RE: [W3C Web Crypto WG] Deciding if we need a discovery mechanism

+1

To take this further, an RSA key pair can be used for either signing/validation or decryption/encryption but even software stacks might want to limit a particular key pair to one of these uses.

Discovery is a hard problem in its general form. In addition to the mode, padding and algorithm as listed below, you end up with questions like (for GCM) does the implementation support AAD and does it support a specific tag length. One way to constrain the problem is to define minimum requirements on implementations. For instance, JOSE specifies specific IV and tag lengths as well as AAD for AES-GCM.

-----Original Message-----
From: Mitch Zollinger [mailto:mzollinger@netflix.com] 
Sent: Saturday, June 9, 2012 2:06 PM
To: Eric Rescorla
Cc: Wan-Teh Chang; David Dahl; public-webcrypto@w3.org
Subject: Re: [W3C Web Crypto WG] Deciding if we need a discovery mechanism

On 6/8/2012 9:15 PM, Eric Rescorla wrote:
> On Fri, Jun 8, 2012 at 5:48 PM, Wan-Teh Chang<wtc@google.com>  wrote:
>> On Thu, Jun 7, 2012 at 8:26 PM, David Dahl<ddahl@mozilla.com>  wrote:
>>> I think so. We do need to figure out just how flexible this mechanism should be. Perhaps the key handle object you get back has properties like:
>>>
>>> kh.mode
>>> kh.padding
>>> kh.algorithm
>> An AES key can be used in different modes of operation and with 
>> different padding schemes, so 'mode' and 'padding' aren't properties 
>> of a key unless we artificially constrain the key.
> It seems like they might be if the key was embedded in a piece of 
> hardware which had a limited mode set, e.g, one which supported only 
> CBC and not GCM.

+1

We're working with hardware right now that supports ECB & CBC but no CTR, for example.

Mitch

>
> -Ekr
>

Received on Tuesday, 12 June 2012 16:19:50 UTC