W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2016

Open implementation bugs that effect spec

From: Harry Halpin <hhalpin@w3.org>
Date: Wed, 20 Jan 2016 22:01:25 -0500
Message-ID: <56A04A05.8090601@w3.org>
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Here's my categorization of open public-facing bugs around Google Chrome
(42 declared, 26 relevant), Mozilla Firefox (18 declared, ), and
Microsoft Edge WebCrypto  (2 declared, 1 relevant). I've tried to roughly 
group them into categories:

- Require spec changes if not fixed that cross multiple algorithms 
- Algorithm support (and so spec can just drop algorithm) 


I realize I may have missed some so if Ryan and others know of bugs that are not in the Bugzilla or that I overlooked that would cause spec-level changes, could you flag them?

1) Bugs that require spec-wide (multiple algorithm) changes if not fixed:

a) SPKI/PKCS key import/export not interoperable:
Chrome bugs (repeat bugs):
https://code.google.com/p/chromium/issues/detail?id=532728
https://code.google.com/p/chromium/issues/detail?id=373545
https://code.google.com/p/chromium/issues/detail?id=389400
Mozilla: Implement PKCS8 import/export of ECDSA keys for WebCrypto API 
https://bugzilla.mozilla.org/show_bug.cgi?id=1133698
Mozilla: Add PKCS8 import/export for DH keys to WebCrypto API 
https://bugzilla.mozilla.org/show_bug.cgi?id=1159202
Mozilla: Add PKCS8 import/export for ECDH keys to WebCrypto API 
https://bugzilla.mozilla.org/show_bug.cgi?id=1048931
Chrome: EC Private keys PKCS#8 missing parameter field:
https://code.google.com/p/chromium/issues/detail?id=506976


b) JWK:
JWK "use" fields not parsed:
Edge: https://connect.microsoft.com/IE/Feedback/Details/2242108
Chrome: https://code.google.com/p/chromium/issues/detail?id=441995
Chrome: Optional JWK fields not typed checked:
https://code.google.com/p/chromium/issues/detail?id=385376
Chrome: Spec Bug: References to JOSE JWA/JWK need to be updated:
https://code.google.com/p/chromium/issues/detail?id=571114
JWK serializer should use unpadded websafe base64 (seems fixed?)
https://code.google.com/p/chromium/issues/detail?id=364749
Spec compliance: Should reject JWK if "oth" is specified (i.e. get rid of multi-primes)
https://code.google.com/p/chromium/issues/detail?id=441396

c) Caching objects:
CryptoKey.usages needs to use a cached object
https://code.google.com/p/chromium/issues/detail?id=441601
CryptoKey.algorithm needs to use a cached object 
https://code.google.com/p/chromium/issues/detail?id=441604

d) Workers
Mozilla: [WebCryptoAPI] Enable Crypto in workers 
https://bugzilla.mozilla.org/show_bug.cgi?id=842818

Bugs requiring algorithm level modifications (subtraction of existing algorithms if no interop):  
-------------------------------

Chrome: PBKDF2 accepting dervied key length of 0:
https://code.google.com/p/chromium/issues/detail?id=534964
Chrome: Clone keys for RSA algs
https://code.google.com/p/chromium/issues/detail?id=466697
Chrome: Verify() in Chrome not compliant (appears out of
date)
https://code.google.com/p/chromium/issues/detail?id=441870

Mozilla: Implement the KDFs in WebCrypto spec 
https://bugzilla.mozilla.org/show_bug.cgi?id=1200341
Mozilla: WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1
https://bugzilla.mozilla.org/show_bug.cgi?id=1238277
Mozilla: Enable SHA-2 test for the WebCrypto API's PBKDF2 implementation
https://bugzilla.mozilla.org/show_bug.cgi?id=1216109
Mozilla: Implement RSA-PSS in WebCrypto API 
https://bugzilla.mozilla.org/show_bug.cgi?id=1191936

No spec changes (but good to fix!)
--------------------------------
Chrome: ECC not constant time:
https://code.google.com/p/chromium/issues/detail?id=481282
Received on Thursday, 21 January 2016 03:01:30 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:03:03 UTC