Cleanup prior to publishing next WD. Fixing broken links and addressing remaining feedback items raised during publication call.
--- a/spec/Overview-WebCryptoAPI.xml Mon Dec 10 00:52:58 2012 -0800
+++ b/spec/Overview-WebCryptoAPI.xml Mon Dec 17 18:06:32 2012 -0800
@@ -105,7 +105,9 @@
</ul>
<p>
This is the W3C Editor's Draft of the Web Cryptography API. Please send comments to
- public-webcrypto-comments@w3.org (archived). This is an unfinished <strong>work in progress</strong>.
+ <a href="mailto:public-webcrypto-comments@w3.org">public-webcrypto-comments@w3.org</a>
+ (<a href="http://lists.w3.org/Archives/Public/public-webcrypto-comments">archived</a>).
+ This is an unfinished <strong>work in progress</strong>.
</p>
<p>
Previous discussion of this specification has taken place on three other
@@ -178,21 +180,6 @@
<div id="use-cases" class="section">
<h2>Use Cases</h2>
<p class='norm'>This section is non-normative</p>
- <div class="ednote">
- <dl>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/13">ACTION-13</a></dt>
- <dd>Add missing use cases.</dd>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/15">ACTION-15</a></dt>
- <dd>Insert in "right place" a description of high-level example</dd>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/27">ACTION-27</a></dt>
- <dd>Add additional primary use cases.</dd>
- </dl>
- <p>
- Should these use cases be migrated to the <a href="#introduction">Introduction</a>
- section, and include non-normative examples of how the API can be used to perform
- each operation?
- </p>
- </div>
<div id="multifactor-authentication" class="section">
<h3>Multi-factor Authentication</h3>
<p>
@@ -557,7 +544,7 @@
A <a href="#dfn-conforming-implementation">conforming user agent</a> MUST support at
least the subset of the functionality defined in HTML that this specification relies
upon; in particular, it MUST support <a href="#event-loops">event loops</a> and
- <a href="#event-handler-attributes">event handler attributes</a>.
+ <a href="#event-handler-idl-attributes">event handler IDL attributes</a>.
[<a href="#HTML">HTML</a>]
</p>
</dd>
@@ -584,14 +571,14 @@
<p>
The terms and algorithms
<dfn id="document">document</dfn>,
- <dfn id="event-handler-attributes">event handler attributes</dfn>,
+ <dfn id="event-handler-idl-attributes">event handler IDL attributes</dfn>,
<dfn id="event-handler-event-type">event handler event type</dfn>,
<dfn id="origin">origin</dfn>,
<dfn id="same-origin">same origin</dfn>,
+ <dfn id="df-URL">URL</dfn>,
<dfn id="event-loops">event loops</dfn>,
<dfn id="dfn-task">task</dfn>,
<dfn id="task-source">task source</dfn>,
- <dfn id="df-URL">URL</dfn>,
<dfn id="queue-a-task">queue a task</dfn>,
<dfn id="fire-a-simple-event">fire a simple event</dfn>, and
<dfn id="structured-clone">structured clone</dfn>,
@@ -651,14 +638,14 @@
If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
<code>TypeMismatchError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
<p>
If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
<code>QuotaExceededError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -673,10 +660,12 @@
</p>
</li>
</ol>
- <p>
- Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
- </p>
+ <div class="note">
+ <p>
+ Do not generate keys using the <code>getRandomValues</code> method. Use the
+ <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
+ </p>
+ </div>
</div>
</div>
@@ -786,7 +775,7 @@
<p>
The Key object is not required to directly interface with the underlying key storage
mechanism, and may instead simply be a reference for the user agent to understand how
- to obtain the keying material when needed, eg. via a
+ to obtain the keying material when needed, eg. when performing a
<a href="#dfn-CryptoOperation">CryptoOperation</a>.
</p>
</div>
@@ -796,8 +785,8 @@
<dl>
<dt id="dfn-Key-type"><code>type</code></dt>
<dd>
- The type of the underlying keys. Opaque keying material, including that used for
- symmetric algorithms, are represented by <code>"secret"</code>, while keys used as
+ The type of the underlying key. Opaque keying material, including that used for
+ symmetric algorithms, is represented by <code>"secret"</code>, while keys used as
part of asymmetric algorithms composed of public/private keypairs will be either
<code>"public"</code> or <code>"private"</code>.
</dd>
@@ -848,6 +837,14 @@
cryptographic material key storage of <var>input</var>.
</li>
</ol>
+ <div class="note">
+ <strong>Implementation Note:</strong> When performing the structured clone algorithm for
+ a <code>Key</code> object, it is important that the underlying cryptographic key material
+ not be exposed to a JavaScript implementation. Such a situation may arise if an implementation
+ fails to implement the structured clone algorithm correctly, such as by allowing a <code>Key</code> object
+ to be serialized as part of a structured clone implementation, but then deserializing it as
+ a <code>DOMString</code>, rather than as a <code>Key</code> object.
+ </div>
</div>
</div>
@@ -886,7 +883,7 @@
<h3>Processing Model</h3>
<p>
Every <code>CryptoOperation</code> object must have a <dfn id="dfn-CryptoOperation-list-of-pending-data">list
- of pending data</dfn>. Each item in the lists represents data that should be transformed by the
+ of pending data</dfn>. Each item in the list represents data that should be transformed by the
cryptographic operation. The list functions as a queue that observes first-in, first-out ordering. That is,
the order in which items are added shall reflect the order in which items are removed.
</p>
@@ -897,7 +894,7 @@
<ol>
<li>
<p>
- If there are no items in the <a href="dfn-CryptoOperation-list-of-pending-data">list of pending
+ If there are no items in the <a href="#dfn-CryptoOperation-list-of-pending-data">list of pending
data</a>, the algorithm is complete.
</p>
</li>
@@ -957,7 +954,7 @@
</li>
<li>
<p>
- <a href="queue-a-task">Queue a task</a> to
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onerror"><code>onerror</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -965,7 +962,7 @@
</li>
<li>
<p>
- <a href="#terminate-an-algorithm">Terminate this algorithm</a>.
+ <a href="#terminate-the-algorithm">Terminate the algorithm</a>.
</p>
</li>
</ol>
@@ -997,7 +994,7 @@
</li>
<li>
<p>
- Remove <var>data</var> from the <a href="#dfn-CryptoOperation-list-of-pending-data">list of
+ Remove <var>item</var> from the <a href="#dfn-CryptoOperation-list-of-pending-data">list of
pending data</a>.
</p>
</li>
@@ -1039,7 +1036,7 @@
</li>
<li>
<p>
- <a href="queue-a-task">Queue a task</a> to
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onerror"><code>onerror</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -1047,7 +1044,7 @@
</li>
<li>
<p>
- <a href="#terminate-an-algorithm">Terminate this algorithm</a>.
+ <a href="#terminate-the-algorithm">Terminate the algorithm</a>.
</p>
</li>
</ol>
@@ -1067,16 +1064,27 @@
result using <var>output</var>.
</p>
<div class="ednote">
- <p>
- The wording here is presently ambiguous. It is modeled after the [FILE API], which has <code>result</code>
- accumulating the output as it becomes available. However, given that support for multi-part input exists,
- an interface to support streaming/progressive output has also been requested. How such an interface would
- be implemented, if at all, remains TBD.
- </p>
+ <ul>
+ <li>
+ <p>
+ <a href="http://www.w3.org/2012/webcrypto/track/issues/18">ISSUE-18</a>:
+ The wording here is presently ambiguous. It is modeled after the File API [<a href="#FileAPI">FileAPI</a>],
+ which has <code>result</code> accumulating the output as it becomes available. Because of this behaviour,
+ the entire cryptographic output is stored in <code>result</code> at the end of the operation.
+ </p>
+ <p>
+ In order to reduce the need to keep the entire cryptographic output in <code>result</code>, it has also been
+ requested to have an interface to support streaming/progressive output, in which only as much cryptographic
+ output as desired/requested is made available. How such functionality would be implemented, if at all,
+ remains to be determined.
+ </p>
+ </li>
+ </ul>
</div>
</li>
<li>
<p>
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onprogress"><code>onprogress</code></a>
at the <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -1084,7 +1092,7 @@
</li>
<li>
<p>
- If the underlying cryptograophic implementation supports multi-part cryptographic operations for the
+ If the underlying cryptographic implementation supports multi-part cryptographic operations for the
current <a href="#dfn-CryptoOperation-algorithm">algorithm</a>, repeat these steps for each item remaining
in the <a href="#dfn-CryptoOperation-list-of-pending-data">list of pending data</a>.
</p>
@@ -1094,9 +1102,10 @@
<ul>
<li>
<p>
- The above algorithm is meant to describe a possible way of supporting multi-part input (also called "streaming"
- input, but not to be confused with the [STREAMS API]. The downside to the above algorithm is that it does not
- describe a good interface for supporting algorithms that may support multiple multi-part inputs.
+ The above algorithm is meant to describe a possible way of supporting multi-part input (sometimes called "streaming"
+ or "progressive" input, but not to be confused with the Streams API [<a href="#StreamsAPI">StreamsAPI</a>]). The downside to the
+ above algorithm is that it does not describe a good interface for supporting algorithms that may support
+ multiple multi-part inputs.
</p>
<p>
An example of such an algorithm would be AES-GCM, which has two sources of input - the encrypted-and-authenticated
@@ -1105,17 +1114,20 @@
until <code>finish()</code> was called.
</p>
<p>
- However, at present, several major cryptographic APIs (CDSA, CNG, PKCS#11) do not support this, and so for now, the
- details for handling multi-source multi-part data have been omitted.
+ However, at present, several major cryptographic APIs (CDSA, CNG, PKCS#11) do not support such uses, and so for now, the
+ details for handling multiple multi-part inputs have been omitted.
</p>
</li>
+ <li>
+ The above algorithm does not fully describe how to handle <a href="#dfn-CryptoOperation-method-abort"><code>abort</code></a>ing an in-progress operation.
+ </li>
</ul>
</div>
</div>
<div id="cryptooperation-events" class="section">
<h3>Event Handler Attributes</h3>
<p>
- The following are the <a href="#event-handler-attributes">event handler attributes</a>
+ The following are the <a href="#event-handler-idl-attributes">event handler IDL attributes</a>
(and their corresponding <a href="#event-handler-event-type">event handler event
types</a>) that user agents must support on the <a href="#dfn-CryptoOperation">
<code>CryptoOperation</code></a> as DOM attributes:
@@ -1124,8 +1136,8 @@
<thead>
<tr>
<th>
- <a href="#event-handler-attributes" title="event handler attributes">event
- handler attributes</a>
+ <a href="#event-handler-idl-attributes" title="event handler IDL attributes">event
+ handler IDL attributes</a>
</th>
<th>
<a href="#event-handler-event-type" title="event handler event types">event
@@ -1224,7 +1236,7 @@
</p>
<div class="ednote">
<p>
- Warning: The text here is currently ambiguous in terms of defining how the <code>event loop</code>
+ Warning: The text here is currently ambiguous in terms of defining how the <a href="#event-loops">event loop</a>
processes events; in particular, it leaves under-specified how the <a href="#dfn-CryptoOperation-method-abort">
<code>abort()</code></a> method should be handled when data is being processed.
</p>
@@ -1286,12 +1298,12 @@
<p>Abort <a href="#dfn-CryptoOperation-process-data">processing data</a>.</p>
</li>
<li>
- If there are any tasks from the object's
- <a href="#cryptooperation-task-source"><code>CryptoOperation</code> task source</a> in
- one of the task queues, then remove those tasks.
+ If there are any pending tasks for the <code>CryptoOperation</code>, then remove those
+ tasks.
</li>
<li>
- <a href="#fire-a-simple-event">Fire a simple event</a> called
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
<a href="#dfn-onabort-event"><code>onabort</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
</li>
@@ -1311,10 +1323,10 @@
<h2>KeyOperation interface</h2>
<x:codeblock language="idl">
interface <dfn id="dfn-KeyOperation">KeyOperation</dfn> : EventTarget {
- readonly attribute any <a href="#dfn-KeyOperation-result">result</a>;
+ readonly attribute any result;
- [TreatNonCallableAsNull] attribute Function? <a href="#dfn-KeyOperation-onerror">onerror</a>;
- [TreatNonCallableAsNull] attribute Function? <a href="#dfn-KeyOperation-oncomplete">oncomplete</a>;
+ [TreatNonCallableAsNull] attribute Function? onerror;
+ [TreatNonCallableAsNull] attribute Function? oncomplete;
};
</x:codeblock>
</div>
@@ -1334,11 +1346,21 @@
};
interface <dfn id="dfn-crypto">Crypto</dfn> {
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, ArrayBufferView signature, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ ArrayBufferView signature,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ optional ArrayBufferView? buffer = null);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/36">ISSUE-36</a></span>
<a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
@@ -1408,7 +1430,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the encrypt
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1510,7 +1532,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the decrypt
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1611,7 +1633,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the sign
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1712,7 +1734,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the verify
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1813,7 +1835,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1895,7 +1917,7 @@
<div id="Crypto-method-generateKey" class="section">
<h4>The generateKey method</h4>
<p>
- When invoked, this method <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-Crypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -1910,7 +1932,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the generate
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1942,7 +1964,7 @@
If an error occured, <a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1995,7 +2017,7 @@
<div id="Crypto-method-deriveKey" class="section">
<h4>The deriveKey method</h4>
<p>
- When invoked, this method <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-Crypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2010,7 +2032,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the derive
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2037,7 +2059,7 @@
<a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2050,7 +2072,7 @@
If an error occured, <a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2199,7 +2221,7 @@
<li>
Keys derived from material associated with a particular origin (e.g.:
derived from exported TLS keying material [<a href="#RFC5705">RFC5705</a>] or
- origin bound certificates [<a href="#draft-tls-obc">DRAFT-TLS-OBC</a>]).
+ origin bound certificates [<a href="#draft-TLS-OBC">DRAFT-TLS-OBC</a>]).
</li>
</ul>
<p>
@@ -2371,6 +2393,12 @@
</div>
<div id="rsaes-pkcs1-operations" class="section">
<h4>Operations</h4>
+ <div class="ednote">
+ <p>
+ Note: The following processing algorithms have not been updated to match the processing algorithm
+ described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
+ </p>
+ </div>
<dl>
<dt>Encrypt</dt>
<dd>
@@ -2378,12 +2406,12 @@
shall behave as follows:
<ol>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-init">init</a></code>:
+ When initializing the <code><a href="#dfn-CryptoOperation">CryptoOperation</a></code>:
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
RSA public key, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an empty sequence of bytes.
@@ -2407,7 +2435,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the RSAES-PKCS1-V1_5-ENCRYPT operation, as specified in <a href="#RFC3447">RFC3447</a>,
@@ -2416,7 +2444,7 @@
</li>
<li>
If the operation resulted in an error, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>C</var> be an array of bytes resulting from performing the
@@ -2437,12 +2465,12 @@
shall behave as follows:
<ol>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-init">init</a></code>:
+ When initializing the <code><a href="#dfn-CryptoOperation">CryptoOperation</a></code>:
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
RSA private key, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>C</var> be an empty sequence of bytes.
@@ -2466,7 +2494,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the RSAES-PKCS1-V1_5-DECRYPT operation, as specified in <a href="#RFC3447">RFC3447</a>,
@@ -2475,7 +2503,7 @@
</li>
<li>
If the operation resulted in an error, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an array of bytes resulting from performing the
@@ -2770,6 +2798,12 @@
<div id="ecdsa-operations" class="section">
<h4>Operations</h4>
+ <div class="ednote">
+ <p>
+ Note: The following processing algorithms have not been updated to match the processing algorithm
+ described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
+ </p>
+ </div>
<dl>
<dt>Sign</dt>
<dd>
@@ -2781,7 +2815,7 @@
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
- ECDSA private key, raise an error and terminate this algorithm.
+ ECDSA private key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an empty sequence of bytes.
@@ -2805,7 +2839,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
@@ -2840,7 +2874,7 @@
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
- ECDSA public key, raise an error and terminate this algorithm.
+ ECDSA public key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M'</var> be an empty sequence of bytes.
@@ -2864,7 +2898,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
@@ -3625,9 +3659,9 @@
<div id="acknowledgements-section" class="section">
<h2>Acknowledgements</h2>
<p>
- The editors would like to thank Adam Barth, Ali Asad, Arun Ranganathan, Brian Smith,
- Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj, Virginie Galindo,
- and Wan-Teh Chang for their technical feedback and assistance.
+ The editors would like to thank Adam Barth, Alex Russell, Ali Asad, Arun Ranganathan,
+ Brian Smith, Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj,
+ Virginie Galindo, and Wan-Teh Chang for their technical feedback and assistance.
</p>
<p>
Thanks to the W3C Web Cryptography WG, and to participants on the public-webcrypto@w3.org
@@ -3648,30 +3682,35 @@
<div id="normative-references" class="section">
<h3>Normative References</h3>
<dl>
- <dt id="RFC2119">RFC2119</dt>
- <dd>
- <cite><a href='http://www.ietf.org/rfc/rfc2119'>Key words for use in RFCs to
- Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
- </dd>
- <dt id="WebIDL">WebIDL Specification</dt>
- <dd>
- <cite><a href="http://www.w3.org/TR/WebIDL/">WebIDL (work in progress)</a></cite>,
- C. McCormack.
- </dd>
<dt id="DOM4">DOM4</dt>
<dd>
<cite><a href="http://www.w3.org/TR/domcore/">DOM4 (work in progress)</a></cite>,
A. Gregor, A. van Kesteren, Ms2ger. W3C.
</dd>
+ <dt id="ECMA-262">ECMAScript</dt>
+ <dd>
+ <cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">
+ ECMAScript 5th Edition</a></cite>, A. Wirfs-Brock, P. Lakshman et al.
+ </dd>
+ <dt id="FIPS180-4">FIPS 180-4</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">
+ FIPS PUB 180-4: Secure Hash Standard</a></cite>, NIST.
+ </dd>
<dt id="HTML">HTML</dt>
<dd>
<cite><a href="http://dev.w3.org/html5/spec/Overview.html">HTML5: A vocabulary and
associated APIs for HTML and XHTML (work in progress)</a></cite>, I. Hickson. W3C.
</dd>
- <dt id="TypedArrays">Typed Arrays</dt>
+ <dt id="PKCS3">PKCS3</dt>
<dd>
- <cite><a href="https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/doc/spec/TypedArray-spec.html">
- Typed Arrays (work in progress)</a></cite>, V. Vukicevic, K. Russell. Khronos Group.
+ <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
+ Key-Agreement Standard</a></cite>, RSA Laboratories.
+ </dd>
+ <dt id="RFC2119">RFC2119</dt>
+ <dd>
+ <cite><a href='http://www.ietf.org/rfc/rfc2119'>Key words for use in RFCs to
+ Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
</dd>
<dt id="RFC3447">RFC3447</dt>
<dd>
@@ -3691,10 +3730,15 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. IETF.
</dd>
- <dt id="PKCS3">PKCS3</dt>
+ <dt id="TypedArrays">Typed Arrays</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
- Key-Agreement Standard</a></cite>, RSA Laboratories.
+ <cite><a href="https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/doc/spec/TypedArray-spec.html">
+ Typed Arrays (work in progress)</a></cite>, V. Vukicevic, K. Russell. Khronos Group.
+ </dd>
+ <dt id="WebIDL">WebIDL Specification</dt>
+ <dd>
+ <cite><a href="http://www.w3.org/TR/WebIDL/">WebIDL (work in progress)</a></cite>,
+ C. McCormack.
</dd>
<dt id="X9.62">X9.62</dt>
<dd>
@@ -3706,50 +3750,45 @@
<cite>ANS X9.63–2001: Public Key Cryptography for the Financial Services Industry,
Key Agreement and Key Transport Using Elliptic Curve Cryptography</cite>, ANSI.
