- From: Jim Schaad <web-platform-tests-notifications@w3.org>
- Date: Wed, 08 Jun 2016 19:36:11 GMT
- To: public-web-platform-tests-notifications@w3.org
The check for 1 does not need to check just the variations of the same algorithm. It would also check that one does not use, for example, an RSA-PSS key in an RSA-OAEP operation. One of the things that people have managed to mess up with JOSE implemenations is that they permit the use of an RSA key object to be used as the key for an HMAC operation. This check prevents this type of thing from happening assuming you do the key and HMAC operation separately. I'll review everything again later today. View on GitHub: https://github.com/w3c/web-platform-tests/pull/3110#issuecomment-224703277
Received on Wednesday, 8 June 2016 19:36:18 UTC