W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25820] Should empty key usages be allowed when creating keys?

From: <bugzilla@jessica.w3.org>
Date: Tue, 20 May 2014 00:32:49 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25820-7213-mQ39ztmTpf@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25820

--- Comment #1 from Ryan Sleevi <sleevi@google.com> ---
I think the spec needs to be updated with how to handle this. This is also
needed as part of the general effort of ensuring extensibility of the spec
without monkey patching.

Proposal: Any key whose type is "private" or "secret", with no usages, results
in a failure.

Examples:
unwrapKey() is called with a "foo" usage. The implementation does not support
"foo" -> rejection
generateKey() is called with the "foo" usage for a public/private key pair. The
"foo" usage is only valid for public keys (implying the private key has no
valid usage) -> rejection
generateKey() is called with the "foo" usage for a symmetric key. The
implementation does not support "foo" -> rejection


The only interesting point is whether or not it should be valid to have a
public key of an asymmetric key pair that has no usages.

For example, what is expected of
generateKey({name: "RSA-OAEP", hash: { name: "SHA-1" } }, true, ["unwrap"]);

Success: - The private key can be used for unwrapping. You can export the
public key to the peers that will perform wrapping (perhaps as a SPKI, which
doesn't have any usages assigned)
Failure: - The public key has no usages.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 20 May 2014 00:32:50 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC