- From: Zoltan Kis via GitHub <sysbot+gh@w3.org>
- Date: Wed, 20 Nov 2019 16:23:26 +0000
- To: public-web-nfc@w3.org
The plan is to support creating and reading NDEF Signature records, but
- Web NFC won't sign any records or messages: applications need to do that
- Web NFC won't check any signatures: applications need to do that
- Key management is out of scope: applications need to do that.
The `data` property will access the raw bytes of the NDEF signature.
However, we could define the structure of a signature record (according to the Signature RTD spec) and include an algorithm to parse signatures (exposed as a new function on NDEFRecord, which kind of sucks). Also, creation of signatures could use the dictionaries defined for signature.
```javascript
dictionary NDEFSignature {
required octet version;
required Signature signature;
required CertificateChain certificates;
};
dictionary Signature {
required boolean linked; // true: data = URL, false: data = signature
required octet type; // sig type mapped to integers 0..4
required unsigned short length; // 16 bits
required ArrayBuffer data; // signature or URL to the signature
};
dictionary CertificateChain {
required boolean linked; // URI_Present in the Signature RTD
required CertificateFormat format;
USVString url; // only present if linked is true
required octet length; // number of certs
required sequence<ArrayBuffer> store; // certificates: length, value
};
```
In the Signature RTD there are quite complex rules, too.
We could deem this too complex and leave NDEF signatures completely in the applications' hands, including the structure of the payload (i.e. expose only the raw bytes and creating only from raw bytes - which sounds dangerous without doing any validation).
Thoughts welcome.
--
GitHub Notification of comment by zolkis
Please view or discuss this issue at https://github.com/w3c/web-nfc/issues/363#issuecomment-556083175 using your GitHub account
Received on Wednesday, 20 November 2019 16:23:27 UTC