- From: Mike Jones <Michael.Jones@microsoft.com>
- Date: Mon, 30 Sep 2013 20:19:09 +0000
- To: Ryan Sleevi <sleevi@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
I think it would be good to say that the AlgorithmIdentifier value mgf1withsha1 results in the RFC 3447 default values being used so people have a better sense how to actually call this. -- Mike -----Original Message----- From: Ryan Sleevi [mailto:sleevi@google.com] Sent: Friday, September 27, 2013 8:03 PM To: Mike Jones Cc: public-webcrypto@w3.org Subject: Re: WebCrypto OAEP specification missing hash algorithm parameter As noted on https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html you can file spec bugs at https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document That said, the document you linked shows that there is a param - the RsaOaepParams says "The has function to apply to the message". The mask generation function MGF-1 is used (as per the description). The [needs to be spelled out] is that pursuant with the RFC 3447 security guidance, the hash function / PRF function used with MGF-1 is the same as the message hash function. eg: sha1 uses mgf1withsha1, sha256 uses mgf1withsha256, etc. On Fri, Sep 27, 2013 at 7:22 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > There is a bug in http://www.w3.org/TR/WebCryptoAPI/#rsa-oaep, in > which there isn't a parameter defined for specifying the hash function to be used. > The JWA alg "RSA-OAEP" requires this hash function to be SHA-1 (the > default from RFC 3447). This parameter needs to be added to ensure > that the JWA alg can be specified using WebCrypto, as well as to > ensure that other hash functions, such as SHA-256, can be specified. > > > > Should I file an issue about this? > > > > -- Mike > > > >
Received on Monday, 30 September 2013 20:20:17 UTC