- From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
- Date: Wed, 05 Jun 2013 21:16:47 +0000
- To: public-webcrypto@w3.org
crypto-ISSUE-46: Optional algorithm parameters must have default values [crypto for Web Crypto API] http://www.w3.org/2012/webcrypto/track/issues/46 Raised by: Richard Barnes On product: crypto for Web Crypto API In the current editor's draft, several algorithm parameters are marked as optional [1], but there is no default value specified. In most cases, it is obvious enough; many should be set to an empty byte string / ArrayBufferView, for example. However, the specification should state these values to avoid ambiguity, or make them non-optional. I'll address the current parameters in three groups: First, optional attributes that should be set to the empty ArrayBufferView: RsaOaepParams.label -> Empty ArrayBufferView AesGcmParams.additionalData -> Empty ArrayBufferView ConcatParams.publicInfo -> Empty ArrayBufferView ConcatParams.privateInfo -> Empty ArrayBufferView Pbkdf2Params.password -> Empty ArrayBufferView Second, one optional attribute that should be made non-optional: AesGcmParams.iv -> Make non-optional Third, one optional attribute that could either be made non-optional or provided with a safe default: AesGcmParams.tagLength -> 128 or make non-optional On the last question, my personal preference would be to keep it optional set the default at 128, since it seems developer-hostile to require this to be specified every time. Going slightly OT, it seems like the same approach could be taken with AesCtrParams.length, making it optional and setting the default equal to 32 (the value that GCM uses). [1] Technically "nullable" in the WebIDL jargon. But having a null value is functionally equivalent to not having a value specified.
Received on Wednesday, 5 June 2013 21:16:47 UTC