- From: Wan-Teh Chang <wtc@google.com>
- Date: Wed, 8 Aug 2012 07:27:02 -0700
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Among the algorithms defined in draft-ietf-jose-json-web-algorithms-05, most "alg" parameter values could be adopted by our low-level API without problem. The only problematic ones seem to be the AES algorithms, such as A128CBC and A128GCM, which specify the key size. In a low-level crypto API, the key size is usually an attribute of the key object as opposed to the algorithm identifier. The ECDSA "alg" parameter values such as ES256 and ES384 have a similar problem. The elliptic curve (P-256 or P-384, which determines the key size) is usually considered an attribute of the key object in a low-level crypto API. We have to resolve this difference before we can adopt the "alg" parameter values defined in draft-ietf-jose-json-web-algorithms-05 -- is the key size (or the curve name for EC keys) an attribute of the key or the algorithm? It seems awkward to create a special rule in our low-level API to handle the key size/curve info in the algorithm identifier string shorthand. Wan-Teh
Received on Wednesday, 8 August 2012 14:27:39 UTC