- From: Richard Barnes <rbarnes@bbn.com>
- Date: Fri, 18 Jan 2013 15:24:01 -0500
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Jan 18, 2013, at 2:57 PM, Ryan Sleevi <sleevi@google.com> wrote: > On Fri, Jan 18, 2013 at 11:53 AM, Richard Barnes <rbarnes@bbn.com> wrote: >> Another way to solve this would be to kick the algorithm ID specification over to JOSE. ISTM that it would be a good idea in general for the two groups to use the same algorithm identifiers. >> >> --Richard > > I thought we'd firmly put that to bed already as something we were NOT > doing, because it's very clear that: > > 1) JOSE is generally concerned with cipher SUITES, not algorithms > 2) JOSE algorithms do not reflect all of the necessary inputs to > execute algorithms > > Kicking it to JOSE is something that I definitely would object to. I disagree that those points are clear. 1) JOSE doesn't deal with suites in the same way that, say, TLS does. "Suite" implies that a bunch of algorithm for different purposes are lumped together. All the current JOSE syntax is compress things that would be in the same algorithm identifier anyway in the current WebCrypto syntax. 2) JOSE *algorithm identifiers* don't reflect all the necessary information, but that's only because the information is elsewhere in the JOSE object. The same information is there. (After all, the recipient of the object has to execute the algorithm!) And honestly, I would be willing to argue for making this clearer in the JOSE spec. The difference is less than people think. I've provided a couple of examples of the equivalences in my email to Harry. --Richard
Received on Friday, 18 January 2013 20:24:28 UTC