- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 07 Apr 2014 21:48:26 +0200
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Before we exit Last Call we should deal with the "algorithm shortname
for ciphersuites" issue (Issue 28) and close it officially.
Note that JOSE Web Algorithms is still in Last Call [1] as well.
Do we have any desire in particular to allow the short names used by
JOSE in our spec, or at least clear conversion function that generates
an Algorithm object for a given JOSE ciphersuite (so that "PS256"
specified keys in JOSE is automagically converted to RSA-PSS using
SHA-256/MG-1 ala http://www.w3.org/2012/webcrypto/track/issues/28?
Or do we ask JOSE to do this?
Or do we expect developers to handle this?
Also, as regards the SAAG comments, in may be useful to look at Mike's
security concerns section [1], where he deals with the same issues
brought up by the SAAG on WebCrypto.
cheers,
harry
[1] http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-25
Received on Monday, 7 April 2014 19:48:30 UTC