- From: <bugzilla@jessica.w3.org>
- Date: Mon, 12 Jan 2015 21:46:09 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27814 --- Comment #3 from Ryan Sleevi <sleevi@google.com> --- (In reply to jimsch from comment #2) > That sentence would be one strong argument, I am not sure why you are saying > that it is grammatically incorrect however. "is also be" Is this "is also to be" (e.g. a SHOULD-type requirement) Was it a typo for "may also be" (e.g. a MAY-type requirement) Or something else. Either way, it's a wrong agreement. > Remember that for the JOSE > working group the following is a key agreement algorithm - ECDH-ES+A128KW. > This composite algorithm does do an encryption operation and not just a key > wrap algorithm. I'm not sure if you meant to write something else, because I don't think the argument made supports your point, even though there is one to be made. That is, for using ECDH-ES+A128KW in an "alg" parameter of some JWE, which has an associated JWK public key, the operations performed are: - Key agreement with ECDH (yielding a secret Z) - Key derivation (by feeding that Z into Concat, per https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-08#section-4.7 ) - Encryption-via-key-wrap (with AES Key Wrap) > > This difference of opinions is one of the reasons why key_ops needed to be > defined, to get a much finer view of what the operations were that were > associated with a key. You are thinking in terms what what it means for the > algorithm "ECDH" and there is no such algorithm in the JOSE world. I'm thinking in terms of ECDH because there is no such AEDH-ES+A128KW in the Web Crypto world. The fact that it's composed of three operations is somewhat irrelevant for Web Crypto, because there is (intentionally) no way to represent this. > > This we have the sentence that explicitly states it to be true and we have > an explicit example of the usage in the document. I think that is good > support for the thinking of the JOSE document editors and working group. 1) That sentence talks about public keys (so should we assume the omission of private keys was intentional or accidental) 2) That sentence is, as you note, in the context of composite algorithms. - In the case of ECDH-ES+A128KW, the composition is (Agreement, Derivation, Wrap) - In the case of ECDH-ES, the composition is (Agreement, Derivation, Encrypt) Please note that Appendix A.2 is *non-normative*. It is merely *informative*. You can see the actual requirement for ECDH keys in https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#ecdh-description In particular, importKey dictates that if "use" is present in a JWK, then throw a DataError. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Monday, 12 January 2015 21:46:10 UTC