- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 11 Nov 2013 18:07:18 -0800
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Cc: Michael Jones <Michael.Jones@microsoft.com>
I just wanted to make sure the group was aware of this bug, since it
overlaps with the JOSE work, and because the proposed algorithms added
to the registry have the possibility of significantly weakening or
undermining the JOSE algorithm selections.
Mike, as JOSE liason, could you comment here on the proposal?
---------- Forwarded message ----------
From: <bugzilla@jessica.w3.org>
Date: Mon, Nov 11, 2013 at 5:44 PM
Subject: [Bug 23796] New: Define JWK attributes needed to represent a
WebCrypto Key
To: sleevi@google.com
https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796
Bug ID: 23796
Summary: Define JWK attributes needed to represent a WebCrypto
Key
Product: Web Cryptography
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Web Cryptography API Document
Assignee: sleevi@google.com
Reporter: watsonm@netflix.com
The JOSE working group has decided that it will not specify attributes /
algorithms that are not needed for the JOSE Encryption and Signature standards
(JWE and JWS). However, they do intend that JOSE structure may have other
applications and are thus establishing IANA registries to allow others to
extend JWK, JWE and JWS.
So, responsibility for defining the JWK attributes needed to represent a
WebCrypto Key object falls to the WebCrypto group, not JOSE.
Here is a proposal for additional WebCrypto sections to this end:
y. Representation of WebCrypto Key objects using JSON Web Key
The KeyFormat value "jwk" enables Key objects to be imported or exported in
JSON Web Key [reference].
This specification defines additional JWK attributes and attribute values that
may be used for this purpose as follows:
o Additional "alg" names for algorithms supported by WebCrypto by not used
by JSON Web Encryption or JSON Web Algorithms
o A new "uses" attribute enabling multiple specific useages to be
associated with a key
o A new "ext" attribute providing the value of the WebCrypto Key's
extractable attribute.
y.1 JWK algorithm names for WebCrypto algorithms
This specification defines additional JWK algorithm names associated with
WebCrypto algorithms as listed in the following table:
WebCrypto Algorithm | Key Size | JWK "alg" value
AES-CTR | 128 | A128CTR
AES-CTR | 192 | A192CTR
AES-CTR | 256 | A256CTR
AES-CBC | 128 | A128CBC
AES-CBC | 192 | A192CBC
AES-CBC | 256 | A256CBC
y.2 JWK "uses" attribute
This specification defines a new JWK attribute "uses" that enables multiple key
usages to be included in the JWK. Since WebCrypto usages distinguish encryption
from decryption etc., wheras JOSE "use" values do not, new values are defined
for the individual usages.
The "uses" attribute shall have a value which is an array of strings. Each
entry shall specify a single usage, as follows:
WebCrypto KeyUsage value | Value in JWK uses array
encrypt | enc
decrypt | dec
sign | sig
verify | vfy
deriveKey | derivekey
deriveBits | derivebits
wrapKey | wrap
unwrapKey | unwrap
The JWK "use" value "enc" shall be equivalent to the "uses" value [ "enc",
"dec" ].
The JWK "use" value "sig" shall be equivalent to the "uses" value [ "sig",
"vfy" ].
If both a "use" and "uses" value are specified and are different, then the
"uses" value shall take precedance.
y.3 JWK "ext" attribute
This specification defines a new JWK attribute "ext" that enables the value of
the extractable attribute of a WebCrypto Key to be included in a JWK object.
The "ext" attribute SHALL have a Boolean value.
x. IANA Considerations
x.1 JSON Web Signature and Encryption Algorithms Registration
This section registers the following algorithm identifiers in the IANA JSON Web
Signature and Encryption Algorithms Registry.
o Algorithm Name: "A128CBC"
o Algorithm Description: AES CBC using 128 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
o Algorithm Name: "A192CBC"
o Algorithm Description: AES CBC using 192 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
o Algorithm Name: "A256CBC"
o Algorithm Description: AES CBC using 256 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
o Algorithm Name: "A128CTR"
o Algorithm Description: AES CTR using 128 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
o Algorithm Name: "A192CTR"
o Algorithm Description: AES CTR using 192 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
o Algorithm Name: "A256CTR"
o Algorithm Description: AES CTR using 256 bit key
o Algorithm Usage Location(s): "alg"
o Implementation Requirements: Optional
o Change Controller: W3C WebCrypto working group
o Specification Document(s): [[ this document ]]
x.2 JSON Web Key Parameters Registry
o Parameter Name: "ext"
o Used with "kty" Value(s): *
o Parameter Information Class: Public
o Change Controller: W3C WebCrypto working group
o Specification Document(s): Section y.2 of [[ this document ]]
o Parameter Name: "uses"
o Used with "kty" Value(s): *
o Parameter Information Class: Public
o Change Controller: W3C WebCrypto working group
o Specification Document(s): Section y.1 of [[ this document ]]
--
You are receiving this mail because:
You are the assignee for the bug.
Received on Tuesday, 12 November 2013 02:07:49 UTC