</dd>
- <dt id="ECMA-262">ECMAScript</dt>
- <dd>
- <cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">
- ECMAScript 5th Edition</a></cite>, A. Wirfs-Brock, P. Lakshman et al.
- </dd>
- <dt id="FIPS180-4">FIPS 180-4</dt>
- <dd>
- <cite><a href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">
- FIPS PUB 180-4: Secure Hash Standard</a></cite>, NIST.
- </dd>
</dl>
</div>
<div id="informative-references" class="section">
<h3>Informative References</h3>
<dl>
- <dt id="draft-TLS-OBC">draft-balfanz-tls-obc-01</dt>
+ <dt id="CDSA">CDSA</dt>
+ <dd>
+ <cite><a href="http://www.opengroup.org/security/cdsa.htm">Common Security: CDSA and
+ CSSM, Version 2 (with corrigenda)</a></cite>, the Open Group.
+ </dd>
+ <dt id="CNG">CNG</dt>
+ <dd>
+ <cite><a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx">
+ Cryptography API: Next Generation</a></cite>, Microsoft Corporation.
+ </dd>
+ <dt id="CryptoAPI">CryptoAPI</dt>
+ <dd>
+ <cite><a href="http://msdn.microsoft.com/en-us/library/aa380256.aspx">Cryptography
+ Reference</a></cite>, Microsoft Corporation.
+ </dd>
+ <dt id="draft-TLS-OBC">DRAFT-TLS-OBC</dt>
<dd>
<cite><a href="http://tools.ietf.org/html/draft-balfanz-tls-obc-01">TLS Origin-Bound
Certificates</a></cite>, D. Balfanz, D. Smetters, M. Upadhyay, A. Barth. IETF.
</dd>
- <dt id="RFC5705">RFC 5705</dt>
+ <dt id="FileAPI">FileAPI</dt>
<dd>
- <cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
- Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
+ <cite><a href="http://www.w3.org/TR/FileAPI/">File API</a></cite>,
+ A. Ranganathan, J. Sicking. W3C.
</dd>
<dt id="PKCS11">PKCS11</dt>
<dd>
<cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2133">PKCS #11: Cryptographic
Token Interface Standard</a></cite>, RSA Laboratories.
</dd>
- <dt id="CryptoAPI">CryptoAPI</dt>
- <dd>
- <cite><a href="http://msdn.microsoft.com/en-us/library/aa380256.aspx">Cryptography
- Reference</a></cite>, Microsoft Corporation.
- </dd>
- <dt id="CNG">CNG</dt>
+ <dt id="RFC5705">RFC 5705</dt>
<dd>
- <cite><a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx">
- Cryptography API: Next Generation</a></cite>, Microsoft Corporation.
- </dd>
- <dt id="CDSA">CDSA</dt>
- <dd>
- <cite><a href="http://www.opengroup.org/security/cdsa.htm">Common Security: CDSA and
- CSSM, Version 2 (with corrigenda)</a></cite>, the Open Group.
+ <cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
+ Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
</dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
@@ -3757,6 +3796,11 @@
NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete
Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
</dd>
+ <dt id="StreamsAPI">StreamsAPI</dt>
+ <dd>
+ <cite><a href="http://dvcs.w3.org/hg/streams-api/raw-file/tip/Overview.htm">Streams API</a>
+ </cite>, F. Moussa. W3C.
+ </dd>
</dl>
</div>
</div>
--- a/spec/Overview.html Mon Dec 10 00:52:58 2012 -0800
+++ b/spec/Overview.html Mon Dec 17 18:06:32 2012 -0800
@@ -33,7 +33,7 @@
<link rel="stylesheet" href="//www.w3.org/StyleSheets/TR/W3C-ED" type="text/css" /></head>
<body>
- <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>10 December 2012</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://ddahl.com/">David Dahl</a>, Mozilla Corporation <ddahl@mozilla.com></dd><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
+ <div class="head"><div><a href="http://www.w3.org/"><img src="//www.w3.org/Icons/w3c_home" width="72" height="48" alt="W3C" /></a></div><h1>Web Cryptography API</h1><h2>W3C Editor’s Draft <em>17 December 2012</em></h2><dl><dt>Latest Editor’s Draft:</dt><dd><a href="http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html">http://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html</a></dd><dt>Latest Published Version:</dt><dd><a href="http://www.w3.org/TR/WebCryptoAPI/">http://www.w3.org/TR/WebCryptoAPI/</a></dd><dt>Previous Version(s):</dt><dd><a href="https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html">https://dvcs.w3.org/hg/webcrypto-api/raw-file/0fe9b34c13fb/spec/Overview.html</a></dd><dt>Editors:</dt><dd><a href="http://ddahl.com/">David Dahl</a>, Mozilla Corporation <ddahl@mozilla.com></dd><dd><a href="http://www.google.com/">Ryan Sleevi</a>, Google, Inc. <sleevi@google.com></dd><dt>Participate:</dt><dd><p>Send feedback to <a href="mailto:public-webcrypto@w3.org?subject=%5BWebCryptoAPI%5D">public-webcrypto@w3.org</a> (<a href="http://lists.w3.org/Archives/Public/public-webcrypto/">archives</a>), or <a href="https://www.w3.org/Bugs/Public/enter_bug.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document">file a bug</a>
(see <a href="https://www.w3.org/Bugs/Public/buglist.cgi?product=Web%20Cryptography&component=Web%20Cryptography%20API%20Document&resolution=---">existing bugs</a>).</p></dd></dl><p class="copyright"><a href="http://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © view <a href="http://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="http://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="http://www.ercim.org/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="http://www.keio.ac.jp/">Keio</a>), All Rights Reserved. W3C <a href="http://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="http://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="http://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply.</p></div><hr />
<div class="section">
@@ -49,7 +49,7 @@
communications.
</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 21 further editorial notes in the document.</p></div>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div><p>There are 22 further editorial notes in the document.</p></div>
</div>
<div class="section">
@@ -83,7 +83,9 @@
</ul>
<p>
This is the W3C Editor's Draft of the Web Cryptography API. Please send comments to
- public-webcrypto-comments@w3.org (archived). This is an unfinished <strong>work in progress</strong>.
+ <a href="mailto:public-webcrypto-comments@w3.org">public-webcrypto-comments@w3.org</a>
+ (<a href="http://lists.w3.org/Archives/Public/public-webcrypto-comments">archived</a>).
+ This is an unfinished <strong>work in progress</strong>.
