W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25820] Should empty key usages be allowed when creating keys?

From: <bugzilla@jessica.w3.org>
Date: Tue, 20 May 2014 01:11:56 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25820-7213-eiJb414eb6@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25820

--- Comment #3 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Mark Watson from comment #2)
> I think this should succeed. What you describe is a completely valid
> use-case.

Agreed, but I guess it wasn't clear that I was arguing it's the *only* valid
use case, and that other examples are intrinsically bad/wrong

generateKey({name: "RSA-OAEP", hash: { name: "SHA-1" } }, true, ["wrap"]);

Creates a wrapping key that *nothing* can unwrap with (short of exporting the
key)

My view: This should be a FAILURE

generateKey({name: "AES-CBC"}, true, []);

Creates an unusable key.

My view: This should be a FAILURE.

> 
> Constraining usages for extractable keys only makes sense as a 'defensive'
> strategy to catch programming defects: if the key can be extracted it can be
> re-imported with different usages. But if a key is not extractable and has
> no usages then there really is nothing which can be done with it.
> 
> Should all extractable keys be allowed to have no usages ? I guess you could
> just about apply the same defensive argument to a private key that was going
> to be used with some experimental algorithm provided in JS and explicitly
> isn't supposed to be used with WebCrypto methods. But this feels like a
> stretch.

Let me try to restate my view:

If an operation results in the production of a Key object whose type is either
"secret" or "private", and which has no "usages" (after intersecting with the
usages valid for the algorithm and those supplied by the caller and JWK) should
be a FAILURE.

Regardless of the 'extractable' flag.

This is almost certainly going to occur not due to programmer error, but due to
"feature detection", and that should fail as quickly as possible; that is,
prior to generating any key material.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 20 May 2014 01:11:57 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC