[Bug 26315] New: ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous from bugzilla@jessica.w3.org on 2014-07-12 (public-webcrypto@w3.org from July 2014)

From: <bugzilla@jessica.w3.org>
Date: Sat, 12 Jul 2014 01:25:19 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26315-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26315

            Bug ID: 26315
           Summary: ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: sleevi@google.com
                CC: bal@microsoft.com, public-webcrypto@w3.org

Raised by Brian on 

The current (
https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html )
spec language for ECDSA/ECDH handling of EC keys states

"If params is not an instance of the namedCurve ASN.1 type defined in RFC 5480"

This was seen as confusing. The intent was to specify that of the choice of
ECParameters, only the namedCurve choice was acceptable (e.g. implicitCurve and
specifiedCurve) are NOT supported.

As Brian interpreted, and as others may reasonably do so, this was seen as
constraining the contents of the OIDs to those specified in 2.1.1.1 of RFC 5480
( http://tools.ietf.org/html/rfc5480#section-2.1.1.1 ). While 2.1.1.1 is clear
to indicate other specifications may describe additional types, it's still
ambiguous because WebCrypto may choose to allow OIDs for which no
specifications updating 5480 exist - e.g. the NUMS curves

One possible language modification is
"If params is an instance of the ECParameters ASN.1 type that specifies a
namedCurve"

but that may still be seen as ambiguous.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Saturday, 12 July 2014 01:25:20 UTC