On Mon, Apr 1, 2013 at 12:05 PM, Wan-Teh Chang <wtc@google.com> wrote:
> On Mon, Apr 1, 2013 at 8:27 AM, Richard Barnes <rbarnes@bbn.com> wrote:
> > In the current spec, key agreement is treated as a special case of key
> derivation.
> > Should we call it out as a separate function under SubtleCrypto?
>
> Richard,
>
> I think your proposal is a fine idea.
>
> Treating key agreement as a special case of key derivation is an
> influence of PKCS #11, which uses the C_Derive function for
> Diffie-Hellman style key agreement methods.
>
> I think Diffie-Hellman style key agreement should get its own function
> in the Web Crypto API.
>
I'm not sure I'd agree here. Do you also see separate functions for ECDH
agreement?
For better or worse, the motivations were:
1) Consistency in paradigms with existing APIs, to make it reasonable to
implement
2) To support alternative schemes of DH agreement such as OTR or ZRTP,
which use the shared secret portion of the DH math but then pursue
alternative modulo arithmetic, rather than feeding into something like a
PRF.
You see both APIs commonly exposed.
>
> Wan-Teh
>
>