Re: Dealing with pre-provisioned keys from Mark Watson on 2012-09-24 (public-webcrypto-comments@w3.org from September 2012)

From: Mark Watson <watsonm@netflix.com>
Date: Mon, 24 Sep 2012 18:35:06 +0000
To: "Da Cruz Pinto, Juan M" <juan.m.da.cruz.pinto@intel.com>
CC: Anders Rundgren <anders.rundgren@telia.com>, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
Message-ID: <B405C772-40C8-4A18-9B36-F266D242A802@netflix.com>

I can give a specific example of how we would use the API as currently specified. Suppose the API is to be implemented on a TV:

We would need to work with the TV manufacturer to agree that either the Key object exposed by WebCrypto would have a specific id value (say "netflix-key"), or that it would have a specific property that we could look for in the "extra" map.

Additionally, we would agree a property name (again in the extra field) for the unique id associated with the key. Actually one property could do both jobs, say "netflix-id". We would need the TV manufacturer to inform us of the ids and the keys that they place into the devices.

I think anyone else using pre-provisioned symmetric keys would need to do the same.

This arrangement becomes unscalable as the number of applications (n) and TV models (m) increases, because there is an O(nm) in there right from the beginning.

…Mark

On Sep 24, 2012, at 11:11 AM, Da Cruz Pinto, Juan M wrote:

> This is interesting (somewhat covered in section 2.8). Note that discovery of the underlying cryptographic modules is currently out of scope (section 4.4).
> 
> The way I see this happening is:
> 
> 1) The underlying crypto service provider (e.g. smart card, OS key store, using PKCS#11 or similar) provides an enumeration of existing (pre-provisioned) keys
> 2) The WebCrypto API implementation enumerates the underlying crypto providers and individual keys, extracting key attributes, etc. How *this* happens is implementation-dependent
> 3) The WebCrypto API exposes these keys as part of the Crypto.keys attribute (KeyStorage interface), so that developers can perform lookups (see ISSUE-31 on looking up keys) and finally use the keys
> 
> 
> Marcelo.
> 
> 
> -----Original Message-----
> From: Anders Rundgren [mailto:anders.rundgren@telia.com] 
> Sent: Saturday, September 22, 2012 08:54
> To: public-webcrypto-comments@w3.org
> Subject: Dealing with pre-provisioned keys
> 
> Is there anybody out there interested in this topic?
> In particular, how do *you* envision that pre-provisioned keys are discovered by the WebCrypto API?
> 
> The W3C Working Draft dated 13 September 2012 doesn't provide such information.
> 
> Anders
> 
> 
> 
> 
>

Received on Monday, 24 September 2012 18:35:35 UTC