W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

Spec for RSA-OAEP doesn't say what to do for null or missing or array buffer view labels

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 09 Jul 2014 15:05:08 -0400
Message-ID: <53BD9264.8030000@mit.edu>
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
The spec IDL says:

dictionary RsaOaepParams : Algorithm {
   // The optional label/application data to associate with the message
   CryptoOperationData? label;
};

but the prose assumes that "label" is an ArrayBuffer.  Specifically, the 
prose says:

   the contents of label member of normalizedAlgorithm as the label, L,

where "content of" links to 
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#concept-contents-of-arraybuffer 
which is only defined for ArrayBuffer instances.  But 
CryptoOperationData can be an array buffer view, and "label" might be 
null or missing given the above IDL.

I expect we actually want to remove the '?' from the IDL there, say what 
L should be if "label" is missing, and define "content of" to work on 
all CryptoOperationData, not just ArrayBuffers.

-Boris
Received on Wednesday, 9 July 2014 19:05:37 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC