- From: Mountie Lee <mountie.lee@gmail.com>
- Date: Sun, 29 Jul 2012 12:55:41 +0900
- To: Ryan Sleevi <sleevi@google.com>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
- Message-ID: <CAE-+aYJmi0j+gBk=_modDVDsWmC14_KcuCny+BUn5zZMAF47yQ@mail.gmail.com>
Hi. Ryan. thanks for your answer. as my understanding, the initial requirement has include "sign with user confirmation". that means the sign data must be same to the message shown to user screen. just with "sequence of bytes" are not enough for previous requirements. if it is handled in high level API, my additional question is is their any mechanism for preventing secret key material changes or other sensitive cryptographic values and settings changes? regards mountie. On Sun, Jul 29, 2012 at 10:41 AM, Ryan Sleevi <sleevi@google.com> wrote: > Hi Mountie, > > There were early discussions about page encodings and normalization, > when the API included both a high-level and a low-level component. > Following our recent Working Group face to face, the Working Group has > resolved to focus on the low-level API and ensure that it's in a > deliverable state, and then revisit the ideas for a high-level API. > > By virtue of being a low-level API, issues such as encoding are left > to the application author. This can be seen also in the removal of > DOMString (which is UTF-16) from being a valid input to the > CryptoOperation.processData method, since that would have opened > questions of "Is it a sequence of bytes or is it a string?" > > Right now, the API's interaction with data streams is accomplished via > ArrayBuffer/ArrayBufferViews, which are treated as opaque sequences of > bytes. Any further normalization or canonicalization should thus be > done at an application layer. > > Does this answer your question? > > On Sat, Jul 28, 2012 at 5:25 PM, mountie.lee@gmail.com > <mountie.lee@gmail.com> wrote: > > > >> Hi. > >> I'm Mountie Lee from Korea. > >> > >> when I read http://www.w3.org/2012/webcrypto/WebCryptoAPI/ and searched > >> archive at http://lists.w3.org/Archives/Public/public-webcrypto/ > >> > >> I can not find discussion about page encodings. > >> > >> because WebCryptoAPI is Javascript dependent and developers have to > >> consider page encodings always. > >> > >> many asian sites use local encodings (EUC-KR, Shift-JIS, GB2312 ...) > >> and by the page encodings, > >> the javascript operation result is different. > >> > >> please anyone inform me the discussio thread for page encodings. > >> > >> regards > >> mountie. > >> > >> -- > >> Mountie Lee > >> > >> Tel : +82 2 2140 2700 > >> E-Mail : mountie@paygate.net > >> Twitter : mountielee > > > -- Mountie Lee Tel : +82 2 2140 2700 E-Mail : mountie@paygate.net Twitter : mountielee ======================================= PayGate Inc. THE STANDARD FOR ONLINE PAYMENT for Korea, Japan, China, and the World
Received on Sunday, 29 July 2012 03:56:30 UTC