</p>
<p>
Previous discussion of this specification has taken place on three other
@@ -174,21 +176,6 @@
<div id="use-cases" class="section">
<h2>2. Use Cases</h2>
<p class="norm">This section is non-normative</p>
- <div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <dl>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/13">ACTION-13</a></dt>
- <dd>Add missing use cases.</dd>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/15">ACTION-15</a></dt>
- <dd>Insert in "right place" a description of high-level example</dd>
- <dt><a href="https://www.w3.org/2012/webcrypto/track/actions/27">ACTION-27</a></dt>
- <dd>Add additional primary use cases.</dd>
- </dl>
- <p>
- Should these use cases be migrated to the <a href="#introduction">Introduction</a>
- section, and include non-normative examples of how the API can be used to perform
- each operation?
- </p>
- </div>
<div id="multifactor-authentication" class="section">
<h3>2.1. Multi-factor Authentication</h3>
<p>
@@ -553,7 +540,7 @@
A <a href="#dfn-conforming-implementation">conforming user agent</a> MUST support at
least the subset of the functionality defined in HTML that this specification relies
upon; in particular, it MUST support <a href="#event-loops">event loops</a> and
- <a href="#event-handler-attributes">event handler attributes</a>.
+ <a href="#event-handler-idl-attributes">event handler IDL attributes</a>.
[<a href="#HTML">HTML</a>]
</p>
</dd>
@@ -580,14 +567,14 @@
<p>
The terms and algorithms
<dfn id="document">document</dfn>,
- <dfn id="event-handler-attributes">event handler attributes</dfn>,
+ <dfn id="event-handler-idl-attributes">event handler IDL attributes</dfn>,
<dfn id="event-handler-event-type">event handler event type</dfn>,
<dfn id="origin">origin</dfn>,
<dfn id="same-origin">same origin</dfn>,
+ <dfn id="df-URL">URL</dfn>,
<dfn id="event-loops">event loops</dfn>,
<dfn id="dfn-task">task</dfn>,
<dfn id="task-source">task source</dfn>,
- <dfn id="df-URL">URL</dfn>,
<dfn id="queue-a-task">queue a task</dfn>,
<dfn id="fire-a-simple-event">fire a simple event</dfn>, and
<dfn id="structured-clone">structured clone</dfn>,
@@ -647,14 +634,14 @@
If <var>array</var> is not of an integer type (i.e., Int8Array, Uint8Array,
Int16Array, Uint16Array, Int32Array, or Uint32Array), throw a
<code>TypeMismatchError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
<p>
If the <code>byteLength</code> of <var>array</var> is greater than 65536, throw a
<code>QuotaExceededError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -669,10 +656,12 @@
</p>
</li>
</ol>
- <p>
- Do not generate keys using the <code>getRandomValues</code> method. Use the
- <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
- </p>
+ <div class="note"><div class="noteHeader">Note</div>
+ <p>
+ Do not generate keys using the <code>getRandomValues</code> method. Use the
+ <a href="#dfn-Crypto-method-generateKey"><code>generateKey</code></a> method instead.
+ </p>
+ </div>
</div>
</div>
@@ -782,7 +771,7 @@
<p>
The Key object is not required to directly interface with the underlying key storage
mechanism, and may instead simply be a reference for the user agent to understand how
- to obtain the keying material when needed, eg. via a
+ to obtain the keying material when needed, eg. when performing a
<a href="#dfn-CryptoOperation">CryptoOperation</a>.
</p>
</div>
@@ -792,8 +781,8 @@
<dl>
<dt id="dfn-Key-type"><code>type</code></dt>
<dd>
- The type of the underlying keys. Opaque keying material, including that used for
- symmetric algorithms, are represented by <code>"secret"</code>, while keys used as
+ The type of the underlying key. Opaque keying material, including that used for
+ symmetric algorithms, is represented by <code>"secret"</code>, while keys used as
part of asymmetric algorithms composed of public/private keypairs will be either
<code>"public"</code> or <code>"private"</code>.
</dd>
@@ -844,6 +833,14 @@
cryptographic material key storage of <var>input</var>.
</li>
</ol>
+ <div class="note"><div class="noteHeader">Note</div>
+ <strong>Implementation Note:</strong> When performing the structured clone algorithm for
+ a <code>Key</code> object, it is important that the underlying cryptographic key material
+ not be exposed to a JavaScript implementation. Such a situation may arise if an implementation
+ fails to implement the structured clone algorithm correctly, such as by allowing a <code>Key</code> object
+ to be serialized as part of a structured clone implementation, but then deserializing it as
+ a <code>DOMString</code>, rather than as a <code>Key</code> object.
+ </div>
</div>
</div>
@@ -882,7 +879,7 @@
<h3>12.1. Processing Model</h3>
<p>
Every <code>CryptoOperation</code> object must have a <dfn id="dfn-CryptoOperation-list-of-pending-data">list
- of pending data</dfn>. Each item in the lists represents data that should be transformed by the
+ of pending data</dfn>. Each item in the list represents data that should be transformed by the
cryptographic operation. The list functions as a queue that observes first-in, first-out ordering. That is,
the order in which items are added shall reflect the order in which items are removed.
</p>
@@ -893,7 +890,7 @@
<ol>
<li>
<p>
- If there are no items in the <a href="dfn-CryptoOperation-list-of-pending-data">list of pending
+ If there are no items in the <a href="#dfn-CryptoOperation-list-of-pending-data">list of pending
data</a>, the algorithm is complete.
</p>
</li>
@@ -953,7 +950,7 @@
</li>
<li>
<p>
- <a href="queue-a-task">Queue a task</a> to
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onerror"><code>onerror</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -961,7 +958,7 @@
</li>
<li>
<p>
- <a href="#terminate-an-algorithm">Terminate this algorithm</a>.
+ <a href="#terminate-the-algorithm">Terminate the algorithm</a>.
</p>
</li>
</ol>
@@ -993,7 +990,7 @@
</li>
<li>
<p>
- Remove <var>data</var> from the <a href="#dfn-CryptoOperation-list-of-pending-data">list of
+ Remove <var>item</var> from the <a href="#dfn-CryptoOperation-list-of-pending-data">list of
pending data</a>.
</p>
</li>
@@ -1035,7 +1032,7 @@
</li>
<li>
<p>
- <a href="queue-a-task">Queue a task</a> to
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onerror"><code>onerror</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -1043,7 +1040,7 @@
</li>
<li>
<p>
- <a href="#terminate-an-algorithm">Terminate this algorithm</a>.
+ <a href="#terminate-the-algorithm">Terminate the algorithm</a>.
</p>
</li>
</ol>
@@ -1063,16 +1060,27 @@
result using <var>output</var>.
</p>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
- <p>
- The wording here is presently ambiguous. It is modeled after the [FILE API], which has <code>result</code>
- accumulating the output as it becomes available. However, given that support for multi-part input exists,
- an interface to support streaming/progressive output has also been requested. How such an interface would
- be implemented, if at all, remains TBD.
