RE: crypto-ISSUE-30 (where is the key ?): How does the application know where the key is stored ? [Web Cryptography API]

To the Editors,

I suggest that we introduce a new section in Draft API document to indicate future planned work for key query/discovery and how it will handle pre-provisioned keys stored in secure elements. Here is the suggested text for this new section.

>>>>
18. KeyDiscoverer Interface

IDL:
interface KeyDiscoverer : KeyOperation {
      void discover();
      KeyLocation location;
};

enum KeyLocation {
     // TBD
};

Editorial note:

The API for discovery and selection of pre-provisioned keys, for example those residing on secure elements such as smart cards, is not fully specified yet. However, once a key is selected from secure element, the implementing agent will ensure that all subsequent crypto operations are delegated to the secure element that contains this key. Additionally, the application will be informed that the user had selected a key from a secure element.

ISSUE-30<http://www.w3.org/2012/webcrypto/track/issues/30>: How does the application know where the key is stored ?
>>>>

Regards,
--- Asad



From: Ali Asad [mailto:Asad.Ali@gemalto.com]
Sent: Tuesday, August 28, 2012 10:26 AM
To: Seetharama Rao Durbha; GALINDO Virginie; Lu HongQian Karen
Cc: public-webcrypto@w3.org
Subject: RE: crypto-ISSUE-30 (where is the key ?): How does the application know where the key is stored ? [Web Cryptography API]

I agree with Seetharama that once we start looking into key query API we can decide how best to incorporate the source information - ether in the query itself, or after the fact, based on user selection. But it is good to keep this issue 30 as a reminder that we have to do this.

Since there is little time before going to first public draft, we should at least add some text in the draft to indicate that this will be done later. I will write up a description around this today and send to the group.

Regards,
--- asad

From: Seetharama Rao Durbha [mailto:S.Durbha@cablelabs.com]
Sent: Monday, August 27, 2012 5:57 PM
To: GALINDO Virginie; Lu HongQian Karen; Ali Asad
Cc: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Subject: Re: crypto-ISSUE-30 (where is the key ?): How does the application know where the key is stored ? [Web Cryptography API]

I am not raising another issue for 'query keys belonging to a type of storage' at this point - as there is no key query mechanism at this point. I think I heard Ryan saying that at some point in future we will have to get key query supported in the spec. At that point, we can add type of storage as another query parameter.
Please let me know if my understanding is not correct.

Thanks,
Seetharama

On 8/27/12 2:49 PM, "GALINDO Virginie" <Virginie.GALINDO@gemalto.com<mailto:Virginie.GALINDO@gemalto.com>> wrote:

Karen, Asad, and all,
As per your request of todays call, I have created an issue about the location of the key. Feel free to amend/comment its description and agree with the editors to make sure it is correctly expressed in the version of our draft API going to the FPWD.
Regards,
Virginie
Gemalto
Chair of the Web Crypto WG

-----Original Message-----
From: Web Cryptography Working Group Issue Tracker [mailto:sysbot+tracker@w3.org]
Sent: lundi 27 août 2012 22:46
To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Subject: crypto-ISSUE-30 (where is the key ?): How does the application know where the key is stored ? [Web Cryptography API]

crypto-ISSUE-30 (where is the key ?): How does the application know where the key is stored ? [Web Cryptography API]

http://www.w3.org/2012/webcrypto/track/issues/30

Raised by: Karen Lu
On product: Web Cryptography API

During our discussion on the 27th of august, the problem related to usage of keys stored in secure element has been discussed. While a previous issue (#11] has been already closed about the definition of a specific attribute for indicating if the key was stored in a specific secure element (or crypto providers), the problem about making sure the application is aware of the key location is still pending. The means for solving this specific problem do not need to rely on a specific attribute.

Received on Tuesday, 28 August 2012 23:29:20 UTC