- From: <bugzilla@jessica.w3.org>
- Date: Tue, 20 May 2014 01:11:56 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25820
--- Comment #3 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Mark Watson from comment #2)
> I think this should succeed. What you describe is a completely valid
> use-case.
Agreed, but I guess it wasn't clear that I was arguing it's the *only* valid
use case, and that other examples are intrinsically bad/wrong
generateKey({name: "RSA-OAEP", hash: { name: "SHA-1" } }, true, ["wrap"]);
Creates a wrapping key that *nothing* can unwrap with (short of exporting the
key)
My view: This should be a FAILURE
generateKey({name: "AES-CBC"}, true, []);
Creates an unusable key.
My view: This should be a FAILURE.
>
> Constraining usages for extractable keys only makes sense as a 'defensive'
> strategy to catch programming defects: if the key can be extracted it can be
> re-imported with different usages. But if a key is not extractable and has
> no usages then there really is nothing which can be done with it.
>
> Should all extractable keys be allowed to have no usages ? I guess you could
> just about apply the same defensive argument to a private key that was going
> to be used with some experimental algorithm provided in JS and explicitly
> isn't supposed to be used with WebCrypto methods. But this feels like a
> stretch.
Let me try to restate my view:
If an operation results in the production of a Key object whose type is either
"secret" or "private", and which has no "usages" (after intersecting with the
usages valid for the algorithm and those supplied by the caller and JWK) should
be a FAILURE.
Regardless of the 'extractable' flag.
This is almost certainly going to occur not due to programmer error, but due to
"feature detection", and that should fail as quickly as possible; that is,
prior to generating any key material.
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 20 May 2014 01:11:57 UTC