What about other certificate attributes, such as common name, subject,
issuer, etc?
Also, should application be able to limit the certificate lifetime?
Regards,
_____________
Roman Shpount
On Sat, Jul 4, 2015 at 3:30 PM, Martin Thomson <martin.thomson@gmail.com>
wrote:
>
> On Jul 3, 2015 10:59 PM, "Bernard Aboba" <Bernard.Aboba@microsoft.com>
> wrote:
> > A. Can only the keygenAlgorithm be set? What about other aspects like
> key length or hash algorithm?
>
> The answer is yes to length and partially to hash. You need to know the
> length to generate a key: WebCrypto makes that a mandatory parameter.
>
> For hash, WebCrypto bakes the hash algorithm into the RSA key generation
> parameters, but not EC for some reason. An early proposal had an extra
> parameter for selecting the hash algorithm, but discussion with Ryan led to
> the current form, where the browser chooses.
>
> As a practical matter, that means if you have a decode that chokes on
> SHA-256, you will be sad.
>
> > B. Is it possible to add other attributes to the RTCCertificate
> interface, such as the fingerprint?
>
> Yes. The current form is purposefully minimal. It's easier to add things
> than remove them in my experience. If we have enthusiasm for a fingerprint
> attribute, I'm not opposed to adding one.
>