crypto-ISSUE-31: Problems with keys attribute of the Crypto interface [Web Cryptography API] from Web Cryptography Working Group Issue Tracker on 2012-08-27 (public-webcrypto@w3.org from August 2012)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 27 Aug 2012 23:34:34 +0000
To: public-webcrypto@w3.org
Message-Id: <E1T68pG-0007wV-CK@tibor.w3.org>

crypto-ISSUE-31: Problems with keys attribute of the Crypto interface [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/31

Raised by: Wan-Teh Chang
On product: Web Cryptography API

The keys attribute of the Crypto interface is specified as follows:

interface KeyStorage {
  readonly attribute unsigned long length;

  getter Key getKey(unsigned long index);
  deleter void removeKey(unsigned long index);
  void clear();
};

interface Crypto {
  ...
  readonly attribute KeyStorage keys;

  ...
};

This is the only key discovery method provided in the current API.
The keys attribute has three problems.

1. All operations that may potentially block should use an async API.
Getting the keys attribute of the Crypto interface is synchronous.
However, the underlying operation may potentially block because disk
or secure element access may be required to get the number of
persistent keys, which is needed to compute KeyStorage.length.

Similarly, the getKey method of the KeyStorage interface is
synchronous, but the underlying operation could require disk or secure
element access.

2. The keys attribute returns all the keys even though the application
may only want to look up a particular key. If the user agent has a large
number of keys for the origin, it may be forced to do a lot of unnecessary
work.

3. The KeyStorage interface forces the application to do a linear search
for a key in the KeyStorage, even though the underlying key storage may
be a hash table or structured database that supports more efficient lookups.

Proposed solution:

I propose we replace the keys attribute with a findKey method.

interface Crypto {
  ...

  KeyFinder findKey(Dictionary criteria);
  ...
};

The 'criteria' dictionary may have the following members, intended
to match common Key attributes:
  DOMString id;
  AlgorithmIdentifier algorithm;
  bool temporary;
  bool extractable;
  KeyUsage[] keyUsages;

  // Other dictionary members will match user attributes inside
  // Key.userAttributes
  DOMString foo;
  DOMString bar;
  ...

The members in the 'criteria' dictionary have the AND semantics: the
KeyFinder finds the keys that match all the members of the 'criteria'
dictionary.

interface KeyFinder : KeyOperation {
  void find();
};

KeyFinder.result is a Key[] array.

Received on Monday, 27 August 2012 23:34:35 UTC