Re: Question on set of certs and fingerprints

What about other certificate attributes, such as common name, subject,
issuer, etc?

Also, should application be able to limit the certificate lifetime?

Roman Shpount

On Sat, Jul 4, 2015 at 3:30 PM, Martin Thomson <>

> On Jul 3, 2015 10:59 PM, "Bernard Aboba" <>
> wrote:
> > A. Can only the keygenAlgorithm be set? What about other aspects like
> key length or hash algorithm?
> The answer is yes to length and partially to hash. You need to know the
> length to generate a key: WebCrypto makes that a mandatory parameter.
> For hash, WebCrypto bakes the hash algorithm into the RSA key generation
> parameters, but not EC for some reason. An early proposal had an extra
> parameter for selecting the hash algorithm, but discussion with Ryan led to
> the current form, where the browser chooses.
> As a practical matter, that means if you have a decode that chokes on
> SHA-256, you will be sad.
> > B. Is it possible to add other attributes to the RTCCertificate
> interface, such as the fingerprint?
> Yes. The current form is purposefully minimal. It's easier to add things
> than remove them in my experience. If we have enthusiasm for a fingerprint
> attribute, I'm not opposed to adding one.

Received on Monday, 6 July 2015 18:01:06 UTC