W3C home > Mailing lists > Public > public-webcrypto@w3.org > June 2012

Re: I want to have unsafe key exchange.

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 18 Jun 2012 12:41:28 -0700
Message-ID: <CABcZeBNFbZjTWjnD24Cqpc8222toTfSqJdcP=mTBNbUgegJ5XA@mail.gmail.com>
To: Wan-Teh Chang <wtc@google.com>
Cc: Ryan Sleevi <sleevi@google.com>, David Dahl <ddahl@mozilla.com>, Zooko Wilcox-OHearn <zooko@leastauthority.com>, public-webcrypto@w3.org
On Mon, Jun 18, 2012 at 11:34 AM, Wan-Teh Chang <wtc@google.com> wrote:
> I think we should provide the commonly used key derivation functions
> to reduce application mistakes.  But I find Zooko's challenge of
> implementing ZRTP very thought-provoking.  Since the key derivation
> function of ZRTP doesn't seem to be a common one, I believe that a web
> browser will need to export the raw shared secret either in native
> code or in JavaScript.  (I don't know of a native crypto API that
> allows a caller to provide an arbitrary key derivation function.)

I don't believe that this can be done without effectively allowing the
application to extract the secret input if it chooses to.

I.e., this is a cut point between two models of key isolation:

(1) reduce application screwups by making it hard to access the key
(2) protect against malicious applications accessing the key.


-Ekr
Received on Monday, 18 June 2012 19:42:37 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 18 June 2012 19:42:37 GMT