-
Notifications
You must be signed in to change notification settings - Fork 53
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug 27374 - Please remove older Editorial Notes from spec #30
Comments
@hhalpin Are these issues still current ? Where is the original list that is referred to ? |
With respect to point number 7 above (the extractability of unwrapped keys), I would support the notion that unwrapped keys inherit the value of the extractable property from the unwrappingKey, and that the extractable parameter be dropped. |
I believe the bug here refers to editorial notes which were removed at CR and so we need to consider whether they are in fact still valid and need to be addressed before PR. I don't believe any of the above 7 items require action, because: There are also a few Editorial Notes in the specification which I will address with a PR. |
PR #156 |
Bug 27374 from Bugzilla (this appears to referring to a list of issues elsewhere):
These rather cosmetic edits are holding up the spec being shipped as a Candidate Recommendation. I am providing exact text of the algorithm to be resolved after a quick sentence.
Editorial note
TODO: Specify the mapping between key.algorithm.hash and the
appropriate Hash functions (and back to OID).
Editorial note
Should this be folded into RsaHashedKeyGenParams and rely on the
optional nature of the dictionary fields?
rather than as an Open Issue w/o a number?
Editorial note
OPEN ISSUE: The import/export of JWK ignores the "alg" field, because
it does not provide a 1:1 mapping between ECDSA (which choses the
hash at sign/verify time, because it is safe to do so) and the JWS
alg (which incorporates the hash algorithm).
Editorial note
The definition of HKDF allows the caller to supply an optional
pseudorandom salt value, which is used as the key during the extract
phase. If this value is not supplied, an all zero string is used
instead. However, support for an explicit salt value is not widely
implemented in existing APIs, nor is it required by existing usages
of HKDF. Should this be an optional parameter, and if so, what should
the behaviour be of a user agent that does not support explicit salt
values (is it conforming or non-conforming?)
Editorial note
Should the following be specified.
the hash (SHA-256, SHA-384, SHA-512)
Editorial note
implement "key tainting", in which it records how a particular key
has been used (eg: algorithms, parameters), and prevents it from
being re-used in a manner that is unsafe or contrary to the security
or preventing an RSA-OAEP w/ MGF1-SHA1 from being used with RSA-OAEP w/ MGF1-SHA256.
Questions exist about whether this should be encouraged or permitted,
and the interoperability concerns it might cause.
and remove the note:
specify how authors that do not trust the execution environment may
indicate required attributes for keys that are unwrapped. An example
is unwrapping a key with a non-extractable key, marking the newly
unwrapped key as non extractable, and then further indicating that
all keys unwrapped with the newly unwrapped key are also non-extractable.
The text was updated successfully, but these errors were encountered: