W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 26315] New: ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous

From: <bugzilla@jessica.w3.org>
Date: Sat, 12 Jul 2014 01:25:19 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26315-7213@http.www.w3.org/Bugs/Public/>

            Bug ID: 26315
           Summary: ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: sleevi@google.com
                CC: bal@microsoft.com, public-webcrypto@w3.org

Raised by Brian on 

The current (
https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html )
spec language for ECDSA/ECDH handling of EC keys states

"If params is not an instance of the namedCurve ASN.1 type defined in RFC 5480"

This was seen as confusing. The intent was to specify that of the choice of
ECParameters, only the namedCurve choice was acceptable (e.g. implicitCurve and
specifiedCurve) are NOT supported.

As Brian interpreted, and as others may reasonably do so, this was seen as
constraining the contents of the OIDs to those specified in of RFC 5480
( http://tools.ietf.org/html/rfc5480#section- ). While is clear
to indicate other specifications may describe additional types, it's still
ambiguous because WebCrypto may choose to allow OIDs for which no
specifications updating 5480 exist - e.g. the NUMS curves

One possible language modification is
"If params is an instance of the ECParameters ASN.1 type that specifies a

but that may still be seen as ambiguous.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Saturday, 12 July 2014 01:25:20 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC