- From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
- Date: Tue, 25 Feb 2014 18:43:11 +0000
- To: Jim Schaad <ietf@augustcellars.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <e204079f9ec74e96825fb15c29097d4e@DFM-CO1MBX15-08.exchange.corp.microsoft.com>
Why not follow the credo of "Be conservative in what you send, be liberal in what you accept"? In other words, what if WebCrypto accepts either OID but only produces a specific one on export (we could pick the more specific one except when doing so significantly impacts compatibility)? From: Jim Schaad [mailto:ietf@augustcellars.com] Sent: Tuesday, February 25, 2014 10:13 AM To: public-webcrypto@w3.org Subject: SPKI export needs additional parameter There are going to be some interesting issues when dealing with SKPI that have not yet been raised. Some algorithms allow for multiple SPKI OID values to be specified and therefore the OID of the key is not necessarily determinate for the single algorithm that is to be used, it may in fact be a set of algorithms that can be used for a single key OID value. The opposite mapping is also not going to be one-to-one. That is a single algorithm may allow for multiple key OID values to be used for it. We have already seen this for DH, where there are two different key OIDs that can be used for the DH key agreement algorithm, specifically the PKCS#3 one and the X9.42 one. For RSA-PSS, one can use both the rsaEncryption OID for a key as well as the id-RSASSA-PSS OID. For RSA-OAEP, one can use both the rsaEncryption OID for a key as well as the id-RSAES-OAEP OID. On the import side, this is not an issue as multiple OID values can be checked in the logic and permitted. However for export this is an issue as one needs to have the ability to specify which of the OID values should be used during the export processing. This is a missing functionality that we needs to discuss adding. Jim
Received on Tuesday, 25 February 2014 18:43:54 UTC