W3C home > Mailing lists > Public > public-webrtc@w3.org > July 2015

Re: Question on set of certs and fingerprints

From: Roman Shpount <roman@telurix.com>
Date: Mon, 6 Jul 2015 14:00:36 -0400
Message-ID: <CAD5OKxvBhVvygwqDDgktLgUkQGFX00yWs7uU6MQrLeQ1Y4K_7g@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Bernard Aboba <Bernard.Aboba@microsoft.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>, Stefan Hakansson LK <stefan.lk.hakansson@ericsson.com>
What about other certificate attributes, such as common name, subject,
issuer, etc?

Also, should application be able to limit the certificate lifetime?

Regards,
_____________
Roman Shpount

On Sat, Jul 4, 2015 at 3:30 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:

>
> On Jul 3, 2015 10:59 PM, "Bernard Aboba" <Bernard.Aboba@microsoft.com>
> wrote:
> > A. Can only the keygenAlgorithm be set? What about other aspects like
> key length or hash algorithm?
>
> The answer is yes to length and partially to hash. You need to know the
> length to generate a key: WebCrypto makes that a mandatory parameter.
>
> For hash, WebCrypto bakes the hash algorithm into the RSA key generation
> parameters, but not EC for some reason. An early proposal had an extra
> parameter for selecting the hash algorithm, but discussion with Ryan led to
> the current form, where the browser chooses.
>
> As a practical matter, that means if you have a decode that chokes on
> SHA-256, you will be sad.
>
> > B. Is it possible to add other attributes to the RTCCertificate
> interface, such as the fingerprint?
>
> Yes. The current form is purposefully minimal. It's easier to add things
> than remove them in my experience. If we have enthusiasm for a fingerprint
> attribute, I'm not opposed to adding one.
>
Received on Monday, 6 July 2015 18:01:06 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:45 UTC