- From: Harry Halpin <hhalpin@w3.org>
- Date: Wed, 20 Jan 2016 22:01:25 -0500
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Here's my categorization of open public-facing bugs around Google Chrome (42 declared, 26 relevant), Mozilla Firefox (18 declared, ), and Microsoft Edge WebCrypto (2 declared, 1 relevant). I've tried to roughly group them into categories: - Require spec changes if not fixed that cross multiple algorithms - Algorithm support (and so spec can just drop algorithm) I realize I may have missed some so if Ryan and others know of bugs that are not in the Bugzilla or that I overlooked that would cause spec-level changes, could you flag them? 1) Bugs that require spec-wide (multiple algorithm) changes if not fixed: a) SPKI/PKCS key import/export not interoperable: Chrome bugs (repeat bugs): https://code.google.com/p/chromium/issues/detail?id=532728 https://code.google.com/p/chromium/issues/detail?id=373545 https://code.google.com/p/chromium/issues/detail?id=389400 Mozilla: Implement PKCS8 import/export of ECDSA keys for WebCrypto API https://bugzilla.mozilla.org/show_bug.cgi?id=1133698 Mozilla: Add PKCS8 import/export for DH keys to WebCrypto API https://bugzilla.mozilla.org/show_bug.cgi?id=1159202 Mozilla: Add PKCS8 import/export for ECDH keys to WebCrypto API https://bugzilla.mozilla.org/show_bug.cgi?id=1048931 Chrome: EC Private keys PKCS#8 missing parameter field: https://code.google.com/p/chromium/issues/detail?id=506976 b) JWK: JWK "use" fields not parsed: Edge: https://connect.microsoft.com/IE/Feedback/Details/2242108 Chrome: https://code.google.com/p/chromium/issues/detail?id=441995 Chrome: Optional JWK fields not typed checked: https://code.google.com/p/chromium/issues/detail?id=385376 Chrome: Spec Bug: References to JOSE JWA/JWK need to be updated: https://code.google.com/p/chromium/issues/detail?id=571114 JWK serializer should use unpadded websafe base64 (seems fixed?) https://code.google.com/p/chromium/issues/detail?id=364749 Spec compliance: Should reject JWK if "oth" is specified (i.e. get rid of multi-primes) https://code.google.com/p/chromium/issues/detail?id=441396 c) Caching objects: CryptoKey.usages needs to use a cached object https://code.google.com/p/chromium/issues/detail?id=441601 CryptoKey.algorithm needs to use a cached object https://code.google.com/p/chromium/issues/detail?id=441604 d) Workers Mozilla: [WebCryptoAPI] Enable Crypto in workers https://bugzilla.mozilla.org/show_bug.cgi?id=842818 Bugs requiring algorithm level modifications (subtraction of existing algorithms if no interop): ------------------------------- Chrome: PBKDF2 accepting dervied key length of 0: https://code.google.com/p/chromium/issues/detail?id=534964 Chrome: Clone keys for RSA algs https://code.google.com/p/chromium/issues/detail?id=466697 Chrome: Verify() in Chrome not compliant (appears out of date) https://code.google.com/p/chromium/issues/detail?id=441870 Mozilla: Implement the KDFs in WebCrypto spec https://bugzilla.mozilla.org/show_bug.cgi?id=1200341 Mozilla: WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1238277 Mozilla: Enable SHA-2 test for the WebCrypto API's PBKDF2 implementation https://bugzilla.mozilla.org/show_bug.cgi?id=1216109 Mozilla: Implement RSA-PSS in WebCrypto API https://bugzilla.mozilla.org/show_bug.cgi?id=1191936 No spec changes (but good to fix!) -------------------------------- Chrome: ECC not constant time: https://code.google.com/p/chromium/issues/detail?id=481282
Received on Thursday, 21 January 2016 03:01:30 UTC