W3C home > Mailing lists > Public > public-webcrypto@w3.org > August 2012

Re: crypto-ISSUE-13: Relationship between the W3C Web Cryptography work product and the IETF JOSE WG [Web Cryptography API]

From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 8 Aug 2012 07:27:02 -0700
Message-ID: <CALTJjxH=uUAqcmCLMEWLX-AYDgV3L2Nrnj5bE927E6ZtsRTYCA@mail.gmail.com>
To: Ryan Sleevi <sleevi@google.com>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Among the algorithms defined in
draft-ietf-jose-json-web-algorithms-05, most "alg" parameter values
could be adopted by our low-level API without problem. The only
problematic ones seem to be the AES algorithms, such as A128CBC and
A128GCM, which specify the key size. In a low-level crypto API, the
key size is usually an attribute of the key object as opposed to the
algorithm identifier.

The ECDSA "alg" parameter values such as ES256 and ES384 have a
similar problem. The elliptic curve (P-256 or P-384, which determines
the key size) is usually considered an attribute of the key object in
a low-level crypto API.

We have to resolve this difference before we can adopt the "alg"
parameter values defined in draft-ietf-jose-json-web-algorithms-05 --
is the key size (or the curve name for EC keys) an attribute of the
key or the algorithm?  It seems awkward to create a special rule in
our low-level API to handle the key size/curve info in the algorithm
identifier string shorthand.

Received on Wednesday, 8 August 2012 14:27:39 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:25 UTC