- From: Aymeric Vitte <vitteaymeric@gmail.com>
- Date: Thu, 31 Jan 2013 13:57:58 +0100
- To: Mountie Lee <mountie.lee@mw2.or.kr>
- CC: public-webcrypto-comments@w3.org
- Message-ID: <510A6A56.9090503@gmail.com>
Hi, I think it's not in your list, then I would add : "Exposing the server certificate (possibly structured, if not we'll need a bullet-proof, signed, X.509 library) and path of the TLS connection as JavaScript objects." (http://www.w3.org/2012/webcrypto/wiki/Use_Cases#Miscellaneous) I have given examples already why it's needed [1], see another use case here [2] chapter 4.2 (and [3] for more details - the client identifies the server by checking that the pub_key used in the TLS handshake matches the certified_key received from the server in CERTS messages, where the certified_key is the pub_key signed with the id_priv_key of the server and therefore verified with its public id_pub_key) Regards, [1] http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Nov/0037.html [2] https://gitweb.torproject.org/torspec.git?a=blob_plain;hb=HEAD;f=tor-spec.txt [3] http://archives.seul.org/or/dev/Jan-2011/msg00052.html Le 31/01/2013 02:17, Mountie Lee a écrit : > Hi. > at WebCrypto WG Charter > (http://www.w3.org/2011/11/webcryptography-charter.html) > following secondary features are listed. > > * control of TLS session login/logout > * derivation of keys from TLS sessions > * a simplified data protection function > * multiple key containers > * key import/export > * a common method for accessing and defining properties of keys > * the lifecycle control of credentials such enrollment, selection, > and revocation of credentials with a focus enabling the selection > of certificates for signing and encryption > > as discussed in previous concall, > we need to set priority for secondary features. > > I feel certificate related features has more priority than others. > also TLS related features also have relationship with certificates. > so with my view, I listed following certificate related secondary > features > > * certificate enrollment > o this is different from key generation > o CMP can be considered. > * certificate validation > o certificate chain validation > o CRL or OCSP validation > * certificate selection with binded private key > o has UI related requirement > * access certificate extension fields > o including optional fields > * multi-origin crypto operation with certificate associated. > * control of TLS session login/logout > * derivation of keys from TLS sessions. > > any comments? > > regards > mountie. > > -- > Mountie Lee > > PayGate > CTO, CISSP > Tel : +82 2 2140 2700 > E-Mail : mountie@paygate.net <mailto:mountie@paygate.net> > ======================================= > PayGate Inc. > THE STANDARD FOR ONLINE PAYMENT > for Korea, Japan, China, and the World > > > > -- jCore Email : avitte@jcore.fr iAnonym : http://www.ianonym.com node-Tor : https://www.github.com/Ayms/node-Tor GitHub : https://www.github.com/Ayms Web : www.jcore.fr Webble : www.webble.it Extract Widget Mobile : www.extractwidget.com BlimpMe! : www.blimpme.com
Received on Thursday, 31 January 2013 12:55:31 UTC