Re: I want to have unsafe key exchange.

----- Original Message -----
> From: "Ryan Sleevi" <sleevi@google.com>
> To: "David Dahl" <ddahl@mozilla.com>
> Cc: "Zooko Wilcox-OHearn" <zooko@leastauthority.com>, public-webcrypto@w3.org
> Sent: Thursday, June 14, 2012 1:06:29 PM
> Subject: Re: I want to have unsafe key exchange.
> 
> On Thu, Jun 14, 2012 at 10:07 AM, David Dahl <ddahl@mozilla.com>
> wrote:
> 
> > No, I do not think I have ever advocated for the private keying
> > material
> > to ever be available in raw form. Please refresh my memory where I
> > was
> > advocating for private keys to be exposed to content.
> >
> > David
> >
> 
> During our June 4 teleconference, there was the discussion during the
> Draft
> API technical discussion about whether keys should be referred to "by
> data"
> or "by ID". My understanding of your proposal was that all keys be
> referenced by raw bytes,

I was advocating that keys generated with "this in mind" would be able to have raw bytes extractable. So, your application or secure element would need to have some kind of internal property that allows raw byte extraction. Most use of the key generation API would be without this in mind. 

To allow this, you would have an API like: void generateKeys(in DOMString aAlgorithm, in bool aExtractableRawBytes);

The KeyObject that is generated would then have a method like:

var privateKeyBytes = keyObject.extractRawPrivateKey();

or: 

var symmetricKey = keyObject.extractRawBytes();

If the key was not created this way - or the secureElement does not allow it, these methods return null.

Does that clarify what I was thinking? Sorry for the confusion.

Cheers,

David

Received on Thursday, 14 June 2012 18:22:05 UTC