3C had an internal review of the WebCrypto speak, and it was brought up that W3C doesn't normally run registries once a WG is closed, in general it remains closed and so there's so lack of clarity about who would run the registry. However, we have a good history with working with IANA over such registries. Would anyone in the WG be opposed to modifying the spec so that the registry for algorithms in WebCrypto was run by IANA?
>>
>> I've opened up the discussion with IANA folks and we'll have their answer back at some point fairly shortly I think.
>>
>>   cheers,
>>      harry
>>
>>
>
>
Received on Thursday, 24 January 2013 04:25:17 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC