W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

Spec for RSA-OAEP doesn't say what to do for null or missing or array buffer view labels

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 09 Jul 2014 15:05:08 -0400
Message-ID: <53BD9264.8030000@mit.edu>
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
The spec IDL says:

dictionary RsaOaepParams : Algorithm {
   // The optional label/application data to associate with the message
   CryptoOperationData? label;

but the prose assumes that "label" is an ArrayBuffer.  Specifically, the 
prose says:

   the contents of label member of normalizedAlgorithm as the label, L,

where "content of" links to 
which is only defined for ArrayBuffer instances.  But 
CryptoOperationData can be an array buffer view, and "label" might be 
null or missing given the above IDL.

I expect we actually want to remove the '?' from the IDL there, say what 
L should be if "label" is missing, and define "content of" to work on 
all CryptoOperationData, not just ArrayBuffers.

Received on Wednesday, 9 July 2014 19:05:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC