Re: Issue 195: Certificate Management API from Roman Shpount on 2015-09-22 (public-ortc@w3.org from September 2015)

From: Roman Shpount <rshpount@turbobridge.com>
Date: Tue, 22 Sep 2015 13:23:49 -0400
To: Bernard Aboba <Bernard.Aboba@microsoft.com>
Cc: "public-ortc@w3.org" <public-ortc@w3.org>
Message-ID: <CAD5OKxv_mPzEZHz1ypCdE0NNZcdUtMP_6SOC0EhoDgaVhjZyfQ@mail.gmail.com>

Should we add optional parameter of type HashAlgorithmIdentifier (
https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#dfn-HashAlgorithmIdentifier)
to generateCertificate?

It seems strange that it is not there already.

_____________
Roman Shpount

On Tue, Sep 22, 2015 at 1:00 PM, Bernard Aboba <Bernard.Aboba@microsoft.com>
wrote:

> WebRTC 1.0 added an (optional) Certificate Management API in Section 5.5
> in the last Editor’s draft.   This appears needed in ORTC API in order to
> solve the DtlsTransport forking problem.
>
>
>
> So below find the proposed text to be inserted in Section 15.   Some
> oddities found in the API:
>
>
>
> a.       keygenAlgorithm only specifies the algorithm used to generate
> the key – it does not specify the hash algorithm.  So if in future we
> needed to transition from SHA-256 to some other hash algorithm, it isn’t
> clear how that would happen.
>
> b.      In practice, implementations are likely to use the certificate
> generation functionality in the underlying DTLS implementation (e.g.
> BoringSSL, OpenSSL, S-Channel, etc.).  So why the references to WebCrypto?
>
>
>

Received on Tuesday, 22 September 2015 17:24:18 UTC