This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
Jim writes: Let’s start with a discussion of what reference(s) we should be using for the padding algorithm. The problem with both of the current one is that they are setup for 64-bit encryption block algorithms and not the current 128-bit block size. The best reference that I can give you for now would be RFC 5652 (Cryptographic Message Syntax) which is the official successor to PKCS #7 in any event. The section that describes the padding algorithm is section 6.3 The unpadding algorithm in step 5 of decrypt needs to state “If p is zero or greater than 16”
The normative procedure in WebCrypto currently references RFC2898, which indeed says "the padding string PS consists of 8-(||M|| mod 8) octets each with value 8-(||M|| mod 8)." So this is clearly wrong. I propose to replace this with a reference to RFC2315.
Changeset 7f7c2917970d