- </p>
+ <ul>
+ <li>
+ <p>
+ <a href="http://www.w3.org/2012/webcrypto/track/issues/18">ISSUE-18</a>:
+ The wording here is presently ambiguous. It is modeled after the File API [<a href="#FileAPI">FileAPI</a>],
+ which has <code>result</code> accumulating the output as it becomes available. Because of this behaviour,
+ the entire cryptographic output is stored in <code>result</code> at the end of the operation.
+ </p>
+ <p>
+ In order to reduce the need to keep the entire cryptographic output in <code>result</code>, it has also been
+ requested to have an interface to support streaming/progressive output, in which only as much cryptographic
+ output as desired/requested is made available. How such functionality would be implemented, if at all,
+ remains to be determined.
+ </p>
+ </li>
+ </ul>
</div>
</li>
<li>
<p>
+ <a href="#queue-a-task">Queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a> named
<a href="#dfn-CryptoOperation-onprogress"><code>onprogress</code></a>
at the <a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
@@ -1080,7 +1088,7 @@
</li>
<li>
<p>
- If the underlying cryptograophic implementation supports multi-part cryptographic operations for the
+ If the underlying cryptographic implementation supports multi-part cryptographic operations for the
current <a href="#dfn-CryptoOperation-algorithm">algorithm</a>, repeat these steps for each item remaining
in the <a href="#dfn-CryptoOperation-list-of-pending-data">list of pending data</a>.
</p>
@@ -1090,9 +1098,10 @@
<ul>
<li>
<p>
- The above algorithm is meant to describe a possible way of supporting multi-part input (also called "streaming"
- input, but not to be confused with the [STREAMS API]. The downside to the above algorithm is that it does not
- describe a good interface for supporting algorithms that may support multiple multi-part inputs.
+ The above algorithm is meant to describe a possible way of supporting multi-part input (sometimes called "streaming"
+ or "progressive" input, but not to be confused with the Streams API [<a href="#StreamsAPI">StreamsAPI</a>]). The downside to the
+ above algorithm is that it does not describe a good interface for supporting algorithms that may support
+ multiple multi-part inputs.
</p>
<p>
An example of such an algorithm would be AES-GCM, which has two sources of input - the encrypted-and-authenticated
@@ -1101,17 +1110,20 @@
until <code>finish()</code> was called.
</p>
<p>
- However, at present, several major cryptographic APIs (CDSA, CNG, PKCS#11) do not support this, and so for now, the
- details for handling multi-source multi-part data have been omitted.
+ However, at present, several major cryptographic APIs (CDSA, CNG, PKCS#11) do not support such uses, and so for now, the
+ details for handling multiple multi-part inputs have been omitted.
</p>
</li>
+ <li>
+ The above algorithm does not fully describe how to handle <a href="#dfn-CryptoOperation-method-abort"><code>abort</code></a>ing an in-progress operation.
+ </li>
</ul>
</div>
</div>
<div id="cryptooperation-events" class="section">
<h3>12.2. Event Handler Attributes</h3>
<p>
- The following are the <a href="#event-handler-attributes">event handler attributes</a>
+ The following are the <a href="#event-handler-idl-attributes">event handler IDL attributes</a>
(and their corresponding <a href="#event-handler-event-type">event handler event
types</a>) that user agents must support on the <a href="#dfn-CryptoOperation">
<code>CryptoOperation</code></a> as DOM attributes:
@@ -1120,8 +1132,8 @@
<thead>
<tr>
<th>
- <a href="#event-handler-attributes" title="event handler attributes">event
- handler attributes</a>
+ <a href="#event-handler-idl-attributes" title="event handler IDL attributes">event
+ handler IDL attributes</a>
</th>
<th>
<a href="#event-handler-event-type" title="event handler event types">event
@@ -1220,7 +1232,7 @@
</p>
<div class="ednote"><div class="ednoteHeader">Editorial note</div>
<p>
- Warning: The text here is currently ambiguous in terms of defining how the <code>event loop</code>
+ Warning: The text here is currently ambiguous in terms of defining how the <a href="#event-loops">event loop</a>
processes events; in particular, it leaves under-specified how the <a href="#dfn-CryptoOperation-method-abort">
<code>abort()</code></a> method should be handled when data is being processed.
</p>
@@ -1282,12 +1294,12 @@
<p>Abort <a href="#dfn-CryptoOperation-process-data">processing data</a>.</p>
</li>
<li>
- If there are any tasks from the object's
- <a href="#cryptooperation-task-source"><code>CryptoOperation</code> task source</a> in
- one of the task queues, then remove those tasks.
+ If there are any pending tasks for the <code>CryptoOperation</code>, then remove those
+ tasks.
</li>
<li>
- <a href="#fire-a-simple-event">Fire a simple event</a> called
+ <a href="#queue-a-task">Queue a task</a> to
+ <a href="#fire-a-simple-event">fire a simple event</a> called
<a href="#dfn-onabort-event"><code>onabort</code></a> at the
<a href="#dfn-CryptoOperation"><code>CryptoOperation</code></a>.
</li>
@@ -1307,10 +1319,10 @@
<h2>13. KeyOperation interface</h2>
<div class="block"><div class="blockTitleDiv"><span class="blockTitle">IDL</span></div><div class="blockContent"><pre class="code"><code class="idl-code">
interface <dfn id="dfn-KeyOperation">KeyOperation</dfn> : EventTarget {
- readonly attribute any <a href="#dfn-KeyOperation-result">result</a>;
+ readonly attribute any result;
- [TreatNonCallableAsNull] attribute Function? <a href="#dfn-KeyOperation-onerror">onerror</a>;
- [TreatNonCallableAsNull] attribute Function? <a href="#dfn-KeyOperation-oncomplete">oncomplete</a>;
+ [TreatNonCallableAsNull] attribute Function? onerror;
+ [TreatNonCallableAsNull] attribute Function? oncomplete;
};
</code></pre></div></div>
</div>
@@ -1330,11 +1342,21 @@
};
interface <dfn id="dfn-crypto">Crypto</dfn> {
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, <a href="#dfn-Key">Key</a> key, ArrayBufferView signature, optional ArrayBufferView? buffer = null);
- <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm, optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-encrypt">encrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-decrypt">decrypt</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-sign">sign</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-verify">verify</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ <a href="#dfn-Key">Key</a> key,
+ ArrayBufferView signature,
+ optional ArrayBufferView? buffer = null);
+ <a href="#dfn-CryptoOperation">CryptoOperation</a> <a href="#dfn-Crypto-method-digest">digest</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
+ optional ArrayBufferView? buffer = null);
<span class="comment">// TBD: <a href="https://www.w3.org/2012/webcrypto/track/issues/36">ISSUE-36</a></span>
<a href="#dfn-KeyOperation">KeyOperation</a> <a href="#dfn-Crypto-method-generateKey">generateKey</a>(<a href="#dfn-AlgorithmIdentifier">AlgorithmIdentifier</a> algorithm,
@@ -1404,7 +1426,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the encrypt
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1506,7 +1528,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the decrypt
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1607,7 +1629,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the sign
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1708,7 +1730,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the verify
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1809,7 +1831,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the digest
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1891,7 +1913,7 @@
<div id="Crypto-method-generateKey" class="section">
<h4>14.1.6. The generateKey method</h4>
<p>
- When invoked, this method <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-Crypto-method-generateKey"><code>generateKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -1906,7 +1928,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the generate
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1938,7 +1960,7 @@
If an error occured, <a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -1991,7 +2013,7 @@
<div id="Crypto-method-deriveKey" class="section">
<h4>14.1.7. The deriveKey method</h4>
<p>
- When invoked, this method <span class="RFC2119">MUST</span> perform the following steps:
+ When invoked, <dfn id="dfn-Crypto-method-deriveKey"><code>deriveKey</code></dfn> <span class="RFC2119">MUST</span> perform the following steps:
</p>
<ol>
<li>
@@ -2006,7 +2028,7 @@
If <var>normalizedAlgorithm</var> does not describe a
<a href="#algorithms">registered algorithm</a> that supports the derive
operation, throw a <code>NotSupportedError</code> and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2033,7 +2055,7 @@
<a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2046,7 +2068,7 @@
If an error occured, <a href="#queue-a-task">queue a task</a> to
<a href="#fire-a-simple-event">fire a simple event</a>
called <a href="#dfn-KeyOperation-onerror"><code>onerror</code></a> at
- <var>KeyOp</var> and terminate this algorithm.
