- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 17 Jul 2013 14:39:20 -0700
- To: Jim Schaad <ietf@augustcellars.com>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Wed, Jul 10, 2013 at 12:28 PM, Jim Schaad <ietf@augustcellars.com> wrote: > I have a worry about doing the key wrap/unwrap that I think needs to be > addressed. I do not see how we can avoid doing some degree of propagation > of the extractable tag in the case of doing a key agreement/key derivation > operation. > > While using RSA to wrap a key can persevere a JWK directly, this is not true > if one is using DH or ECDH keys for the encryption operation. In this case > the DH/ECDH extractability needs to be propagated forward to the key agree > key. > > I wonder if this means we should not always propagate the extractability > forward when doing both key derivation and key unwrap. > > Jim I seem to be believing that we've discussed this before. Virally propagating extractability unconditionally isn't desirable - you may wish to use a non-extractable key to derive an extractable key. However, I do agree that this also highlights why treating extractability as a property delivered via JWK, as proposed by Netflix, rather than associated with/through some aspect of the API, is an undesirable solution limited to a very specific use case, rather than being of general use.
Received on Wednesday, 17 July 2013 21:39:47 UTC