W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

JOSE Last Call and ISSUE 28

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 07 Apr 2014 21:48:26 +0200
Message-ID: <5343010A.90508@w3.org>
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Before we exit Last Call we should deal with the "algorithm shortname 
for ciphersuites" issue (Issue 28) and close it officially.

Note that JOSE Web Algorithms is still in Last Call [1] as well.

Do we have any desire in particular to allow the short names used by 
JOSE in our spec, or at least clear conversion function that generates 
an Algorithm object for a given JOSE ciphersuite (so that "PS256" 
specified keys in JOSE is automagically converted to RSA-PSS using 
SHA-256/MG-1 ala http://www.w3.org/2012/webcrypto/track/issues/28?

Or do we ask JOSE to do this?

Or do we expect developers to handle this?

Also, as regards the SAAG comments, in may be useful to look at Mike's 
security concerns section [1], where he deals with the same issues 
brought up by the SAAG on WebCrypto.


[1] http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-25
Received on Monday, 7 April 2014 19:48:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:02:42 UTC