What about other certificate attributes, such as common name, subject, issuer, etc? Also, should application be able to limit the certificate lifetime? Regards, _____________ Roman Shpount On Sat, Jul 4, 2015 at 3:30 PM, Martin Thomson <martin.thomson@gmail.com> wrote: > > On Jul 3, 2015 10:59 PM, "Bernard Aboba" <Bernard.Aboba@microsoft.com> > wrote: > > A. Can only the keygenAlgorithm be set? What about other aspects like > key length or hash algorithm? > > The answer is yes to length and partially to hash. You need to know the > length to generate a key: WebCrypto makes that a mandatory parameter. > > For hash, WebCrypto bakes the hash algorithm into the RSA key generation > parameters, but not EC for some reason. An early proposal had an extra > parameter for selecting the hash algorithm, but discussion with Ryan led to > the current form, where the browser chooses. > > As a practical matter, that means if you have a decode that chokes on > SHA-256, you will be sad. > > > B. Is it possible to add other attributes to the RTCCertificate > interface, such as the fingerprint? > > Yes. The current form is purposefully minimal. It's easier to add things > than remove them in my experience. If we have enthusiasm for a fingerprint > attribute, I'm not opposed to adding one. >
Received on Monday, 6 July 2015 18:01:06 UTC