New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Web crypto support information for MS Edge #2738

Merged
merged 4 commits into from Oct 25, 2018

Conversation

Projects
None yet
3 participants
Web crypto support information for MS Edge, based on:
  [MS-WEBCRYPTO] - Microsoft Edge Web Cryptography API Standards Support Document
  v20180828, Release: August 28, 2018
  https://msdn.microsoft.com/en-us/library/mt801187.aspx
Copyright © 2018 Microsoft Corporation

@Elchi3 Elchi3 added the data:api 🐇 label Sep 6, 2018

Corrected placement of the worker_support section
Added "status" section and firefox.version_added to worker_support

@wiml wiml force-pushed the omnigroup:master branch from 40e158f to 48b2c5f Sep 13, 2018

@wiml

This comment has been minimized.

Contributor

wiml commented Oct 12, 2018

Ping?

@Elchi3

This comment has been minimized.

Member

Elchi3 commented Oct 16, 2018

@wbamberg Can you take this? If not, please reassign review to me.

@Elchi3 Elchi3 requested a review from wbamberg Oct 16, 2018

@wbamberg

@wiml , thanks for this PR!

As I understand things, the MS doc you referenced says that Edge does not support any of the following cryto primitives: RSA-PSS, ECDSA, ECDH, AES-CTR, SHA-1, HKDF, PBKDF2.

This PR handles that by listing all the primitives at the top level (as a note on SubtleCrypto), then just marking each of the individual APIs (e.g. sign, decrypt etc) as partially supported.

The problem I can see here is that say I'm on the page for sign(), I can see it says partially supported, but I don't know what that means. I could only find out by going up to the main page for SubtleCrypto, but that's not obvious.

So I think it would be more helpful to note the crypto primitive limitations explicitly for each API item. Note that not all primitives are applicable to all APIs of course, so for example with sign() only RSA-PSS and ECDSA need to be noted as unsupported in Edge. The spec has a table that's very helpful for sorting this out.

Once you do that, you don't need to list them at the top level at all, IMO. The table on the SubtleCrypto page will include all the individual APIs anyway. Marking it partial at the top level is still a good idea though probably.

For worker support, IMO you can just note that at the top level. Maybe it's worth noting at the API items but I don't think so really. But I also asked whether there's a standard or conventional way to describe this in BCD.

What do you think?

},
"worker_support": {
"__compat": {
"description": "Available in workers",

This comment has been minimized.

@wbamberg

wbamberg Oct 24, 2018

Member

@Elchi3 , is there any standard (or conventional) way to represent or describe this condition? I think this is fine as it is, but if there is a standard or convention here we ought to follow it.

This comment has been minimized.

@wiml

wiml Oct 24, 2018

Contributor

This was based on schemas/compat-data-schema.md here and here. Is that what you mean?

This comment has been minimized.

@Elchi3

Elchi3 Oct 24, 2018

Member

@wiml yes, that is the convention.

This comment has been minimized.

@wbamberg

wbamberg Oct 24, 2018

Member

Yes, that's exactly what I meant :).

@wiml

This comment has been minimized.

Contributor

wiml commented Oct 24, 2018

That makes sense. I'll split out the notes into their specific sub-entries.

@wbamberg

Thanks for the updates, much clearer! I had a few comments on a couple of details, I might have misunderstood some of the changes so please let me know if you don't agree.

"partial_implementation": true,
"notes": [
"Not supported: RSA-PSS, ECDSA.",
"Not supported: AES-CTR."

This comment has been minimized.

@wbamberg

wbamberg Oct 24, 2018

Member

AES-CTR is not used in sign()

This comment has been minimized.

@wiml

wiml Oct 24, 2018

Contributor

Whoops! Nice catch.

@@ -728,7 +765,8 @@
"version_added": "37"
},
"edge": {
"version_added": "12"
"version_added": "12",
"partial_implementation": true

This comment has been minimized.

@wbamberg

wbamberg Oct 24, 2018

Member

This marks the method as partial but doesn't list the primitives that are not supported in Edge. The table in the spec lists some primitives that are not supported, is there a reason they're omitted here?

Similarly exportKey() isn't marked as partial, but seems to also have some primitives that are not supported in Edge.

This comment has been minimized.

@wiml

wiml Oct 25, 2018

Contributor

I wasn't sure what to do with this, since it's unclear to me whether importKey/exportKey will necessarily fail, or simply give you an object you can't do anything with. But I suppose that if an interface is marked partial it really should have a note explaining why.

This comment has been minimized.

@wbamberg

wbamberg Oct 25, 2018

Member

Yes, it's a good question. This: https://github.com/diafygi/webcrypto-examples seems like a really helpful resource.

I just tested in BrowserStack, and this: https://github.com/diafygi/webcrypto-examples#aes-ctr---importkey throws an error in Edge (but not in Firefox), while this: https://github.com/diafygi/webcrypto-examples#aes-cbc---importkey does not throw in Edge.

@wbamberg

Thanks @wiml , looks great!

@wbamberg wbamberg merged commit b427898 into mdn:master Oct 25, 2018

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment