RE: Public keys and key usage from Jim Schaad on 2015-11-17 (public-webcrypto@w3.org from November 2015)

From: Jim Schaad <ietf@augustcellars.com>
Date: Mon, 16 Nov 2015 21:00:05 -0800
To: "'Eric Roman'" <ericroman@google.com>
Cc: "'Ryan Sleevi'" <sleevi@google.com>, <public-webcrypto@w3.org>
Message-ID: <013901d120f4$d384a650$7a8df2f0$@augustcellars.com>

I totally understand that, however my question would be why cannot not use the deriveKey and deriveBits on the public key in order to restrict their usage as well.  If I send you a public key and you use it to do deriveBits and I don’t support that usage there is no enforcement of that at the present time.

 

I do not object to the fact that a public key can have no usages, just wondering if it really makes sense to say that is the only  valid option.  There would need to be some potential questions dealing with generation of public keys.  

 

I note that there are different usages set for the RSA keys, just not for the key agreement algorithms.

 

Jim

 

 

From: Eric Roman [mailto:ericroman@google.com] 
Sent: Monday, November 16, 2015 1:57 PM
To: Jim Schaad <ietf@augustcellars.com>
Cc: Ryan Sleevi <sleevi@google.com>; public-webcrypto@w3.org
Subject: Re: Public keys and key usage

 

I didn't search the mailinglist archives, but here are some relevant discussions on bug threads:

 

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26413 says that keys should only be allowed to be created with usages that are applicable to the particular algorithm and key type.

 

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25820: says that empty usages should not be allowed for private/secret keys, but makes an allowance for public keys.

 

>From the way ECDH defines the deriveKey and deriveBits in terms of the private key (with public key just another parameter of the algorithm) it follows that the private key can have deriveBits/deriveKey usage. But there is no corresponding usage enforced for public keys. The only option then is for their usages to be empty, since invalid usages for keys are not allowed per that first bug.

 

On Mon, Nov 16, 2015 at 1:18 PM, Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > wrote:

Ryan,

I did a quick search of my mail box and could not find the reasoning for forcing public ECDH keys to have an empty usage field.  Was there one or was it never discussed?

Jim

Received on Tuesday, 17 November 2015 05:03:29 UTC