- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Wed, 20 Nov 2019 16:23:26 +0000
- To: public-web-nfc@w3.org
The plan is to support creating and reading NDEF Signature records, but - Web NFC won't sign any records or messages: applications need to do that - Web NFC won't check any signatures: applications need to do that - Key management is out of scope: applications need to do that. The `data` property will access the raw bytes of the NDEF signature. However, we could define the structure of a signature record (according to the Signature RTD spec) and include an algorithm to parse signatures (exposed as a new function on NDEFRecord, which kind of sucks). Also, creation of signatures could use the dictionaries defined for signature. ```javascript dictionary NDEFSignature { required octet version; required Signature signature; required CertificateChain certificates; }; dictionary Signature { required boolean linked; // true: data = URL, false: data = signature required octet type; // sig type mapped to integers 0..4 required unsigned short length; // 16 bits required ArrayBuffer data; // signature or URL to the signature }; dictionary CertificateChain { required boolean linked; // URI_Present in the Signature RTD required CertificateFormat format; USVString url; // only present if linked is true required octet length; // number of certs required sequence<ArrayBuffer> store; // certificates: length, value }; ``` In the Signature RTD there are quite complex rules, too. We could deem this too complex and leave NDEF signatures completely in the applications' hands, including the structure of the payload (i.e. expose only the raw bytes and creating only from raw bytes - which sounds dangerous without doing any validation). Thoughts welcome. -- GitHub Notification of comment by zolkis Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/363#issuecomment-556083175 using your GitHub account
Received on Wednesday, 20 November 2019 16:23:27 UTC