- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 28 Mar 2016 09:54:07 -0700
- To: Jim Schaad <ietf@augustcellars.com>
- Cc: public-webcrypto@w3.org, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Ryan Hurst <rmh@google.com>
- Message-ID: <CACvaWvaVv70qK=peP-GYQpHB7j7bhUy8TDEMVxccTuV1VgYh+w@mail.gmail.com>
On Mar 28, 2016 9:45 AM, "Jim Schaad" <ietf@augustcellars.com> wrote: > > > > > > From: Ryan Sleevi [mailto:sleevi@google.com] > Sent: Monday, March 28, 2016 12:57 AM > To: Jim Schaad <ietf@augustcellars.com> > Cc: public-webcrypto@w3.org; Ryan Hurst <rmh@google.com>; GALINDO Virginie <Virginie.Galindo@gemalto.com> > Subject: Re: Commitment request from Mozilla and/or Microsoft > > > > > On Mar 27, 2016 6:59 PM, "Jim Schaad" <ietf@augustcellars.com> wrote: > > > > Can we get a commitment from Mozilla and/or Microsoft to implement the > > import and export of private keys using the pkcs8 structure for ECDSA and > > ECDH? > > > > This is the gating factor to keeping the option 1 ASN.1 import/export > > functions as outlined in my previous mail. > > > > As the chair - can you try and get answers for this Virginie? > > > > Jim > > Jim, > > Is there a reason you focused only on ECDSA and ECDH, rather than RSA (PKCS#1 v1.5, PSS, and OAEP)? > > Regardless of scope, the question you pose has been repeatedly asked and left unanswered for several months. I appreciate the new calls for it, but we are precisely in this position because of the multiple unanswered calls in the past, on the list, from the chair, and from other implementors. > > Ryan, > > Because, as implied in my message above, for the option 1 that I laid out in a previous message they all work. I believe that I have done a successful import of keys for RSA v1.5, RSA PSS and RSA OAEP using the rsaEncryption OID. Jim, for the reasons outlined in my previous message, I hope you can realize that while this interoperability is a positive step, it is insufficient for the level of the Web Platform. As we try to clean up the past decades' worth of decisions like this, and the interoperability problems it has caused, we should be wise to not repeat it. If an implementation exposes behaviour, it should be specced, so that other implementations can expose similar behaviour. If there is not consensus to expose that behaviour, it should be removed. For that reason, the RSA algorithms are and remain a problem, even with the rsaEncryption interoperability. I simply must stress this - your proposal does not solve the concerns for RSA, and we still need implementors to assist. > I have successfully done import for ECDSA and ECDH for JWK public, JWK private, and ASN.1 public using ecPublicKey but do not have a success for using ecPublicKey to do private key import. > > Jim > >
Received on Monday, 28 March 2016 16:54:35 UTC