- From: Richard Barnes <rlb@ipv.sx>
- Date: Thu, 4 Sep 2014 10:09:49 -0400
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Received on Thursday, 4 September 2014 14:10:21 UTC
In implementing ECDH and ECDSA, we've come across an issue that is unclear in the spec. It's also unclear how to resolve it, so I thought I would bring it up on the list before filing a bug. In cases where an EC public key is being imported ("spki", "raw", "jwk"), it is possible for the importer to provide an elliptic curve point that is not on the curve. It seems like there are two options for how WebCrypto should behave in such a case: 1. Reject at import, presumably with DataError. 2. Reject at sign() / deriveBits() time (since these operations cannot be completed with points not on the curve) In an ideal world, I would prefer (1), in the spirit of failing fast. (Apparently, X9.62 also requires this, at least according to a comment in the OpenSSL source code.) However, at least in Firefox/NSS, it is much simpler to implement (2). Either way, the spec should say something about what to do in this case. Thoughts? Thanks, --Richard
Received on Thursday, 4 September 2014 14:10:21 UTC