Parameter validation from Mark Watson on 2014-09-29 (public-webcrypto@w3.org from September 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Mon, 29 Sep 2014 15:17:56 -0700
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdDq1aOhPWUA4e0yG=OyF61Yw8_P+o+bsfvmTr6YYNWr-Q@mail.gmail.com>

All,

As discussed on the call, we have a number of bugs which deal with
parameter validation, specifically 25741, 25815, 25557 and 26741.

The common theme is that we do not know (and likely cannot assume) that
cryptographic libraries expose a distinction between parameter validation
errors and other forms of failure. If we require in our specification that
a distinction be exposed, this may require that UAs implement checks
themselves. These checks could be cryptographically sensitive (leak timing
information etc.).

My proposal is that whenever there is doubt, we should simply return
OperationError. This leaves implementations the flexibility to delegate
such checks to crypto libraries independent of the level of error
information exposed by the crypto library.

Comments ?

...Mark

Received on Monday, 29 September 2014 22:18:23 UTC