[Bug 17682] Clear Key: Document how keys and key IDs are associated from bugzilla@jessica.w3.org on 2013-09-04 (public-html-bugzilla@w3.org from September 2013)

From: <bugzilla@jessica.w3.org>
Date: Wed, 04 Sep 2013 01:40:43 +0000
To: public-html-bugzilla@w3.org
Message-ID: <bug-17682-2486-U1hiMymobm@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=17682

David Dorwin <ddorwin@google.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|FIXED                       |---

--- Comment #11 from David Dorwin <ddorwin@google.com> ---
Re-opening to get and track clarification on a few items.

1) The JSON is actually a JWK Set. I suggest the following changes:
 * "The key parameter of update() should be a JSON Web Key (JWK) _Set
containing_ representation..."
 * Maybe something like "For each JWK, when the 'key type'..."
 * "For example, the following _is a JWK Set containing_ a single..."

2) We should require at least one key in the set. (Otherwise an error should be
reported.)

3) "kid" is not mentioned in the text.
 * It should mentioned in the text and be required.
 * We should require that it be base64-encoded. (The examples in the IETF
document are not, and the format is not specified.) For our purposes, they will
always be binary values and should be encoded.

4) Is base64 padding required for all base64 values?
 * I think we should require it because it's easy to add when encoding and
simplifies the UAs.

5) Encoding: "The JSON string is encoded into the Uint8Array parameter using
ASCII-compatible character encoding."
 * How does the UA know which encoding is used?
 * Is an "ASCII-compatible character encoding" really what we want? It seems
that the definition [1] allows non-ASCII strings, which would require
additional complexity to handle even though there isn't a practical
application.
 * Should we just say "ASCII"?
 * Do we need to separately specify that the JSON should use UTF-8 encoding
(vs. other supported encodings)?

6) The linked IETF document has expired. What is the implication of this?

7) We may want to link to the actual JWK [Set] spec [2] as well.

[1]
http://www.w3.org/TR/html5/infrastructure.html#ascii-compatible-character-encoding
[2] http://tools.ietf.org/html/draft-jones-json-web-key

-- 
You are receiving this mail because:
You are the QA Contact for the bug.

Received on Wednesday, 4 September 2013 01:40:45 UTC