Re: SPKI export needs additional parameter from Ryan Sleevi on 2014-02-25 (public-webcrypto@w3.org from February 2014)

From: Ryan Sleevi <sleevi@google.com>
Date: Tue, 25 Feb 2014 13:48:44 -0800
To: Jim Schaad <ietf@augustcellars.com>
Cc: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvbgn7iGc+pJTmnSQ+JCLUv4Aze=KYaNPPTnA-6Xqq0K8w@mail.gmail.com>

On Tue, Feb 25, 2014 at 1:22 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> The other response is to generate the more detailed output that you can
> possibly do.  So if  an X9.42 is imported then the same thing should be
> exported as well.
>
>
>
> Jim
>
>
>
>
>
> From: Vijay Bharadwaj [mailto:Vijay.Bharadwaj@microsoft.com]
>
> Sent: Tuesday, February 25, 2014 10:43 AM
>
> To: Jim Schaad; public-webcrypto@w3.org
>
> Subject: RE: SPKI export needs additional parameter
>
>
>
> Why not follow the credo of “Be conservative in what you send, be liberal
> in what you accept”?
>
>
>
> In other words, what if WebCrypto accepts either OID but only produces a
> specific one on export (we could pick the more specific one except when
> doing so significantly impacts compatibility)?
>
>
>
>
>

I'm not inclined to support that.

As mentioned, of the four implementations noted - CryptoAPI/CNG, OpenSSL,
NSS, and Security.framework - none support that round-trip.

You can coerce from a more specific type (X9.42) to a more general type
(PKCS#3), but once done, you get back PKCS#3.

Received on Tuesday, 25 February 2014 21:49:11 UTC