RE: PKCS#7 digital signature in WebCrypto API from Anthony Nadalin on 2012-11-30 (public-webcrypto@w3.org from November 2012)

From: Anthony Nadalin <tonynad@microsoft.com>
Date: Fri, 30 Nov 2012 18:42:17 +0000
To: Richard Barnes <rbarnes@bbn.com>
CC: Ryan Sleevi <sleevi@google.com>, Mountie Lee <mountie.lee@mw2.or.kr>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <f26a9dff27194447a3cd750d09390acd@BY2PR03MB041.namprd03.prod.outlook.com>

I doubt it as it has been an ongoing discussion since the start of JOSE, as CMS equivalency is not a goal of the JOSE WG that is called out in the charter

-----Original Message-----
From: Richard Barnes [mailto:rbarnes@bbn.com] 
Sent: Friday, November 30, 2012 9:16 AM
To: Anthony Nadalin
Cc: Ryan Sleevi; Mountie Lee; Web Cryptography Working Group
Subject: Re: PKCS#7 digital signature in WebCrypto API

One might consider whether this is a bug in JOSE.

--Richard



On Nov 30, 2012, at 11:39 AM, Anthony Nadalin <tonynad@microsoft.com> wrote:

>> JOSE is ideologically equivalent to CMS, except using a JSON representation. 
> 
> No, JOSE does not represent the same data structures as CMS so they 
> are not equivalent
> 
> -----Original Message-----
> From: Ryan Sleevi [mailto:sleevi@google.com]
> Sent: Thursday, November 29, 2012 5:29 PM
> To: Mountie Lee
> Cc: Web Cryptography Working Group
> Subject: Re: PKCS#7 digital signature in WebCrypto API
> 
> On Thu, Nov 29, 2012 at 4:52 PM, Mountie Lee <mountie.lee@mw2.or.kr> wrote:
>> Hi.
>> 
>> is it possible to generate PKCS#7 digital signature with current API?
>> 
>> the current API spec seams supporting only PKCS#1 for digital 
>> signature format.
>> 
>> I know discussions about certificate is not on the rail.
>> but my question is
>> is our API is ready to expand supporting PKCS#7?
>> 
>> regards
>> --
>> Mountie Lee
>> 
>> PayGate
>> CTO, CISSP
>> Tel : +82 2 2140 2700
>> E-Mail : mountie@paygate.net
>> 
>> =======================================
>> PayGate Inc.
>> THE STANDARD FOR ONLINE PAYMENT
>> for Korea, Japan, China, and the World
>> 
> 
> CMS is not a signature format. It's a message encapsulation format.
> 
> JOSE is ideologically equivalent to CMS, except using a JSON representation.
> 
> Regardless, you can implement CMS with the necessary low-level primitives afforded by this API. I do not believe we should provide a high-level API for it. I view this as equivalent to the built in "built-in jQuery/MooTools/prototype.js" argument - which is to say, I do not support working on CMS, for the same reasons that no one in WEBAPPS would consider it viable to implement syntactic sugar like jQuery.
> 
> Can you point to any aspect of PKCS#7/CMS that cannot be implemented in client-side Javascript when backed with browser-provided keys?
> 
> 
> 
> 
>

Received on Friday, 30 November 2012 18:43:44 UTC