- From: Eric Roman <ericroman@google.com>
- Date: Wed, 20 Jan 2016 19:30:46 -0800
- To: Harry Halpin <hhalpin@w3.org>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAFswn4npi8BLRNiD63CSH0oYFLf_XTQ9DDy_nB-qVev+0KqYuQ@mail.gmail.com>
On Wed, Jan 20, 2016 at 7:01 PM, Harry Halpin <hhalpin@w3.org> wrote: > Here's my categorization of open public-facing bugs around Google Chrome > (42 declared, 26 relevant), Mozilla Firefox (18 declared, ), and > Microsoft Edge WebCrypto (2 declared, 1 relevant). I've tried to roughly > group them into categories: > > - Require spec changes if not fixed that cross multiple algorithms > - Algorithm support (and so spec can just drop algorithm) > > > I realize I may have missed some so if Ryan and others know of bugs that > are not in the Bugzilla or that I overlooked that would cause spec-level > changes, could you flag them? > > 1) Bugs that require spec-wide (multiple algorithm) changes if not fixed: > > a) SPKI/PKCS key import/export not interoperable: > Chrome bugs (repeat bugs): > https://code.google.com/p/chromium/issues/detail?id=532728 > https://code.google.com/p/chromium/issues/detail?id=373545 > https://code.google.com/p/chromium/issues/detail?id=389400 > Mozilla: Implement PKCS8 import/export of ECDSA keys for WebCrypto API > https://bugzilla.mozilla.org/show_bug.cgi?id=1133698 > Mozilla: Add PKCS8 import/export for DH keys to WebCrypto API > https://bugzilla.mozilla.org/show_bug.cgi?id=1159202 > Mozilla: Add PKCS8 import/export for ECDH keys to WebCrypto API > https://bugzilla.mozilla.org/show_bug.cgi?id=1048931 > Chrome: EC Private keys PKCS#8 missing parameter field: > https://code.google.com/p/chromium/issues/detail?id=506976 > > Another one to add for Chrome is (Implement raw key import/export for ECDH) https://code.google.com/p/chromium/issues/detail?id=437576 > b) JWK: > JWK "use" fields not parsed: > Edge: https://connect.microsoft.com/IE/Feedback/Details/2242108 > Chrome: https://code.google.com/p/chromium/issues/detail?id=441995 > Chrome: Optional JWK fields not typed checked: > https://code.google.com/p/chromium/issues/detail?id=385376 > Chrome: Spec Bug: References to JOSE JWA/JWK need to be updated: > https://code.google.com/p/chromium/issues/detail?id=571114 Can remove the above from consideration (it is referring to documentation, not an implementation bug) > > JWK serializer should use unpadded websafe base64 (seems fixed?) > https://code.google.com/p/chromium/issues/detail?id=364749 Can remove the above from consideration (it was about some JWK usage outside of WebCrypto) > Spec compliance: Should reject JWK if "oth" is specified (i.e. get rid of > multi-primes) > https://code.google.com/p/chromium/issues/detail?id=441396 > > c) Caching objects: > CryptoKey.usages needs to use a cached object > https://code.google.com/p/chromium/issues/detail?id=441601 > CryptoKey.algorithm needs to use a cached object > https://code.google.com/p/chromium/issues/detail?id=441604 > > d) Workers > Mozilla: [WebCryptoAPI] Enable Crypto in workers > https://bugzilla.mozilla.org/show_bug.cgi?id=842818 > > Bugs requiring algorithm level modifications (subtraction of existing > algorithms if no interop): > ------------------------------- > > Chrome: PBKDF2 accepting dervied key length of 0: > https://code.google.com/p/chromium/issues/detail?id=534964 > Chrome: Clone keys for RSA algs > https://code.google.com/p/chromium/issues/detail?id=466697 Can remove the above from consideration (it is about adding a test, not about missing functionality) > > Chrome: Verify() in Chrome not compliant (appears out of > date) > https://code.google.com/p/chromium/issues/detail?id=441870 > > Mozilla: Implement the KDFs in WebCrypto spec > https://bugzilla.mozilla.org/show_bug.cgi?id=1200341 > Mozilla: WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1 > https://bugzilla.mozilla.org/show_bug.cgi?id=1238277 > Mozilla: Enable SHA-2 test for the WebCrypto API's PBKDF2 implementation > https://bugzilla.mozilla.org/show_bug.cgi?id=1216109 > Mozilla: Implement RSA-PSS in WebCrypto API > https://bugzilla.mozilla.org/show_bug.cgi?id=1191936 > > No spec changes (but good to fix!) > -------------------------------- > Chrome: ECC not constant time: > https://code.google.com/p/chromium/issues/detail?id=481282 > > > > >
Received on Thursday, 21 January 2016 03:31:15 UTC