- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 13 Aug 2012 19:27:58 +0200
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <5029391E.3060905@w3.org>
Here's the official response from the JOSE WG chair. It appears that private key export is out of scope, thus we will do ASN.1. I will clarify with them that we plan for JOSE formats to be supported by a "higher-level" API. Also some info re stability and conversion from ASN.1->JOSE. cheers, harry -------- Original Message -------- Subject: RE: JOSE WG request from W3C WebCrypto API Date: Sun, 12 Aug 2012 11:56:02 -0700 From: Jim Schaad <ietf@augustcellars.com> To: 'Harry Halpin' <hhalpin@w3.org> CC: <jose@ietf.org> > -----Original Message----- > From: Harry Halpin [mailto:hhalpin@w3.org] > Sent: Sunday, August 12, 2012 8:03 AM > To: Jim Schaad; Karen O'Donoghue; jose-chairs@tools.ietf.org; Michael Jones > Subject: JOSE WG request from W3C WebCrypto API > > [cc'ing Mike Jones and Richard Barnes, who participate inboth WGs] > > JOSE Chairs, > > The Web Cryptography Working group has noted that the API requires some > access to raw key material, and the issue of whether or not to use JWK or > ASN.1 as the default format came up. Two issues have come out that we'd > like to know the answer to: > > 1) JWK does not define a private key format. Does the JOSE WG plan to > support a JOSE-format for private keys? If so, when? Or 'maybe'? The working group policy is that there will be no private key format defined for JWK. This issue has been explicitly discussed by the working group and there are no plans to change that going forward. > > 2) While we'd like encourage the use of JOSE over ASN.1, it seems like for > backwards compatibility having some level of ASN.1 support would be useful > and we *need* a format that allows key material (both private and > public) to be exported. Folks seem to leaning towards ASN.1 as a default > format in the low-level API, and having JWK as a format that can be built on > top of that in a possible high-level API. Would that be OK? It would probably be preferable to be able to import/export private key material as ASN.1. But to allow for the import/export of public key material in either the ASN.1 or JOSE format. This would simplify the implementation efforts for JOSE developers. I don't believe that it would be good to have systems that use JOSE to need to download script that did the ASN.1 to JOSE conversions. If you supported the ASN.1 blob at the SubjectPublicKeyInfo structure level, then an independent function could be placed in systems to do the conversion between the two formats. If you make it a high-level API, I would be worried about the support level provided by browsers. > > 3) How stable do you believe the JOSE formats are right now? Do you think > they are stable enough now we can reference them in our API draft at end of > August? If not, when? The W3C would like to and plan to use these formats > where possible. There are currently no open issues for discussion on the formats for asymmetric key formats; however there are some questions about the set of algorithms and key sizes for symmetric keys. While I have no reason to believe that there will be a change in the key formats, I cannot promise that there will not be one. Jim Schaad Jose WG Chair > > Feel free to forward this by JOSE WG for discussion. We'd like an answer > before we send our document to FPWD at end of August. > > cheers, > harry
Received on Monday, 13 August 2012 17:28:07 UTC