- From: Richard Barnes <rbarnes@bbn.com>
- Date: Wed, 3 Jul 2013 18:25:02 -0400
- To: Ryan Sleevi <sleevi@google.com>
- Cc: Yoshi Huang <allstars.chh@mozilla.com>, public-webcrypto-comments@w3.org
Ryan, I'm not sure I disagree with you, but I have to call you out for trying to inflict PKCS#12-in-JS on poor web developers when it's already in the browser :) Trying to avoid having the browser support PKCS#12 seems like a funny thing to do, since the major browsers already have PKCS#12 libraries. And I can say from experience that PKCS#12 is really horrendous to do in JS, much less in an interoperable way. I've been unable so far to get the Forge P12 library to work with anything by IE [1]. Not to mention that the library is >1000 lines of JS, not including the DER parser [2]. I'm a little split on this issue. It seems like good security practice in general not to have private keys exposed outside the browser envelope, and having the browser do PKCS#12 / EncryptedPrivateKeyInfo seems consistent with current practice w.r.t. client certificates. But it also seems like it would be difficult to specify an interoperable function based on those containers, without specifying a profile to constrain down some of the options. --Richard [1] <http://demo.polycrypt.net/x509/> [2] <https://github.com/digitalbazaar/forge/blob/master/js/pkcs12.js> On Jul 3, 2013, at 12:41 AM, Ryan Sleevi <sleevi@google.com> wrote: > SPKI is Subject*Public*KeyInfo, so no. > > PKCS#12 just holds PKCS#8 key blobs. So you would write your own PKCS#12 parser to read the different bags, then import the decrypted PKCS#8 key. > > The goal is to avoid requiring the UA to support PKCS#12 natively, much in the same way it tries to avoid requiring JWE support or any other key transport specific protocols. Do that in content, not the UA, same as you do today with existing APIs. > > On Jul 2, 2013 9:30 PM, "Yoshi Huang" <allstars.chh@mozilla.com> wrote: > Hi Ryan, > > Sorry for not asking question clearly. > > The keys could be encrypted pkcs8 or pkcs12 > Also does the 'spki' in KeyFormat includes pkcs12 ? > > And thanks for your detail explanation. > > > On 07/03/2013 01:55 AM, Ryan Sleevi wrote: > Could you explain which keys you're thinking of? > > The spec indicates that "pkcs8" is a PrivateKeyInfo, not an > EncryptedPrivateKeyInfo, from RFC 5208. > > If you had a passphrase protected EncryptedPrivateKeyInfo, you would > do the same thing you do in other APIs - you would prompt the user for > the passphrase, apply it through PBKDF to derive the key, then decrypt > the PrivateKeyInfo to be able to import it. > > This is the same workflow for the JWE-protected JWK, which is that the > API tries to avoid baking in knowledge of specific protocols or > higher-level key formats (whether CMS or JOSE), and instead focus on > primitives and the security boundary therein. This has been quite > suitable for a variety of well-used, long successful APIs. > > > -- > Yoshi Huang, Mozilla Taiwan > allstars.chh@mozilla.com >
Received on Wednesday, 3 July 2013 22:25:31 UTC