Re: JWK web crypto attributes from Mark Watson on 2013-07-23 (public-webcrypto@w3.org from July 2013)

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 23 Jul 2013 18:46:51 +0100
To: Ryan Sleevi <sleevi@google.com>
Cc: Jim Schaad <ietf@augustcellars.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <-1975980384963937565@unknownmsgid>

I agree name is not needed.

For 'use' it would indeed be nice if JWK could support multiple uses
and could distinguish encrypt from decrypt, sign from verify etc.

...Mark

Sent from my iPhone

On Jul 23, 2013, at 12:44 AM, Ryan Sleevi <sleevi@google.com> wrote:

> On Mon, Jul 22, 2013 at 4:27 PM, Jim Schaad <ietf@augustcellars.com> wrote:
>> It would be useful for the JOSE working group if there could be a decision
>> about what attributes need to be defined in the JWK document for
>> import/export of keys before the F2F meeting next week.
>>
>> If we are just going to define them in the W3C document it is not an issue
>> and we can take care of that when this document goes final.
>>
>> As of now, I am assuming that two possible attributes are needed:
>>
>> Extractable - which takes a true/false value
>> Name - which takes a string value and allows for a key to be named in the
>> event it is to be saved.  (Currently not clear to me if keys are named at
>> the time of import or at the time they would be saved into the database).
>>
>> Jim
>
> I believe Mark has previously indicated that both extractable and
> usages are needed.
>
> Currently, 3.2 of JWK-draft-13 (
> http://tools.ietf.org/html/draft-ietf-jose-json-web-key-13#section-3.2
> ) only supports 'sig' and 'enc'. It specifies other values MAY be
> used, but the field only supports a SINGLE usage, whereas WebCrypto
> keys may support MULTIPLE usages.
>
> So if we go that route, "use" may need to change - especially in light
> of public/private keys anyways (eg: decryption-only keys)
>
> I don't understand why Name is needed - WebCrypto Key objects have no
> such property, and the other spec indicates they're *Pre-Provisioned*
> keys.
>
> For WebCrypto Key objects, they're structured cloned into other
> storage - eg: IndexedDB - and the IDB key (of key-value pair) may be
> used to describe the name - or any number of other ways of storing
> name/value pairs that store a keys name, without requiring it in the
> JWK or WebCrypto.
>
> So -1 to standardizing name. Especially given "kid".
>

Received on Tuesday, 23 July 2013 17:47:18 UTC