On Tue, Feb 25, 2014 at 1:22 PM, Jim Schaad <ietf@augustcellars.com> wrote:
> The other response is to generate the more detailed output that you can
> possibly do. So if an X9.42 is imported then the same thing should be
> exported as well.
>
>
>
> Jim
>
>
>
>
>
> From: Vijay Bharadwaj [mailto:Vijay.Bharadwaj@microsoft.com]
>
> Sent: Tuesday, February 25, 2014 10:43 AM
>
> To: Jim Schaad; public-webcrypto@w3.org
>
> Subject: RE: SPKI export needs additional parameter
>
>
>
> Why not follow the credo of “Be conservative in what you send, be liberal
> in what you accept”?
>
>
>
> In other words, what if WebCrypto accepts either OID but only produces a
> specific one on export (we could pick the more specific one except when
> doing so significantly impacts compatibility)?
>
>
>
>
>
I'm not inclined to support that.
As mentioned, of the four implementations noted - CryptoAPI/CNG, OpenSSL,
NSS, and Security.framework - none support that round-trip.
You can coerce from a more specific type (X9.42) to a more general type
(PKCS#3), but once done, you get back PKCS#3.