Re: Question on set of certs and fingerprints

On Jul 3, 2015 10:59 PM, "Bernard Aboba" <>
> A. Can only the keygenAlgorithm be set? What about other aspects like key
length or hash algorithm?

The answer is yes to length and partially to hash. You need to know the
length to generate a key: WebCrypto makes that a mandatory parameter.

For hash, WebCrypto bakes the hash algorithm into the RSA key generation
parameters, but not EC for some reason. An early proposal had an extra
parameter for selecting the hash algorithm, but discussion with Ryan led to
the current form, where the browser chooses.

As a practical matter, that means if you have a decode that chokes on
SHA-256, you will be sad.

> B. Is it possible to add other attributes to the RTCCertificate
interface, such as the fingerprint?

Yes. The current form is purposefully minimal. It's easier to add things
than remove them in my experience. If we have enthusiasm for a fingerprint
attribute, I'm not opposed to adding one.

Received on Saturday, 4 July 2015 19:30:33 UTC