- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 8 Jul 2013 10:44:22 -0700
- To: Arun Ranganathan <arun@mozilla.com>
- Cc: "Web Cryptography Working Group (public-webcrypto@w3.org)" <public-webcrypto@w3.org>
On Mon, Jul 8, 2013 at 6:56 AM, Arun Ranganathan <arun@mozilla.com> wrote: <snip> > 2. I think the WebCrypto API's CryptoOperationData should include the possibility of JWK as JSON. Maybe: > > typedef (ArrayBuffer or ArrayBufferView or DOMString) CryptoOperationData; > > But we should restrict it to be used only for import/export. <snip> This has been something that's been discussed in the past, under ACTION-22. My fear is that it opens up a slippery slope. Presumably wrap/unwrap would also desire to be able to use JWE serializations (should it permit both compact and JSON? How should it be distinguished? Additional types?) Another thought would be to specify parallel WebIDL interfaces for JWE/JWK, then allow the caller to either call JSON.parse (optionally with a custom reviver) or to handle formatting the JWE into the JSON form (eg: not accepting the compact serialization at all). Importing with JWK would *only* take these interfaces then. That is, solving the problem a different way, by not allowing ArrayBuffer/ArrayBufferView (which then requires conversion into code units, into a string, into something that can be JSON.parsed).
Received on Monday, 8 July 2013 17:44:49 UTC