Re: crypto-ISSUE-29 (block modes): Handling of block encryption modes and padding [Web Cryptography API]

On Tue, Aug 28, 2012 at 8:10 AM, Vijay Bharadwaj
<> wrote:
> I see the appeal of the idea, I'm just uncomfortable with it given that experience has
> shown various corner cases in which it breaks scenarios. One such corner case is
> enrolling for a certificate for an RSA encryption key. You have to sign the Proof of
> Possession in the certificate request with the key, and this is standard practice.
> But tainting may break the scenario since either the signing or subsequent encryptions
> would fail.

Hmm... this corner case is thought provoking. The keyUsage attribute
of the Key object alone would break this scenario.

> So I guess my feeling is that tainting may be better left to the underlying platform,
> and while WebCrypto can benefit from any platform capabilities in this area it
> doesn't have to mandate them.

Key tainting solves a security problem that's not unique to the Web
Crypto API, so the Web Crypto API doesn't need to be where key
tainting is implemented. If it can be done easily, I certainly support
it. But the keys on removable devices such as smart cards make it hard
to track the tainted state of those keys across computers.


Received on Tuesday, 28 August 2012 19:10:55 UTC