- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 10 Nov 2014 23:16:38 -0800
- To: Anders Rundgren <anders.rundgren.net@gmail.com>
- Cc: public-webcrypto-comments@w3.org
Received on Tuesday, 11 November 2014 07:17:05 UTC
The TL:DR is that for a number of libraries, omitting these has profound security implications. It is also a MUST from PKCS#1, and so to support export of valid PKCS#1, it is implicitly a MUST for import of JWK. Also, it's just plain good security. On Nov 10, 2014 9:08 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com> wrote: > On 2014-11-11 07:55, Ryan Sleevi wrote: > >> >> It is perfectly described as far as what the spec goes, to the same >> degree at least that none of the implementations support RSA keys that are >> not multiples of 8 bits, or that some only support keys of certain sizes. >> >> > I see, you mean that it is up to each implementer to decide if JWK's > SHOULD is to be interpreted as a MUST? > > Anders > > On Nov 10, 2014 7:12 PM, "Anders Rundgren" <anders.rundgren.net@gmail.com >> <mailto:anders.rundgren.net@gmail.com>> wrote: >> >> http://www.ietf.org/mail-archive/web/jose/current/msg04661.html >> >> That is, JWK's SHOULD regarding "p", "q", "dp", "dq", "qi" has in >> WebCrypto been interpreted as a MUST. >> This can't be entirely obvious neither for implementers nor users. >> >> Anders >> >> >
Received on Tuesday, 11 November 2014 07:17:05 UTC