RE: PKCS#7 digital signature in WebCrypto API

> JOSE is ideologically equivalent to CMS, except using a JSON representation. 

No, JOSE does not represent the same data structures as CMS so they are not equivalent 

-----Original Message-----
From: Ryan Sleevi [mailto:sleevi@google.com] 
Sent: Thursday, November 29, 2012 5:29 PM
To: Mountie Lee
Cc: Web Cryptography Working Group
Subject: Re: PKCS#7 digital signature in WebCrypto API

On Thu, Nov 29, 2012 at 4:52 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
> Hi.
>
> is it possible to generate PKCS#7 digital signature with current API?
>
> the current API spec seams supporting only PKCS#1 for digital 
> signature format.
>
> I know discussions about certificate is not on the rail.
> but my question is
> is our API is ready to expand supporting PKCS#7?
>
> regards
> --
> Mountie Lee
>
> PayGate
> CTO, CISSP
> Tel : +82 2 2140 2700
> E-Mail : mountie@paygate.net
>
> =======================================
> PayGate Inc.
> THE STANDARD FOR ONLINE PAYMENT
> for Korea, Japan, China, and the World
>

CMS is not a signature format. It's a message encapsulation format.

JOSE is ideologically equivalent to CMS, except using a JSON representation.

Regardless, you can implement CMS with the necessary low-level primitives afforded by this API. I do not believe we should provide a high-level API for it. I view this as equivalent to the built in "built-in jQuery/MooTools/prototype.js" argument - which is to say, I do not support working on CMS, for the same reasons that no one in WEBAPPS would consider it viable to implement syntactic sugar like jQuery.

Can you point to any aspect of PKCS#7/CMS that cannot be implemented in client-side Javascript when backed with browser-provided keys?

Received on Friday, 30 November 2012 16:44:23 UTC