W3C home > Mailing lists > Public > public-webcrypto@w3.org > August 2012

Re: crypto-ISSUE-29 (block modes): Handling of block encryption modes and padding [Web Cryptography API]

From: Wan-Teh Chang <wtc@google.com>
Date: Tue, 28 Aug 2012 12:10:28 -0700
Message-ID: <CALTJjxG4OJk7kzCC_-Y4+aaGgNKEqGDRYpKBg8Bjwk=T5ULxgw@mail.gmail.com>
To: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Cc: Ryan Sleevi <sleevi@google.com>, "David McGrew (mcgrew)" <mcgrew@cisco.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
On Tue, Aug 28, 2012 at 8:10 AM, Vijay Bharadwaj
<Vijay.Bharadwaj@microsoft.com> wrote:
> I see the appeal of the idea, I'm just uncomfortable with it given that experience has
> shown various corner cases in which it breaks scenarios. One such corner case is
> enrolling for a certificate for an RSA encryption key. You have to sign the Proof of
> Possession in the certificate request with the key, and this is standard practice.
> But tainting may break the scenario since either the signing or subsequent encryptions
> would fail.

Hmm... this corner case is thought provoking. The keyUsage attribute
of the Key object alone would break this scenario.

> So I guess my feeling is that tainting may be better left to the underlying platform,
> and while WebCrypto can benefit from any platform capabilities in this area it
> doesn't have to mandate them.

Key tainting solves a security problem that's not unique to the Web
Crypto API, so the Web Crypto API doesn't need to be where key
tainting is implemented. If it can be done easily, I certainly support
it. But the keys on removable devices such as smart cards make it hard
to track the tainted state of those keys across computers.

Wan-Teh
Received on Tuesday, 28 August 2012 19:10:55 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:01:26 UTC