crypto-ISSUE-28: Short-names for algorithms [Web Cryptography API]

crypto-ISSUE-28: Short-names for algorithms [Web Cryptography API]

Raised by: Ryan Sleevi
On product: Web Cryptography API

As part of ACTION-7, the API was adjusted such that "AlgorithmIdentifier" was a WebIDL union of (Algorithm OR DOMString). The use of DOMString was to allow a short-hand symbolic name to be supplied for an algorithm, as opposed to requiring a complete algorithm name. The intent is that the DOMString can be translated into a qualified Algorithm that is fully initialized.

For example, a string of 'RSA-PSS-SHA1' might be translated into an Algorithm equivalent of
{ 'name': 'rsa-pss',
  'params': { 
    'hash': { 'name': 'sha1' },
    'mgf': { 'name': 'sha1' }

However, that fails to identify the saltLength passed as part of the RsaPssParams.

One option would be to encode the missing parameters as part of the string identifier, essentially adding an alternative syntax to Dictionary to pass objects. For example, 'RSA-PSS-SHA1-20', would be parsed as ('rsa-pss', (hash = mgf = 'sha1'), saltLength = 20)

Another option would be to allow the DOMString identifier to be passed as the 'name' of an Algorithm, thus permitting the following:
{ 'name': 'rsa-pss-sha1',
  'params': { 'saltLength': 20 }

Both solutions have the downside in that they're resorting to string-encoding the parameters, rather than specifying the object. However, for parameters that may be repetitive, such simplification may lead to an easier programming experience.

A third solution would be to remove short-names, as they originated in part due to a desire to use JOSE algorithm names. The result of ISSUE-13 appears to suggest this use case may not be as significant.

Received on Wednesday, 22 August 2012 20:46:31 UTC