27473 – Explicit salts for the algorithm formerly known as HKDF

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 27473 - Explicit salts for the algorithm formerly known as HKDF

Summary: Explicit salts for the algorithm formerly known as HKDF

Status:	RESOLVED MOVED

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2014-11-30 21:31 UTC by Harry Halpin
Modified:	2016-05-23 23:46 UTC (History)
CC List:	2 users (show)

See Also:

Attachments

Description Harry Halpin 2014-11-30 21:31:57 UTC

Pre-CR, I've just removed this Editorial Note. I assume we should address this during CR when we'll know if explicit salts are supported in terms of interop.

---

Editorial note

The definition of HKDF allows the caller to supply an optional pseudorandom salt value, which is used as the key during the extract phase. If this value is not supplied, an all zero string is used instead. However, support for an explicit salt value is not widely implemented in existing APIs, nor is it required by existing usages of HKDF. Should this be an optional parameter, and if so, what should the behavior be of a user agent that does not support explicit salt values (is it conforming or non-conforming?)

Comment 1 Mark Watson 2016-05-23 23:46:42 UTC

Moved to https://github.com/w3c/webcrypto/issues/42