On Dec 2, 2015 12:01 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: > > > Ryan, > > It would be useful to know if the does not conform applies to both spki and pkcs8 or just to one of these. For Windows, there is support in the OS to deal with public keys that may not be present for private keys. This is going to potentially be the case for other browsers depending on how they handle certificates. > Both, and both fairly significantly. We wanted to try to have private keys retain as much of the original information (to prevent accidental cross-algorithm key share - such as using the same RSA key for OAEP, PSS, and SSA), and so the spec presently tries to be very specific in using the existing algorithm OIDs for this. The problem is that many/most of the fundamental libraries simply export as the simplest/common form, with no further specificity. Such as using id-RSAwhatever regardless of PSS, OAEP, and SSA. So to effectively have that protection, a UA would need to export from the underlying library, decode, then re-encode. It also makes wrapping/unwrapping necessary to do in the UA rather than the library, for similar reasons. Personally I don't think this is unreasonable, but I wanted other UAs feedback and plans, since right now none of us are doing what the spec says.
Received on Wednesday, 2 December 2015 20:09:42 UTC