- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 20 Feb 2014 18:16:38 -0800
- To: Richard Barnes <rlb@ipv.sx>
- Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CACvaWvao09XLDYqiTNEx__oUUVkxbGm8i9CjGtvn2ZOT2R_GMQ@mail.gmail.com>
I closed this as WontFix before I saw this, so we can re-open if someone can demonstrate a compelling counter-argument. No. I strongly oppose this. "alg" is optional in JWK, it is not self-defining. pkcs8 and spki also have OPTIONAL (PSS, OAEP) params that do not guarantee a key is fully self-describing. We already have to specify all of those mappings anyways - it's necessary to ensure a key is internally consistent with the import case that the requesting party chose. That is, you already have to decide if importing an SPKI that is RSA-PSS, whether or not it's valid for the specific hash/mgf that has been chosen (eg: when PSS params are not supplied AND when they are) Even if we were to support it, I do not support adding it to "v1" - we can/should punt this down the road, as it's always possible to re-visit this as an optimization, but impossible to re-visit if we shove it in now. On Thu, Feb 20, 2014 at 5:53 PM, Richard Barnes <rlb@ipv.sx> wrote: > Note that the "pkcs8" and "spki" key types also have algorithm > identifiers. So if we do this for JWK, we might as well do it for those > key types as well. Only "raw" is, well, raw. > > The only nuance I see here would be in mapping the respective algorithm > identifiers to WebCrypto algorithm identifiers. It would be unpleasant to > have to specify all these mappings, which it seems like we would have to do > unless we all agree that the mappings are obvious. I do think that it is > the case (that the mappings are obvious), but not having thought much about > it, I'm concerned that there's some subtlety lurking. > > So while I generally agree that the API should do the right thing when it > has the information it needs (sensible defaults!), we should have some > discussion of the mapping issue to make sure we're OK. > > --Richard > > > On Thu, Feb 20, 2014 at 8:09 PM, Mark Watson <watsonm@netflix.com> wrote: > >> I filed this: >> >> Presently, the algorithm whose import key operation is executed when >> importKey is called is determined entirely by the "algorithm" parameter to >> that method. >> >> For JWK, it would in theory be possible to support: >> >> P = crypto.subtle.importKey( "jwk", jwk, null, true, [ <usages> ] ) >> >> and have the correct algorithm determined by the "alg" member of the JWK. >> >> Do we want to support this ? >> >> https://www.w3.org/Bugs/Public/show_bug.cgi?id=24759 >> >> ...Mark >> > >
Received on Friday, 21 February 2014 02:17:05 UTC