W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: crypto-ISSUE-38: Key initialization and "finalization" [Web Cryptography API]

From: Ryan Sleevi <sleevi@google.com>
Date: Fri, 7 Sep 2012 11:51:27 -0700
Message-ID: <CACvaWvaGGahyh6910LasTR2G1y3G=AuTxV4PNf_YbGPBzDYU_w@mail.gmail.com>
To: Wan-Teh Chang <wtc@google.com>
Cc: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
On Fri, Sep 7, 2012 at 11:47 AM, Wan-Teh Chang <wtc@google.com> wrote:
> On Thu, Sep 6, 2012 at 10:54 PM, Vijay Bharadwaj
> <Vijay.Bharadwaj@microsoft.com> wrote:
>>
>> One thing we might want to think about - what should happen
>> if a user who has thus finalized his RSA encryption key wants
>> to get a new certificate with the same key?
>
> Another idea would be to add a method that generates a
> proof-of-possession for a certificate request. For RSA keys, this
> would be a specialized sign operation that only signs specific kinds
> of input.
>
> Wan-Teh

I'm slightly nervous about this because the variety of
Proof-of-Possession protocols that exist. Whether <keygen>'s use of
SPKAC, Mozilla's use of CRMF, or the various GlobalPlatform proofs, it
seems like there's quite a bit of divergence there.

But yes, it's certainly a possibility.
Received on Friday, 7 September 2012 18:51:55 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Friday, 7 September 2012 18:51:56 GMT