[Bug 27814] Section A.2 - the usage mapping of "enc" is incorrect from bugzilla@jessica.w3.org on 2015-01-13 (public-webcrypto@w3.org from January 2015)

From: <bugzilla@jessica.w3.org>
Date: Tue, 13 Jan 2015 00:11:47 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-27814-7213-ZcV3kDs1AV@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27814

--- Comment #7 from Ryan Sleevi <sleevi@google.com> ---
(In reply to jimsch from comment #6)
> A JOSE application retrieves a key set from a url.  The key set looks like:
> 
> {"keys":[ {"kty":"EC", "use":"enc", ... },
>           {"kty":"EC", "use":"sig", ... }]}
> 
> In this case the use parameter is used to distinguish between which keys are
> to be used to verify signatures and which are to be used for encrypting
> messages.
> If there is an attempt by the JOSE application to import the first key, it
> will fail because of the use field.  The second will work just fine.  

Of course, in order to use the "enc" key, the JOSE application *MUST* perform
transliteration of ECDH-ES(+A128KW/+A256KW) into a composite set of steps, so
the 'theory' goes that they could just as well remove the 'use' field, since
'use' fields aren't supported by EC.

> 
> Support of JOSE is one of the documented use cases.

This is probably the weakest argument you could make. I'm trying to help you
out though =)

To spell explicitly where I was trying to lead you: An application author can
fully control this behaviour. As far as I can tell, nothing in the JOSE specs
would have a wrapped JWK as the CMK with a kty of EC and a "use" of "enc",
which would be the one place that an application author can't take action.

That is, the complexity regarding JWK is *solely* due to key wrap/unwrap
existing in the spec - any other formatting changes can be made at the
application level, and any support in the spec would just be sugar to not annoy
devs. Because wrap/unwrap do exist, the argument for supporting "use": "enc" is
that we should support wrapped EC keys to be used with those JOSE algorithms.

It's still a fairly weak argument - Web Crypto will never produce such keys, so
it's up to the wrapper to "do the right thing", and we already have precedent
elsewhere in the spec for requiring that the wrapper "do the right thing" (e.g.
whitespace padding of JWK for AES-KW)

So that's an argument that I think you should be making, rather than "JOSE said
so"

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 13 January 2015 00:11:48 UTC