Re: ASN.1 Encoding/Decoding Compatability

On 12/04/2015 01:22 AM, Ryan Sleevi wrote:
>
>
> On Dec 3, 2015 8:35 PM, "Harry Halpin" <hhalpin@w3.org
> <mailto:hhalpin@w3.org>> wrote:
> >
> >
> > Seems like an implementation bug to me.
> >
>
> ... That's what I said. But it isn't an implementation bug of the key
> libraries. That is, BoringSSL doesn't have a bug because it doesn't
> export what WebCrypto expects. The WebCrypto implementation in Chrome
> has the bug. BoringSSL is behaving exactly as BoringSSL says it does.
>

Glad we are not asking the key libraries to do work for WebCrypto.
However, while I agree that the browser code does the required changes
to the key formats, do we have agreement and a timeframe from any
implementer?

If not, we could then chose the option of just supporting JWK and put
fixing this is the next revised CR. We cannot delay PR by more than a
month or so, there is already complaints from the Advisory Committee
that we have not reached Rec. yet and there would be problems getting a
'maintenance mode' charter through without reaching Rec. first.

                cheers,
                      harry


> (I realize in saying the exact same thing I said in my previous email,
> but hopefully putting concrete terms makes it easier to understand)
>
> > Yes, but you are asking for a modification in underlying key
> libraries across all browsers?
>
> ... No again. In fact, I was suggesting the opposite. I'm saying
> Safari would need to work around CommonCrypto. Edge would need to work
> around CryptoAPI. Chrome would need to work around BoringSSL. Firefox
> would need to work around NSS.
>
> Sure, the libraries could change, but that was explicitly what I was
> NOT suggesting; I was suggesting the browsers would need to carry code
> to deal with the situation, unless and until the libraries did change.
>
> But that isn't a years long thing. That's a few dozen eng-hours. But
> we need consensus that is the right and acceptable way to solve this -
> that we agree to work around our libraries differences.
>
> > Do you think this is realistic, and if so, within which time-frame
> would you expect it to ship?
> >
>
> I don't, which is why I never suggested it, and laid out multiple ways
> to avoid it.
>
> Hopefully this makes it clearer what Option 1 is, because it sounds
> like you have a very different idea in mind.
>

Received on Friday, 4 December 2015 20:29:44 UTC