W3C home > Mailing lists > Public > public-webcrypto@w3.org > March 2014

Re: Comments Section RSA-SSA - March 7 draft

From: Ryan Sleevi <sleevi@google.com>
Date: Fri, 7 Mar 2014 11:09:40 -0800
Message-ID: <CACvaWvYy0SDijT+7HTGbR5eWRtdfKkxfg-wUwUpk0gA4hmVGQA@mail.gmail.com>
To: Jim Schaad <ietf@augustcellars.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Fri, Mar 7, 2014 at 10:11 AM, Jim Schaad <ietf@augustcellars.com> wrote:

> 1. Generate Key appears to allow for the generation of just one side of an
> asymmetric key.  I am not sure why this should ever be the case.   I think
> step 3 needs to be change to "If usages is not "sign" and "verify", then
> return an error named DataError."
>

Agreed.


>
> 2. There is a major disconnect in the import of spki structures.
> rsaEncryption is a subject public key info OID.  sha1WithRSAEncryption is a
> signature algorithm OID and is not a subject public key info OID.  As such
> you are changing the specifications of a lot of external code if you use it
> that way.
>

There is what the spec says, and there is what reality is.

We are liberal in what we accept. There are a number of (misbehaving)
systems that generate such public keys.

We are restricted in what we generate - we will ONLY export rsaEncryption
OID.


>
> 3. I have always wondered if one should not be able to get a KeyPair
> returned from the importKey.  There would be one entry for importing a
> public key and two for importing a private key.  The data for doing the
> public key is always present when importing a private key.
>

In the case of RSA and ECC, and with PKCS#8 and JWK, this is true - and is
something I considered.


>
> 4.  If hash is not supported by system then return an error NotSupported -
> probably in generate and import both
>

This was done for OAEP and PSS. Unless I missed a place.


>
> 5.  Behavior if hash is undefined for export of jwk should be to not set
> the
> alg field, not to return an error.
>

hash can never be undefined for export of jwk. hash is a property of the
key, and the key always has this property when it was generated.

Perhaps you can more specifically refer to what you're talking about?


>
> Jim
>
>
>
>
Received on Friday, 7 March 2014 19:10:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:02:41 UTC