+ <var>KeyOp</var> and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</p>
</li>
<li>
@@ -2195,7 +2217,7 @@
<li>
Keys derived from material associated with a particular origin (e.g.:
derived from exported TLS keying material [<a href="#RFC5705">RFC5705</a>] or
- origin bound certificates [<a href="#draft-tls-obc">DRAFT-TLS-OBC</a>]).
+ origin bound certificates [<a href="#draft-TLS-OBC">DRAFT-TLS-OBC</a>]).
</li>
</ul>
<p>
@@ -2367,6 +2389,12 @@
</div>
<div id="rsaes-pkcs1-operations" class="section">
<h4>19.3.4. Operations</h4>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>
+ Note: The following processing algorithms have not been updated to match the processing algorithm
+ described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
+ </p>
+ </div>
<dl>
<dt>Encrypt</dt>
<dd>
@@ -2374,12 +2402,12 @@
shall behave as follows:
<ol>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-init">init</a></code>:
+ When initializing the <code><a href="#dfn-CryptoOperation">CryptoOperation</a></code>:
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
RSA public key, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an empty sequence of bytes.
@@ -2403,7 +2431,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the RSAES-PKCS1-V1_5-ENCRYPT operation, as specified in <a href="#RFC3447">RFC3447</a>,
@@ -2412,7 +2440,7 @@
</li>
<li>
If the operation resulted in an error, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>C</var> be an array of bytes resulting from performing the
@@ -2433,12 +2461,12 @@
shall behave as follows:
<ol>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-init">init</a></code>:
+ When initializing the <code><a href="#dfn-CryptoOperation">CryptoOperation</a></code>:
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
RSA private key, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>C</var> be an empty sequence of bytes.
@@ -2462,7 +2490,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the RSAES-PKCS1-V1_5-DECRYPT operation, as specified in <a href="#RFC3447">RFC3447</a>,
@@ -2471,7 +2499,7 @@
</li>
<li>
If the operation resulted in an error, raise an error and
- <dfn id="terminate-the-algorithm">terminate the algorithm</dfn>.
+ <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an array of bytes resulting from performing the
@@ -2766,6 +2794,12 @@
<div id="ecdsa-operations" class="section">
<h4>19.7.5. Operations</h4>
+ <div class="ednote"><div class="ednoteHeader">Editorial note</div>
+ <p>
+ Note: The following processing algorithms have not been updated to match the processing algorithm
+ described in the <a href="#CryptoOperation-processing-model">CryptoOperation processing model</a>.
+ </p>
+ </div>
<dl>
<dt>Sign</dt>
<dd>
@@ -2777,7 +2811,7 @@
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
- ECDSA private key, raise an error and terminate this algorithm.
+ ECDSA private key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M</var> be an empty sequence of bytes.
@@ -2801,7 +2835,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the ECDSA signing process, as specified in <a href="#X9.62">X9.62</a>,
@@ -2836,7 +2870,7 @@
<ol>
<li>
If <code><a href="#dfn-CryptoOperation-key">key</a></code> does not describe an
- ECDSA public key, raise an error and terminate this algorithm.
+ ECDSA public key, raise an error and <a href="#terminate-the-algorithm">terminate the algorithm</a>.
</li>
<li>
Let <var>M'</var> be an empty sequence of bytes.
@@ -2860,7 +2894,7 @@
</ol>
</li>
<li>
- Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish()</a></code>:
+ Upon invoking <code><a href="#dfn-CryptoOperation-method-finish">finish</a></code>:
<ol>
<li>
Perform the ECDSA verifying process, as specified in <a href="#X9.62">X9.62</a>,
@@ -3621,9 +3655,9 @@
<div id="acknowledgements-section" class="section">
<h2>22. Acknowledgements</h2>
<p>
- The editors would like to thank Adam Barth, Ali Asad, Arun Ranganathan, Brian Smith,
- Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj, Virginie Galindo,
- and Wan-Teh Chang for their technical feedback and assistance.
+ The editors would like to thank Adam Barth, Alex Russell, Ali Asad, Arun Ranganathan,
+ Brian Smith, Brian Warner, Channy Yun, Kai Engert, Mark Watson, Vijay Bharadwaj,
+ Virginie Galindo, and Wan-Teh Chang for their technical feedback and assistance.
</p>
<p>
Thanks to the W3C Web Cryptography WG, and to participants on the public-webcrypto@w3.org
@@ -3644,30 +3678,35 @@
<div id="normative-references" class="section">
<h3>23.1. Normative References</h3>
<dl>
- <dt id="RFC2119">RFC2119</dt>
- <dd>
- <cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to
- Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
- </dd>
- <dt id="WebIDL">WebIDL Specification</dt>
- <dd>
- <cite><a href="http://www.w3.org/TR/WebIDL/">WebIDL (work in progress)</a></cite>,
- C. McCormack.
- </dd>
<dt id="DOM4">DOM4</dt>
<dd>
<cite><a href="http://www.w3.org/TR/domcore/">DOM4 (work in progress)</a></cite>,
A. Gregor, A. van Kesteren, Ms2ger. W3C.
</dd>
+ <dt id="ECMA-262">ECMAScript</dt>
+ <dd>
+ <cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">
+ ECMAScript 5th Edition</a></cite>, A. Wirfs-Brock, P. Lakshman et al.
+ </dd>
+ <dt id="FIPS180-4">FIPS 180-4</dt>
+ <dd>
+ <cite><a href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">
+ FIPS PUB 180-4: Secure Hash Standard</a></cite>, NIST.
+ </dd>
<dt id="HTML">HTML</dt>
<dd>
<cite><a href="http://dev.w3.org/html5/spec/Overview.html">HTML5: A vocabulary and
associated APIs for HTML and XHTML (work in progress)</a></cite>, I. Hickson. W3C.
</dd>
- <dt id="TypedArrays">Typed Arrays</dt>
+ <dt id="PKCS3">PKCS3</dt>
<dd>
- <cite><a href="https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/doc/spec/TypedArray-spec.html">
- Typed Arrays (work in progress)</a></cite>, V. Vukicevic, K. Russell. Khronos Group.
+ <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
+ Key-Agreement Standard</a></cite>, RSA Laboratories.
+ </dd>
+ <dt id="RFC2119">RFC2119</dt>
+ <dd>
+ <cite><a href="http://www.ietf.org/rfc/rfc2119">Key words for use in RFCs to
+ Indicate Requirement Levels</a></cite>, S. Bradner. IETF.
</dd>
<dt id="RFC3447">RFC3447</dt>
<dd>
@@ -3687,10 +3726,15 @@
Infrastructure Certificate and Certificate Revocation List (CRL) Profile</a></cite>,
D. Cooper, S. Santesson, S. Farrell, S. Boeyen, R. Housley, W. Polk. IETF.
</dd>
- <dt id="PKCS3">PKCS3</dt>
+ <dt id="TypedArrays">Typed Arrays</dt>
<dd>
- <cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2126">PKCS #3: Diffie-Hellman
- Key-Agreement Standard</a></cite>, RSA Laboratories.
+ <cite><a href="https://cvs.khronos.org/svn/repos/registry/trunk/public/webgl/doc/spec/TypedArray-spec.html">
+ Typed Arrays (work in progress)</a></cite>, V. Vukicevic, K. Russell. Khronos Group.
+ </dd>
+ <dt id="WebIDL">WebIDL Specification</dt>
+ <dd>
+ <cite><a href="http://www.w3.org/TR/WebIDL/">WebIDL (work in progress)</a></cite>,
+ C. McCormack.
</dd>
<dt id="X9.62">X9.62</dt>
<dd>
@@ -3702,50 +3746,45 @@
<cite>ANS X9.63–2001: Public Key Cryptography for the Financial Services Industry,
Key Agreement and Key Transport Using Elliptic Curve Cryptography</cite>, ANSI.
</dd>
- <dt id="ECMA-262">ECMAScript</dt>
- <dd>
- <cite><a href="http://www.ecma-international.org/publications/standards/Ecma-262.htm">
- ECMAScript 5th Edition</a></cite>, A. Wirfs-Brock, P. Lakshman et al.
- </dd>
- <dt id="FIPS180-4">FIPS 180-4</dt>
- <dd>
- <cite><a href="http://csrc.nist.gov/publications/fips/fips180-4/fips-180-4.pdf">
- FIPS PUB 180-4: Secure Hash Standard</a></cite>, NIST.
- </dd>
</dl>
</div>
<div id="informative-references" class="section">
<h3>23.2. Informative References</h3>
<dl>
- <dt id="draft-TLS-OBC">draft-balfanz-tls-obc-01</dt>
+ <dt id="CDSA">CDSA</dt>
+ <dd>
+ <cite><a href="http://www.opengroup.org/security/cdsa.htm">Common Security: CDSA and
+ CSSM, Version 2 (with corrigenda)</a></cite>, the Open Group.
+ </dd>
+ <dt id="CNG">CNG</dt>
+ <dd>
+ <cite><a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx">
+ Cryptography API: Next Generation</a></cite>, Microsoft Corporation.
+ </dd>
+ <dt id="CryptoAPI">CryptoAPI</dt>
+ <dd>
+ <cite><a href="http://msdn.microsoft.com/en-us/library/aa380256.aspx">Cryptography
+ Reference</a></cite>, Microsoft Corporation.
+ </dd>
+ <dt id="draft-TLS-OBC">DRAFT-TLS-OBC</dt>
<dd>
<cite><a href="http://tools.ietf.org/html/draft-balfanz-tls-obc-01">TLS Origin-Bound
Certificates</a></cite>, D. Balfanz, D. Smetters, M. Upadhyay, A. Barth. IETF.
</dd>
- <dt id="RFC5705">RFC 5705</dt>
+ <dt id="FileAPI">FileAPI</dt>
<dd>
- <cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
- Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
+ <cite><a href="http://www.w3.org/TR/FileAPI/">File API</a></cite>,
+ A. Ranganathan, J. Sicking. W3C.
</dd>
<dt id="PKCS11">PKCS11</dt>
<dd>
<cite><a href="http://www.rsa.com/rsalabs/node.asp?id=2133">PKCS #11: Cryptographic
Token Interface Standard</a></cite>, RSA Laboratories.
</dd>
- <dt id="CryptoAPI">CryptoAPI</dt>
- <dd>
- <cite><a href="http://msdn.microsoft.com/en-us/library/aa380256.aspx">Cryptography
- Reference</a></cite>, Microsoft Corporation.
- </dd>
- <dt id="CNG">CNG</dt>
+ <dt id="RFC5705">RFC 5705</dt>
<dd>
- <cite><a href="http://msdn.microsoft.com/en-us/library/windows/desktop/aa376210(v=vs.85).aspx">
- Cryptography API: Next Generation</a></cite>, Microsoft Corporation.
- </dd>
- <dt id="CDSA">CDSA</dt>
- <dd>
- <cite><a href="http://www.opengroup.org/security/cdsa.htm">Common Security: CDSA and
- CSSM, Version 2 (with corrigenda)</a></cite>, the Open Group.
+ <cite><a href="http://tools.ietf.org/html/rfc5705">Keying Material Exporters for
+ Transport Layer Security (TLS)</a></cite>, E. Rescorla. IETF.
</dd>
<dt id="SP800-56A">NIST SP 800-56A</dt>
<dd>
@@ -3753,6 +3792,11 @@
NIST SP 800-56A: Recommendation for Pair-Wise Key Establishment Schemes Using Discrete
Logarithm Cryptography (Revised)</a></cite>, March 2007, NIST.
</dd>
+ <dt id="StreamsAPI">StreamsAPI</dt>
+ <dd>
+ <cite><a href="http://dvcs.w3.org/hg/streams-api/raw-file/tip/Overview.htm">Streams API</a>
+ </cite>, F. Moussa. W3C.
+ </dd>
</dl>
</div>
</div>