Re: Prioritization of secondary features

Sent from my iPhone

On Jan 31, 2013, at 5:47 AM, "Harry Halpin" <<>> wrote:

On 01/31/2013 01:57 PM, Aymeric Vitte wrote:

I think it's not in your list, then I would add :

"Exposing the server certificate (possibly structured, if not we'll need a bullet-proof, signed, X.509 library) and path of the TLS connection as JavaScript objects." (

I have given examples already why it's needed [1], see another use case here [2] chapter 4.2 (and [3] for more details - the client identifies the server by checking that the pub_key used in the TLS handshake matches the certified_key received from the server in CERTS messages, where the certified_key is the pub_key signed with the id_priv_key of the server and therefore verified with its public id_pub_key)

What is missing from these proposals is concrete, well-specified proposals. In other words, WebIDLs that we could put in the spec. Also, implementers would have to agree its reasonable to implement this functionality within the current WG's timeframe.

I believe the above should be the criteria for prioritization and so key import/export (which are already partially included in the spec) and key wrap/unwrap (for which we have a detailed proposal and a high probability of implementation) should go ahead.

... Mark

So, please specify some example code!




Le 31/01/2013 02:17, Mountie Lee a écrit :
at WebCrypto WG Charter (
following secondary features are listed.

  *   control of TLS session login/logout
  *   derivation of keys from TLS sessions
  *   a simplified data protection function
  *   multiple key containers
  *   key import/export
  *   a common method for accessing and defining properties of keys
  *   the lifecycle control of credentials such enrollment, selection, and revocation of credentials with a focus enabling the selection of certificates for signing and encryption

as discussed in previous concall,
we need to set priority for secondary features.

I feel certificate related features has more priority than others.
also TLS related features also have relationship with certificates.
so with my view, I listed following certificate related secondary features

  *   certificate enrollment
     *   this is different from key generation
     *   CMP can be considered.
  *   certificate validation
     *   certificate chain validation
     *   CRL or OCSP validation
  *   certificate selection with binded private key
     *   has UI related requirement
  *   access certificate extension fields
     *   including optional fields
  *   multi-origin crypto operation with certificate associated.
  *   control of TLS session login/logout
  *   derivation of keys from TLS sessions.

any comments?


Mountie Lee

Tel : +82 2 2140 2700
E-Mail :<>

PayGate Inc.
for Korea, Japan, China, and the World

Email :<>
iAnonym :
node-Tor :
GitHub :
Web :<>
Webble :<>
Extract Widget Mobile :<>
BlimpMe! :<>

Received on Thursday, 31 January 2013 15:44:50 UTC