Re: Call for consensus: Marking spki and pkcs8 key format support as non-normative

On 08/01/2016 08:14 PM, Charles Engelke wrote:
> I'm glad we're not removing them. I'd prefer we leave them as they are
> now, and not even mark them non-normative. I've tried to follow the
> older mailing list threads, and don't really see any consensus there.
> The discussions just petered out without people converging on a shared
> viewpoint, and most of the people in those discussions haven't been on
> the list or in calls lately.
>
> I believe I understand the issues regarding deviations from the ASN.1
> spec between implementations, but those deviations have been around a
> long time and the various libraries seem to be able to share keys
> using spki and pkcs8 anyway. I'd like to leave the WebCryptoAPI
> working the same way.

Note that pkcs8 and spki support will remain in the spec, but it will
just be explicitly marked as non-normative, so I don't think this is a
problem. Taking them out will be difficult, and some developers rely on
them for legacy reasons so not having them in the spec may confuse
developers, but we should clearly recommend JWKs for future WebApps. So
I think I agree with your general analysis!
>
> Charlie
>
> On Mon, Aug 1, 2016 at 6:50 AM, Harry Halpin <hhalpin@w3.org
> <mailto:hhalpin@w3.org>> wrote:
>
>     Since there's been no objections on the list or github and two weeks
>     have passed - also with no news from Ryan Hurst and Jim Schaad re the
>     DER/BER encoding issues - we'll simply mark all uses of SPKI and
>     PKCS#8
>     as non-normative in the spec but not remove them.
>
>     We'll discuss how to phrase this during the telecon today.
>
>       cheers,
>
>          harry
>
>

Received on Monday, 1 August 2016 18:22:14 UTC