W3C home > Mailing lists > Public > public-webcrypto@w3.org > June 2012

Re: I want to have unsafe key exchange.

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 14 Jun 2012 11:26:34 -0700
Message-ID: <CACvaWvam9EHGE5A5z8GnDQesF=fTbiE-2iFYi1tg=6ECs_2GYw@mail.gmail.com>
To: David Dahl <ddahl@mozilla.com>
Cc: public-webcrypto@w3.org, Zooko Wilcox-OHearn <zooko@leastauthority.com>
On Thu, Jun 14, 2012 at 11:21 AM, David Dahl <ddahl@mozilla.com> wrote:

> ----- Original Message -----
> > From: "Ryan Sleevi" <sleevi@google.com>
> > To: "David Dahl" <ddahl@mozilla.com>
> > Cc: "Zooko Wilcox-OHearn" <zooko@leastauthority.com>,
> public-webcrypto@w3.org
> > Sent: Thursday, June 14, 2012 1:06:29 PM
> > Subject: Re: I want to have unsafe key exchange.
> >
> > On Thu, Jun 14, 2012 at 10:07 AM, David Dahl <ddahl@mozilla.com>
> > wrote:
> >
> > > No, I do not think I have ever advocated for the private keying
> > > material
> > > to ever be available in raw form. Please refresh my memory where I
> > > was
> > > advocating for private keys to be exposed to content.
> > >
> > > David
> > >
> >
> > During our June 4 teleconference, there was the discussion during the
> > Draft
> > API technical discussion about whether keys should be referred to "by
> > data"
> > or "by ID". My understanding of your proposal was that all keys be
> > referenced by raw bytes,
>
> I was advocating that keys generated with "this in mind" would be able to
> have raw bytes extractable. So, your application or secure element would
> need to have some kind of internal property that allows raw byte
> extraction. Most use of the key generation API would be without this in
> mind.
>
> To allow this, you would have an API like: void generateKeys(in DOMString
> aAlgorithm, in bool aExtractableRawBytes);
>
> The KeyObject that is generated would then have a method like:
>
> var privateKeyBytes = keyObject.extractRawPrivateKey();
>
> or:
>
> var symmetricKey = keyObject.extractRawBytes();
>
> If the key was not created this way - or the secureElement does not allow
> it, these methods return null.
>
> Does that clarify what I was thinking? Sorry for the confusion.
>
> Cheers,
>
> David
>

Thanks.

Yes, naming aside, that's exactly the set of operations/transformations
being imagined. We'd discussed this earlier as the concept of 'extractable'
bytes, which is a common concept within crypto APIs.

Note that the extractability of a key is orthogonal to its storage - for
example, for OSes that provide OS APIs, many of them offer 'secure' OS
storage that allows applications to specify keys are not extractable. Even
though this is entirely in software, applications can still indicate their
interest or apathy in the keys extractability.
Received on Thursday, 14 June 2012 18:27:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 14 June 2012 18:27:03 GMT