1 While Web crypto may want flexibility on mixing and matching parameters, it is safer to have JOSE users pick from a predefined set defined by a string. While I understand the flexibility argument, it also allows encourages people to do potentially unsafe things.
If they need a new combination then they can register a new string and that will at least have some oversight. John B. On 2013-04-11, at 8:58 PM, Karen O'Donoghue <[email protected]> wrote: > Issue #7 http://trac.tools.ietf.org/wg/jose/trac/ticket/7 points out that the > JWA algorithm identifiers are different than those used by the W3C WebCrypto > draft at http://www.w3.org/TR/WebCryptoAPI/. The JWA algorithm identifiers > are strings, whereas the W3C WebCrypto algorithm identifiers are structures > including string identifiers. The working group had previously decided to > continue representing JOSE algorithms as strings, as recorded at > http://www.ietf.org/mail-archive/web/jose/current/msg01219.html. > > Which of these best describes your preferences on this issue? > > 1. Continue have the JWA algorithm identifiers be strings, and not objects. > Note that WebCrypto may choose to use some of these same strings, where > applicable. > > 2. Switch to using the algorithm identifier structures defined in the > WebCrypto draft. > > 3. Another resolution (please specify in detail). > > 0. I need more information to decide. > > Your reply is requested by Friday, April 19th or earlier. > > > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
