- From: Ryan Sleevi <sleevi@google.com>
- Date: Fri, 27 Sep 2013 20:02:58 -0700
- To: Mike Jones <Michael.Jones@microsoft.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
As noted on https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html you can file spec bugs at https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document That said, the document you linked shows that there is a param - the RsaOaepParams says "The has function to apply to the message". The mask generation function MGF-1 is used (as per the description). The [needs to be spelled out] is that pursuant with the RFC 3447 security guidance, the hash function / PRF function used with MGF-1 is the same as the message hash function. eg: sha1 uses mgf1withsha1, sha256 uses mgf1withsha256, etc. On Fri, Sep 27, 2013 at 7:22 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > There is a bug in http://www.w3.org/TR/WebCryptoAPI/#rsa-oaep, in which > there isn’t a parameter defined for specifying the hash function to be used. > The JWA alg “RSA-OAEP” requires this hash function to be SHA-1 (the default > from RFC 3447). This parameter needs to be added to ensure that the JWA alg > can be specified using WebCrypto, as well as to ensure that other hash > functions, such as SHA-256, can be specified. > > > > Should I file an issue about this? > > > > -- Mike > > > >
Received on Saturday, 28 September 2013 03:03:25 UTC