ISSUE-12: Should the API distinguish between algorithm and operation parameters?

Should the API distinguish between algorithm and operation parameters?

State:
CLOSED
Product:
usability for Web Crypto API
Raised by:
Ryan Sleevi
Opened on:
2012-08-06
Description:
During the July Face-to-Face, concern was raised about the fact that, as currently specified in the 1.10 draft, the AlgorithmParams does not make a distinction between algorithm-specific parameters and operation-specific parameters.

An example of this is seen by examining the AES-CTR definition. The initial value of the counter ('counter') is something that is operation-specific, whereas the length of the counter ('length') is seen to be algorithm-specific. For a given protocol that uses AES-CTR, the counter length is expected to remain constant for all operations, while the actual value of the counter is expected to change (such as from message to message)

Similarly, for RSA-OAEP, the hash ('hash') and mask generation function ('mgf') may be constant for multiple operations, whereas the authenticated data ('label') may change from operation to operation.

The question was raised as to whether the methods on the Crypto interface should take a separate dictionary of parameters.
Related Actions Items:
Related emails:
  1. W3C Web Crypto WG - progressing on ISSUE-12 and action-83 (from Virginie.GALINDO@gemalto.com on 2014-01-13)
  2. ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from Virginie.GALINDO@gemalto.com on 2013-11-27)
  3. ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from Vijay.Bharadwaj@microsoft.com on 2013-11-14)
  4. Re: Dan Boneh's comments (from hhalpin@w3.org on 2013-10-22)
  5. Re: Dan Boneh's comments (from sleevi@google.com on 2013-10-15)
  6. RE: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from ietf@augustcellars.com on 2013-07-20)
  7. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from rbarnes@bbn.com on 2013-07-19)
  8. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from sleevi@google.com on 2013-07-19)
  9. RE: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from ietf@augustcellars.com on 2013-07-19)
  10. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from watsonm@netflix.com on 2013-07-18)
  11. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from sleevi@google.com on 2013-07-18)
  12. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from sleevi@google.com on 2013-07-18)
  13. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from watsonm@netflix.com on 2013-06-08)
  14. Re: ISSUE-12 / ACTION-83: Operation vs. Algorithm parameters (from rbarnes@bbn.com on 2013-06-07)
  15. Re: ISSUE-35 - Wrap/Unwrap - Why JOSE? (from watsonm@netflix.com on 2013-04-27)
  16. Re: ISSUE-35 - Wrap/Unwrap - Why JOSE? (from sleevi@google.com on 2013-04-26)
  17. Re: PROPOSAL for ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from sleevi@google.com on 2013-04-22)
  18. Re: PROPOSAL for ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from watsonm@netflix.com on 2013-04-22)
  19. Re: PROPOSAL for ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from sleevi@google.com on 2013-04-22)
  20. PROPOSAL for ISSUE-12: Should the API distinguish between algorithm and operation parameters? (from watsonm@netflix.com on 2013-04-22)
  21. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from sleevi@google.com on 2013-04-15)
  22. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-04-15)
  23. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from sleevi@google.com on 2013-04-15)
  24. RE: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from Vijay.Bharadwaj@microsoft.com on 2013-04-02)
  25. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from sleevi@google.com on 2013-04-02)
  26. RE: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from Michael.Jones@microsoft.com on 2013-04-02)
  27. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-04-02)
  28. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from rbarnes@bbn.com on 2013-04-02)
  29. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-04-02)
  30. RE: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from Vijay.Bharadwaj@microsoft.com on 2013-04-02)
  31. Re: FW: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-04-01)
  32. Re: FW: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from sleevi@google.com on 2013-03-31)
  33. FW: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from Virginie.GALINDO@gemalto.com on 2013-03-31)
  34. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-03-30)
  35. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from rbarnes@bbn.com on 2013-03-29)
  36. Re: AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-03-29)
  37. AlgorithmIdentifier in encrypt/decrypt/sign/verify operations (from watsonm@netflix.com on 2013-03-27)
  38. trackbot can now associate ACTIONs and ISSUEs with products (from Virginie.GALINDO@gemalto.com on 2013-02-04)
  39. Re: baseKey argument to createKeyDeriver (from sleevi@google.com on 2012-10-29)
  40. baseKey argument to createKeyDeriver (from watsonm@netflix.com on 2012-10-25)
  41. Re: JS code examples for ACTION 43 (from sleevi@google.com on 2012-09-07)
  42. RE: JS code examples for ACTION 43 (from Vijay.Bharadwaj@microsoft.com on 2012-09-07)
  43. Re: crypto-ISSUE-37: Method naming [Web Cryptography API] (from sleevi@google.com on 2012-08-28)
  44. RE: crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from Michael.Jones@microsoft.com on 2012-08-27)
  45. RE: crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from Vijay.Bharadwaj@microsoft.com on 2012-08-27)
  46. Re: crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from sleevi@google.com on 2012-08-17)
  47. RE: crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from Vijay.Bharadwaj@microsoft.com on 2012-08-13)
  48. crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from sysbot+tracker@w3.org on 2012-08-06)
  49. Re: crypto-ISSUE-12: Should the API distinguish between algorithm and operation parameters? [Web Cryptography API] (from sleevi@google.com on 2012-08-05)

Related notes:

[rigo]: 88% of apps studied made some sort of bad parameter / algorithm choice

14 Nov 2013, 06:39:19

During the Shenzhen F2F meeting the web crypto wg decided the following resolution
PROPOSAL: Keep ISSUE-12 open. Resolve this in 2 weeks following feedback from rbarnes and vgb

Virginie GALINDO, 27 Nov 2013, 13:38:14

From F2F meeting in Shenzhe,
PROPOSAL: Keep ISSUE-12 open. Resolve this in 2 weeks following feedback from rbarnes and vgb

Virginie GALINDO, 27 Nov 2013, 13:38:53

During the call of the 10th of feb 2014, the wg decided to close that issue as no further contribution was made to implement the split between algo and operation parameters.

Virginie GALINDO, 13 Feb 2014, 08:58:27

Display change log ATOM feed


Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 12.html,v 1.1 2017/02/13 16:16:49 ted Exp $