crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API]

crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/12

Raised by: Ryan Sleevi
On product: Web Cryptography API

During the July Face-to-Face, concern was raised about the fact that, as currently specified in the 1.10 draft, the AlgorithmParams does not make a distinction between algorithm-specific parameters and operation-specific parameters.

An example of this is seen by examining the AES-CTR definition. The initial value of the counter ('counter') is something that is operation-specific, whereas the length of the counter ('length') is seen to be algorithm-specific. For a given protocol that uses AES-CTR, the counter length is expected to remain constant for all operations, while the actual value of the counter is expected to change (such as from message to message)

Similarly, for RSA-OAEP, the hash ('hash') and mask generation function ('mgf') may be constant for multiple operations, whereas the authenticated data ('label') may change from operation to operation.

The question was raised as to whether the methods on the Crypto interface should take a separate dictionary of parameters.

Received on Monday, 6 August 2012 02:08:32 UTC