RE: New Editor's Draft Published from Lu HongQian Karen on 2012-09-04 (public-webcrypto@w3.org from September 2012)

From: Lu HongQian Karen <karen.lu@gemalto.com>
Date: Tue, 4 Sep 2012 20:44:02 +0200
To: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <1126F161F6F1B24FABD92B850CAFBD6E01A9B2736175@CROEXCFWP04.gemalto.com>
Hi Ryan,

Please see my questions below:

1.  Sec 5.1, level of abstraction "allowing rich web applications to manipulate the keys and without requiring the web application be aware of the nature of the underlying key storage." Can applications be aware of that if they want to, e.g. query for keys from a particular key store?

2.  Sec 12.3 event handler attributes, onerror, it can be helpful for applications to know what kind (high level) of error had happened, for example, invalid key. With the current spec, it is 'null'.

3.  Sec. 18, keyStorage interface, it does not have addKey. Does this mean that newly created keys will be automatically added to the key store?

Thanks,
Karen

From: Ryan Sleevi [mailto:sleevi@google.com]
Sent: Friday, August 31, 2012 3:03 PM
To: public-webcrypto@w3.org
Subject: New Editor's Draft Published

Version 1.44 has been pushed out now, a substantial update from the previous 1.21

Changes include:

- Update acknowledgements and mark the key format as a readonly attribute
- Define NamedCurve as an enumeration type. Rename the NIST curves to the more commonly used "P-256", "P-384", and "P-521".
- Add the ECPoint type for EC public keys.
- Rename EcdsaKeyGenParams to EcKeyGenParams so that it can also be used for generating ECDH key pairs.
- Fix an error in the length in bytes of an ECDSA signature.
- Specify the ECDH algorithm (incomplete).
- Add X9.63 as a normative reference and NIST SP 800-56A as an informative reference for ECDH.
- Clarify that the output of RSA/ECDSA/DH key generation is a key pair, while the output of AES key generation, DH key derivation, and PBKDF2 key derivation are Key objects.
- Add a type enum to the Key object, to disambiguate key pairs and asymmetric keys
- Add further clarification/linkification to "Terminate the/this algorithm"
- Fix typos in the BigInteger and RSA-PSS sections.
- Add the NamedCurve typedef.
- Add missing periods at the end of sentences.
- Specify the ECDSA algorithm.
- Add X9.62 as a normative reference for ECDSA.
- Add Virginie's proposed modifications to the Scope section
- Add terminology to clarify "Terminate the algorithm"
- Add text from Mark from ACTION-38, including proposed clarifications
- Add references to ISSUE-25, ISSUE-35, and ISSUE-36
- Move key tainting from the security considerations text to the editor's note, due to concerns about how it might be implemented inconsistently by user agents.
- Rename "userAttributes" to "extra", to be clear that some attributes may be predefined, as part of the KeyAttributes interface (eg: pre-provisioned keys)
- Clarify that window.crypto.keys does not require the user agent to block nor to guarantee that the underlying keying material is available.
- Resolve ISSUE-13 by adding a use case for JOSE
- Add more normative text regarding KeyAttributes and the possible values for the indexed and named attributes.
- Moved BigInteger out of Algorithms definition
- Move the Cloud Storage use case right below the Protected Document Exchange use case. Point out the similarity between them.
- Add Data Integrity Protection as a use case for signature verification. The text is contributed by Vijay Bharadwaj.
- Define the BigInteger typedef.
- Add PKCS #3 as a normative reference.
- Added text referencing ISSUE-37, related to the create* naming scheme
- Move the CryptoOperation internal state documentation to immediately follow the WebIDL, and remove a reference to "readyState" in favour of linking to the internal state.
- Rename key methods to follow the create* pattern
- Add notes for ISSUE-28, regarding the (Algorithm or DOMString) typedef for shortnames
- Add a note to ISSUE-26, noting the outstanding question regarding multi-origin key access.
- Remove Arun from editors, per ddahl
- In KeyAttributes, change "key/value pairs" to "name/value pairs".
- Add an editorial note on the current browser support of getRandomValues and clarify the length of 'array' means the 'byteLength' of 'array'.
- ACTION-37: Rename SHA-2-* to just SHA-*. Update reference to FIPS 180-4.

If I've missed any feedback, apologies - there was a lot of spirited and helpful discussion following our last conference call. Please be sure to file ISSUEs or ACTIONs (since we're not currently using Bugzilla) if there has been anything omitted.
Received on Tuesday, 4 September 2012 18:44:29 UTC