Re: PKCS#7 digital signature in WebCrypto API

One might consider whether this is a bug in JOSE.

--Richard



On Nov 30, 2012, at 11:39 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

>> JOSE is ideologically equivalent to CMS, except using a JSON representation. 
> 
> No, JOSE does not represent the same data structures as CMS so they are not equivalent 
> 
> -----Original Message-----
> From: Ryan Sleevi [mailto:sleevi@google.com] 
> Sent: Thursday, November 29, 2012 5:29 PM
> To: Mountie Lee
> Cc: Web Cryptography Working Group
> Subject: Re: PKCS#7 digital signature in WebCrypto API
> 
> On Thu, Nov 29, 2012 at 4:52 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
>> Hi.
>> 
>> is it possible to generate PKCS#7 digital signature with current API?
>> 
>> the current API spec seams supporting only PKCS#1 for digital 
>> signature format.
>> 
>> I know discussions about certificate is not on the rail.
>> but my question is
>> is our API is ready to expand supporting PKCS#7?
>> 
>> regards
>> --
>> Mountie Lee
>> 
>> PayGate
>> CTO, CISSP
>> Tel : +82 2 2140 2700
>> E-Mail : mountie@paygate.net
>> 
>> =======================================
>> PayGate Inc.
>> THE STANDARD FOR ONLINE PAYMENT
>> for Korea, Japan, China, and the World
>> 
> 
> CMS is not a signature format. It's a message encapsulation format.
> 
> JOSE is ideologically equivalent to CMS, except using a JSON representation.
> 
> Regardless, you can implement CMS with the necessary low-level primitives afforded by this API. I do not believe we should provide a high-level API for it. I view this as equivalent to the built in "built-in jQuery/MooTools/prototype.js" argument - which is to say, I do not support working on CMS, for the same reasons that no one in WEBAPPS would consider it viable to implement syntactic sugar like jQuery.
> 
> Can you point to any aspect of PKCS#7/CMS that cannot be implemented in client-side Javascript when backed with browser-provided keys?
> 
> 
> 
> 
> 

Received on Friday, 30 November 2012 17:16:37 UTC