W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2016

Re: Open implementation bugs that effect spec

From: Eric Roman <ericroman@google.com>
Date: Wed, 20 Jan 2016 19:30:46 -0800
Message-ID: <CAFswn4npi8BLRNiD63CSH0oYFLf_XTQ9DDy_nB-qVev+0KqYuQ@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Jan 20, 2016 at 7:01 PM, Harry Halpin <hhalpin@w3.org> wrote:

> Here's my categorization of open public-facing bugs around Google Chrome
> (42 declared, 26 relevant), Mozilla Firefox (18 declared, ), and
> Microsoft Edge WebCrypto  (2 declared, 1 relevant). I've tried to roughly
> group them into categories:
>
> - Require spec changes if not fixed that cross multiple algorithms
> - Algorithm support (and so spec can just drop algorithm)
>
>
> I realize I may have missed some so if Ryan and others know of bugs that
> are not in the Bugzilla or that I overlooked that would cause spec-level
> changes, could you flag them?
>
> 1) Bugs that require spec-wide (multiple algorithm) changes if not fixed:
>
> a) SPKI/PKCS key import/export not interoperable:
> Chrome bugs (repeat bugs):
> https://code.google.com/p/chromium/issues/detail?id=532728
> https://code.google.com/p/chromium/issues/detail?id=373545
> https://code.google.com/p/chromium/issues/detail?id=389400
> Mozilla: Implement PKCS8 import/export of ECDSA keys for WebCrypto API
> https://bugzilla.mozilla.org/show_bug.cgi?id=1133698
> Mozilla: Add PKCS8 import/export for DH keys to WebCrypto API
> https://bugzilla.mozilla.org/show_bug.cgi?id=1159202
> Mozilla: Add PKCS8 import/export for ECDH keys to WebCrypto API
> https://bugzilla.mozilla.org/show_bug.cgi?id=1048931
> Chrome: EC Private keys PKCS#8 missing parameter field:
> https://code.google.com/p/chromium/issues/detail?id=506976
>
>
Another one to add for Chrome is (Implement raw key import/export for ECDH)
https://code.google.com/p/chromium/issues/detail?id=437576


> b) JWK:
> JWK "use" fields not parsed:
> Edge: https://connect.microsoft.com/IE/Feedback/Details/2242108
> Chrome: https://code.google.com/p/chromium/issues/detail?id=441995
> Chrome: Optional JWK fields not typed checked:
> https://code.google.com/p/chromium/issues/detail?id=385376
> Chrome: Spec Bug: References to JOSE JWA/JWK need to be updated:
> https://code.google.com/p/chromium/issues/detail?id=571114


Can remove the above from consideration
(it is referring to documentation, not an implementation bug)

>
> JWK serializer should use unpadded websafe base64 (seems fixed?)
> https://code.google.com/p/chromium/issues/detail?id=364749


Can remove the above from consideration
(it was about some JWK usage outside of WebCrypto)


> Spec compliance: Should reject JWK if "oth" is specified (i.e. get rid of
> multi-primes)
> https://code.google.com/p/chromium/issues/detail?id=441396
>
> c) Caching objects:
> CryptoKey.usages needs to use a cached object
> https://code.google.com/p/chromium/issues/detail?id=441601
> CryptoKey.algorithm needs to use a cached object
> https://code.google.com/p/chromium/issues/detail?id=441604
>
> d) Workers
> Mozilla: [WebCryptoAPI] Enable Crypto in workers
> https://bugzilla.mozilla.org/show_bug.cgi?id=842818
>
> Bugs requiring algorithm level modifications (subtraction of existing
> algorithms if no interop):
> -------------------------------
>
> Chrome: PBKDF2 accepting dervied key length of 0:
> https://code.google.com/p/chromium/issues/detail?id=534964
> Chrome: Clone keys for RSA algs
> https://code.google.com/p/chromium/issues/detail?id=466697


Can remove the above from consideration
(it is about adding a test, not about missing functionality)


>
> Chrome: Verify() in Chrome not compliant (appears out of
> date)
> https://code.google.com/p/chromium/issues/detail?id=441870
>
> Mozilla: Implement the KDFs in WebCrypto spec
> https://bugzilla.mozilla.org/show_bug.cgi?id=1200341
> Mozilla: WebCrypto API doesn't support PBKDF2 with PRFs other than SHA-1
> https://bugzilla.mozilla.org/show_bug.cgi?id=1238277
> Mozilla: Enable SHA-2 test for the WebCrypto API's PBKDF2 implementation
> https://bugzilla.mozilla.org/show_bug.cgi?id=1216109
> Mozilla: Implement RSA-PSS in WebCrypto API
> https://bugzilla.mozilla.org/show_bug.cgi?id=1191936
>
> No spec changes (but good to fix!)
> --------------------------------
> Chrome: ECC not constant time:
> https://code.google.com/p/chromium/issues/detail?id=481282
>
>
>
>
>
Received on Thursday, 21 January 2016 03:31:15 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:03:03 UTC