RE: [Bug 26123] New: Key ID definition should be aligned with JWK kid definition

To the extent that the WebCrypto specs use two values that are described as being key identifiers, the onus should be on the working group to make the case why they need to be incompatible with one other.  No, they aren’t the same thing, but I can easily picture use cases where it would be convenient to use the same Key ID value in both places.

The problem is that while one is a string, one is a base64 encoded representation of an octet sequence with a bounded size.  (They’re reusable in one direction, but not the other.)  Is there some good reason why both can’t just be strings?

                                                                -- Mike

From: Ryan Sleevi [mailto:sleevi@google.com]
Sent: Tuesday, June 17, 2014 3:28 PM
To: bugzilla@jessica.w3.org
Cc: public-webcrypto@w3.org; Mike Jones
Subject: Re: [Bug 26123] New: Key ID definition should be aligned with JWK kid definition


Mike,

Can you explain why they should be aligned?

Named Key and kid have no relationship. Deserializing a JWK with a kid does not yield a NamedKey, and serializing a NamedKey doesn't result in a JWK with kid set.

Further, their use of id concepts are for separate purposes.

While I have little personal interest in NamedKey, this seems like an unnecessary/unwarranted change.

If kid is going to be handled, you'd do it at the application layer - named key or not - and it would not work with wrap/unwrap.

Note that CryptoKey (not NamedKey) are equally not meant to be 1:1 relationships with JWK. They are independent.

Received on Tuesday, 17 June 2014 22:38:47 UTC