RE: W3C Web Crypto WG - progressing on ISSUE-36 from Vijay Bharadwaj on 2014-01-14 (public-webcrypto@w3.org from January 2014)

From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Date: Tue, 14 Jan 2014 17:39:07 +0000
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <6409b43599ed41eeb3a528cdb06f968c@DFM-CO1MBX15-08.exchange.corp.microsoft.com>

I think you are referring to the email where I raised these two issues:


1.      I am leery of the password parameter in the AlgorithmIdentifier for PBKDF2. This is key material and I think we should be very careful about putting key material in identifiers. As mentioned in the other thread I would prefer something like importKey to create a Key here.


? I don't recall the discussion we had about this and I can't find the Shenzhen minutes. Does anyone else remember?

2.      For deriveKey and generateKey, I am not sure I understand the algorithm descriptions. Nowhere does either description say that these methods should construct and return a Key object. Shouldn't the penultimate step be something like "Let keyMaterial be the result of executing the key generation algorithm defined by the algorithm indicated in normalizedAlgorithm, and result be a Key object obtained by executing the importKey procedure with format set to "raw", keyData set to keyMaterial, and algorithm to derivedKeyType"?


? This was addressed on the call - the data types of the return values are in the algorithm-specific sections. So consider this resolved.

From: GALINDO Virginie [mailto:Virginie.GALINDO@gemalto.com]
Sent: Thursday, January 9, 2014 9:58 AM
To: Vijay Bharadwaj
Cc: public-webcrypto@w3.org
Subject: W3C Web Crypto WG - progressing on ISSUE-36

Hi Vijay,
In order to progress on the ISSUE-36 [1], can you confirm that you are happy with the derivebits recent proposal ?
Your last mail related to it raised some issue, did you transform it into bugs ?
Here again, I am trying to define if the ISSUE-36 and/or ACTION-127 can be closed.
Regards,
Virginie

[1] http://www.w3.org/2012/webcrypto/track/issues/36

________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus

Received on Tuesday, 14 January 2014 17:40:08 UTC