W3C home > Mailing lists > Public > public-webcrypto@w3.org > August 2012

RE: crypto-ISSUE-22: Should CryptoOperations be clonable [Web Cryptography API]

From: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Date: Mon, 27 Aug 2012 09:59:02 +0000
To: Wan-Teh Chang <wtc@google.com>, David Dahl <ddahl@mozilla.com>
CC: Ryan Sleevi <sleevi@google.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <382AD43736BB12439240773F68E90773A82E37@DF-M14-21.exchange.corp.microsoft.com>
BCryptDuplicateHash supports SSL/TLS. It also supports other protocols which produce signatures over packets, with many packets (e.g. all packets in a specific session) sharing a common header.

CNG also has BCryptDuplicateKey. When called on a symmetric key object, this duplicates key expansion and chaining state.

All that said, I am not sure if this facility is truly required in a v1 WebCrypto API.

-----Original Message-----
From: Wan-Teh Chang [mailto:wtc@google.com] 
Sent: Thursday, August 23, 2012 5:09 PM
To: David Dahl
Cc: Ryan Sleevi; Web Cryptography Working Group
Subject: Re: crypto-ISSUE-22: Should CryptoOperations be clonable [Web Cryptography API]

In NSS, cloning of a crypto operation is only used in the SSL/TLS protocol and only used for the handshake hashes:


In SSL/TLS, the handshake hashes are used in the Finished message, but if client authentication is used, the handshake hashes are also used in the CertificateVerify message.

A function for cloning a hash operation is also present in Windows
CNG: BCryptDuplicateHash

I suspect BCryptDuplicateHash (and its predecessor CryptDuplicateHash) was also added to support SSL/TLS.

This is the only use of cloning I know of.

If no one else comes forward with a use case or a use of cloning in some other protocol, then it doesn't seem necessary to support cloning CryptoOperations.

Received on Monday, 27 August 2012 10:00:58 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:26 UTC