- From: Eric Rescorla <ekr@rtfm.com>
- Date: Mon, 18 Jun 2012 12:41:28 -0700
- To: Wan-Teh Chang <wtc@google.com>
- Cc: Ryan Sleevi <sleevi@google.com>, David Dahl <ddahl@mozilla.com>, Zooko Wilcox-OHearn <zooko@leastauthority.com>, public-webcrypto@w3.org
On Mon, Jun 18, 2012 at 11:34 AM, Wan-Teh Chang <wtc@google.com> wrote: > I think we should provide the commonly used key derivation functions > to reduce application mistakes. But I find Zooko's challenge of > implementing ZRTP very thought-provoking. Since the key derivation > function of ZRTP doesn't seem to be a common one, I believe that a web > browser will need to export the raw shared secret either in native > code or in JavaScript. (I don't know of a native crypto API that > allows a caller to provide an arbitrary key derivation function.) I don't believe that this can be done without effectively allowing the application to extract the secret input if it chooses to. I.e., this is a cut point between two models of key isolation: (1) reduce application screwups by making it hard to access the key (2) protect against malicious applications accessing the key. -Ekr
Received on Monday, 18 June 2012 19:42:37 UTC