Re: [w3c/push-api] Define and use the p256dh/auth internal slots (PR #414)

@saschanaz commented on this pull request.



> @@ -757,16 +756,11 @@ <h2>
           </li>
           <li>Set |subscription|'s {{PushSubscription/options}} attribute to |options|.
           </li>
-          <li>Generate a new P-256 <a>ECDH</a> key pair [[ANSI-X9-62]]. Store the private key in an
-          internal slot on |subscription|; this value MUST NOT be made available to applications.
-          The public key is also stored in an internal slot and can be retrieved by calling the
-          {{PushSubscription/getKey()}} method of the {{PushSubscription}} with an argument of
-          {{PushEncryptionKeyName/"p256dh"}}.
+          <li>Set |subscription|'s [=P-256 ECDH key pair=] to the result of generating a new P-256
+          [=ECDH=] key pair [[ANSI-X9-62]].

But I don't understand tihs. ANSI X9.62 doesn't seem to be about ECDH, it's about ECDSA per what I see. X9.63 is about ECDH. Something to fix in a separate patch?

>            </li>
-          <li>Generate a new authentication secret, which is a sequence of octets as defined in
-          [[RFC8291]]. Store the authentication secret in an internal slot on |subscription|. This
-          key can be retrieved by calling the {{PushSubscription/getKey()}} method of the
-          {{PushSubscription}} with an argument of {{PushEncryptionKeyName/"auth"}}.
+          <li>Set |subscription|'s [=authentication secret=] to the result of generating a new
+          authentication secret, which is a sequence of octets as defined in [[RFC8291]].

```suggestion
          authentication secret, which is a sequence of octets as defined in [[RFC8291]] Section
          3.2.
```

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/push-api/pull/414#discussion_r2572067048
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/push-api/pull/414/review/3519442702@github.com>