Re: crypto-ISSUE-38: Key initialization and "finalization" [Web Cryptography API] from Ryan Sleevi on 2012-09-07 (public-webcrypto@w3.org from September 2012)

From: Ryan Sleevi <sleevi@google.com>
Date: Fri, 7 Sep 2012 11:51:27 -0700
To: Wan-Teh Chang <wtc@google.com>
Cc: Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>, Web Cryptography Working Group <public-webcrypto@w3.org>
Message-ID: <CACvaWvaGGahyh6910LasTR2G1y3G=AuTxV4PNf_YbGPBzDYU_w@mail.gmail.com>

On Fri, Sep 7, 2012 at 11:47 AM, Wan-Teh Chang <wtc@google.com> wrote:
> On Thu, Sep 6, 2012 at 10:54 PM, Vijay Bharadwaj
> <Vijay.Bharadwaj@microsoft.com> wrote:
>>
>> One thing we might want to think about - what should happen
>> if a user who has thus finalized his RSA encryption key wants
>> to get a new certificate with the same key?
>
> Another idea would be to add a method that generates a
> proof-of-possession for a certificate request. For RSA keys, this
> would be a specialized sign operation that only signs specific kinds
> of input.
>
> Wan-Teh

I'm slightly nervous about this because the variety of
Proof-of-Possession protocols that exist. Whether <keygen>'s use of
SPKAC, Mozilla's use of CRMF, or the various GlobalPlatform proofs, it
seems like there's quite a bit of divergence there.

But yes, it's certainly a possibility.

Received on Friday, 7 September 2012 18:51:55 UTC