W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

Re: JOSE Last Call and ISSUE 28

From: Richard Barnes <rlb@ipv.sx>
Date: Wed, 9 Apr 2014 16:16:04 -0400
Message-ID: <CAL02cgRg=Xsv820RGH-ZqeBjoZ9gBgX3XF9GwoSR-tj9D=kCjg@mail.gmail.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
There already is such an appendix.  I don't think we need more.


On Wed, Apr 9, 2014 at 4:08 PM, Mike Jones <Michael.Jones@microsoft.com>wrote:

> I don't think that the "ask JOSE to do this" option is a viable option,
> given that this was discussed in JOSE multiple times and it was repeatedly
> decided not to support structured algorithm identifiers.  Some of this
> discussion is recorded at http://trac.tools.ietf.org/wg/jose/trac/ticket/7
> .
>
> I would personally advocate supporting those JWA identifiers that make
> sense in WebCrypto, but if that isn't done, I would at least suggest having
> an appendix listing the correspondence between the JWA identifiers and the
> corresponding structured WebCrypto algorithm identifiers.  That would at
> least increase the chance of developers understanding the correspondence
> correctly.
>
>                                 -- Mike
>
> -----Original Message-----
> From: Harry Halpin [mailto:hhalpin@w3.org]
> Sent: Monday, April 07, 2014 12:48 PM
> To: public-webcrypto@w3.org
> Subject: JOSE Last Call and ISSUE 28
>
> Before we exit Last Call we should deal with the "algorithm shortname for
> ciphersuites" issue (Issue 28) and close it officially.
>
> Note that JOSE Web Algorithms is still in Last Call [1] as well.
>
> Do we have any desire in particular to allow the short names used by JOSE
> in our spec, or at least clear conversion function that generates an
> Algorithm object for a given JOSE ciphersuite (so that "PS256"
> specified keys in JOSE is automagically converted to RSA-PSS using
> SHA-256/MG-1 ala http://www.w3.org/2012/webcrypto/track/issues/28?
>
> Or do we ask JOSE to do this?
>
> Or do we expect developers to handle this?
>
> Also, as regards the SAAG comments, in may be useful to look at Mike's
> security concerns section [1], where he deals with the same issues brought
> up by the SAAG on WebCrypto.
>
>    cheers,
>      harry
>
> [1] http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-25
>
>
>
Received on Wednesday, 9 April 2014 20:16:32 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC