Re: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API]

Among the algorithms defined in
draft-ietf-jose-json-web-algorithms-05, most "alg" parameter values
could be adopted by our low-level API without problem. The only
problematic ones seem to be the AES algorithms, such as A128CBC and
A128GCM, which specify the key size. In a low-level crypto API, the
key size is usually an attribute of the key object as opposed to the
algorithm identifier.

The ECDSA "alg" parameter values such as ES256 and ES384 have a
similar problem. The elliptic curve (P-256 or P-384, which determines
the key size) is usually considered an attribute of the key object in
a low-level crypto API.

We have to resolve this difference before we can adopt the "alg"
parameter values defined in draft-ietf-jose-json-web-algorithms-05 --
is the key size (or the curve name for EC keys) an attribute of the
key or the algorithm?  It seems awkward to create a special rule in
our low-level API to handle the key size/curve info in the algorithm
identifier string shorthand.


Received on Wednesday, 8 August 2012 14:27:39 UTC