This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 26315 - ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous
Summary: ECDSA/ECDH: "namedCurve ASN.1 type" is ambiguous
Status: RESOLVED FIXED
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: Mark Watson
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-07-12 01:25 UTC by Ryan Sleevi
Modified: 2014-09-26 23:26 UTC (History)
3 users (show)

See Also:

Attachments

Description Ryan Sleevi 2014-07-12 01:25:19 UTC 
Raised by Brian on 

The current ( https://dvcs.w3.org/hg/webcrypto-api/raw-file/ee10c81e1141/spec/Overview.html ) spec language for ECDSA/ECDH handling of EC keys states

"If params is not an instance of the namedCurve ASN.1 type defined in RFC 5480"

This was seen as confusing. The intent was to specify that of the choice of ECParameters, only the namedCurve choice was acceptable (e.g. implicitCurve and specifiedCurve) are NOT supported.

As Brian interpreted, and as others may reasonably do so, this was seen as constraining the contents of the OIDs to those specified in 2.1.1.1 of RFC 5480 ( http://tools.ietf.org/html/rfc5480#section-2.1.1.1 ). While 2.1.1.1 is clear to indicate other specifications may describe additional types, it's still ambiguous because WebCrypto may choose to allow OIDs for which no specifications updating 5480 exist - e.g. the NUMS curves

One possible language modification is
"If params is an instance of the ECParameters ASN.1 type that specifies a namedCurve"

but that may still be seen as ambiguous.
Comment 1 Mark Watson 2014-09-22 17:58:59 UTC 
I suggest we adopt the wording proposed in Comment #1: "If params is an instance of the ECParameters ASN.1 type that specifies a namedCurve"