- From: Mark Watson <watsonm@netflix.com>
- Date: Thu, 19 Dec 2013 13:59:34 -0800
- To: Jim Schaad <ietf@augustcellars.com>
- Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAEnTvdDgWnEpqNX821uzjq9MPGg1EdpWEL-cmTTB5rF3aQYRXA@mail.gmail.com>
On Thu, Dec 19, 2013 at 1:05 PM, Jim Schaad <ietf@augustcellars.com> wrote: > There is a group of individuals in the JOSE group that have strongly felt > that > > > > 1. Usages of keys need to be restricted, although not necessarily > as restricted as what the WebCrypto keys call for, thus the insistence for > a single value in the field and > > 2. If there if a proliferation of values for key usage is bad > because it makes the code bases harder to work with. This lead to the > decision that ‘enc’ should be used both for key wrapping algorithms and > content encryption algorithms. > > > > On a purely personal level, I don’t necessarily agree with these decisions > but they are what we have as the stated positions of the working group at > the moment. > > > > The real issue that I see is the question of having strings that allow for > multiple different types of operations the can occur. I could easily get > behind the idea of registering “enc”, “enc-only”, “dec-only” as three > strings that map to “encrypt+decrypt”, “encrypt”, “decrypt”. Where I have > a greater problem is when we get into the concept that we are going to > allow for keys to do different things that might be bad for them. Thus the > ability to have a key usage of “wrapKey+encrypt” seems more problematic > based on the fact that the algorithm is designed to either encrypt content > or encrypt keys. I am also not sure if you want to be able to make > statements along the lines of “encrypt+decrypt+sign+verify” for an RSA > public key. > > > > Just as an attempt to get the set of issues clearly outlined, I think that > this is where things fall: > > > > 1. Should there be an ability to decompose the encrypt usage into > its component items, and can the union need to be a new string rather than > a combined string? (i.e. enc vs enc-only vs dec-only) > > 2. Are there cases where there is a need to combine together > different types of operations together in the use string (i.e. wrap + > encrypt) (I think that if the answer to this is no then we might not need > the array which is going to get very strong pushback.) > > 3. What is the level of importance of being able to restrict the > usage of a key without knowing what the algorithm that the key is to be > used with. > For WebCrypto the issue is to be able to represent a WebCrypto key in such a way that round-tripping via JWK does not lose information. WebCrypto does not place restriction on the combinations of usages that may be specified. A specific algorithm may place restrictions, although I am not sure if we have specified where this is enforced. For example, when importing an AES-CBC key, if the usages specify sign and verify, does the import fail ? If the usages specify encrypt, decrypt, sign, verify does it succeed with just encrypt,decrypt ? Or does the sign/verify operation fail later because it is not supported for the algorithm. > > > Looking at the current text, the statement ‘enc’ is equivalent to > ‘enconly, deconly,wrap,unwrap’ is incorrect. The expectation is that the > value of enc is to be interpreted based on the current algorithm value. > Thus it would be either ‘enconly,deconly’ or ‘wrap,unwrap’. > In WebCrypto you can use RSA-OAEP for all of encrypt, decrypt, wrap and unwrap. If you hace a "enc" as the use for key that you import for AES-CBC, presumably you get WebCrypto usages encrypt,decrypt - i.e. the subset of those implied by "enc" which are supported for that algorithm. ...Mark > > > Jim > > > > >
Received on Thursday, 19 December 2013 22:00:02 UTC