W3C home > Mailing lists > Public > public-webcrypto@w3.org > January 2015

[Bug 27814] Section A.2 - the usage mapping of "enc" is incorrect

From: <bugzilla@jessica.w3.org>
Date: Mon, 12 Jan 2015 21:46:09 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-27814-7213-oUeCX1TLfz@http.www.w3.org/Bugs/Public/>

--- Comment #3 from Ryan Sleevi <sleevi@google.com> ---
(In reply to jimsch from comment #2)
> That sentence would be one strong argument, I am not sure why you are saying
> that it is grammatically incorrect however. 

"is also be"

Is this
"is also to be" (e.g. a SHOULD-type requirement)

Was it a typo for
"may also be" (e.g. a MAY-type requirement)

Or something else. Either way, it's a wrong agreement.

> Remember that for the JOSE
> working group the following is a key agreement algorithm - ECDH-ES+A128KW. 
> This composite algorithm does do an encryption operation and not just a key
> wrap algorithm.

I'm not sure if you meant to write something else, because I don't think the
argument made supports your point, even though there is one to be made.

That is, for using ECDH-ES+A128KW in an "alg" parameter of some JWE, which has
an associated JWK public key, the operations performed are:
- Key agreement with ECDH (yielding a secret Z)
- Key derivation (by feeding that Z into Concat, per
- Encryption-via-key-wrap (with AES Key Wrap)

> This difference of opinions is one of the reasons why key_ops needed to be
> defined, to get a much finer view of what the operations were that were
> associated with a key.  You are thinking in terms what what it means for the
> algorithm "ECDH" and there is no such algorithm in the JOSE world.

I'm thinking in terms of ECDH because there is no such AEDH-ES+A128KW in the
Web Crypto world. The fact that it's composed of three operations is somewhat
irrelevant for Web Crypto, because there is (intentionally) no way to represent

> This we have the sentence that explicitly states it to be true and we have
> an explicit example of the usage in the document.  I think that is good
> support for the thinking of the JOSE document editors and working group.

1) That sentence talks about public keys (so should we assume the omission of
private keys was intentional or accidental)
2) That sentence is, as you note, in the context of composite algorithms.
  - In the case of ECDH-ES+A128KW, the composition is (Agreement, Derivation,
  - In the case of ECDH-ES, the composition is (Agreement, Derivation, Encrypt)

Please note that Appendix A.2 is *non-normative*. It is merely *informative*.
You can see the actual requirement for ECDH keys in 


In particular, importKey dictates that if "use" is present in a JWK, then throw
a DataError.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Monday, 12 January 2015 21:46:10 UTC

This archive was generated by hypermail 2.3.1 : Monday, 12 January 2015 21:46:11 UTC