Skip to content

Allow web applications to select SFrame cipher suite as a parameter provided to SFrameTransform constructor. #257

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Allow web applications to select SFrame cipher suite as a parameter provided to SFrameTransform constructor. #257

wants to merge 1 commit into from

Conversation

youennf
Copy link
Collaborator

@youennf youennf commented May 27, 2025
edited by pr-preview bot
Loading

Fixes #256.
Also updates the link to the SFrame specification now that it is a RFC.

Preview | Diff

@youennf youennf requested review from alvestrand, jan-ivar and guidou May 27, 2025 11:17
@youennf
Allow web applications to select SFrame cipher suite as a parameter p…
71acd32 
…rovided to SFrameTransform constructor.

Also updates the link to the SFrame specification now that it is a RFC.
@youennf youennf force-pushed the introducesframetransform-ciphersuite branch from 0a6d9c2 to 71acd32 Compare May 27, 2025 11:20
@jan-ivar jan-ivar marked this pull request as draft June 5, 2025 14:14
alvestrand
alvestrand reviewed Jun 5, 2025
View reviewed changes
index.bs
"AES_128_CTR_HMAC_SHA256_64",
"AES_128_CTR_HMAC_SHA256_32",
"AES_128_GCM_SHA256_128",
"AES_256_GCM_SHA512_128"
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why these particular ciphersuites? If they're defined by 9605 section 4.5 and no others can be used, we should be sure to say so.

Should there be an MTI ciphersuite?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

These cipher suites are indeed the ones defined by RFC 9605.
No other can be used given we use an enumeration here.

I would think that all cipher suites are MTI if a UA implements SFrameTransform.

@youennf youennf marked this pull request as ready for review June 6, 2025 07:23
@youennf
Copy link
Collaborator Author

youennf commented Jun 6, 2025

I wonder whether we want a specific error type for setEncryptionKey if it does not match the selected cipher suite. Or if InvalidModificationError is good enough.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alvestrand alvestrand alvestrand left review comments

@jan-ivar jan-ivar Awaiting requested review from jan-ivar

@guidou guidou Awaiting requested review from guidou

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Web application should be able to set SFrameTransform cipher suite
2 participants
@youennf @alvestrand