[Bug 25815] Spec encourages unsafe handling of secret data for JWK import of RSA/ECC keys from bugzilla@jessica.w3.org on 2014-10-16 (public-webcrypto@w3.org from October 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 16 Oct 2014 00:29:43 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25815-7213-OnEfBWsfoN@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25815

--- Comment #5 from Mark Watson <watsonm@netflix.com> ---
In fact, there is actually only one example where import / export returns
OperationError other than for the "underlying key material cannot be accessed"
on export.

This is for AES CMAC import where it does a check of the length of the data.

So, it may actually be more convenient - and still very reasonable - to
normalize on DataError for import.

With this change and Bug 25741 the situation will be as follows:

- Encrypt/Decrypt/Sign/Verify operations all return OperationError for all
parameter validation.
- Import operations will always return DataError for all parameter validation.

It remains to check Generate (which I think should normalize on OperationError)
and Export (which doesn't encounter anything not easily detectable by the UA).

So, DataError for import ?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 16 October 2014 00:29:44 UTC