Re: Comments on wrap/unwrap from Ryan Sleevi on 2013-06-18 (public-webcrypto@w3.org from June 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 17 Jun 2013 18:40:44 -0700
To: Hutchinson Michael <Michael.Hutchinson@gemalto.com>
Cc: Mark Watson <watsonm@netflix.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Vijay Bharadwaj <Vijay.Bharadwaj@microsoft.com>
Message-ID: <CACvaWvZKtsuw6sfpFR9w+19Q1on_xaCQhpnm8CVf5z3a-=HkNA@mail.gmail.com>

On Mon, Jun 17, 2013 at 5:34 PM, Hutchinson Michael
<Michael.Hutchinson@gemalto.com> wrote:
> Is there not a third option?
>
>
>
> Specify the problem away?
>
>
>
> Any attempt to create/return a key with KeyUsage of “unwrap” and with
> extractable set to true returns an error

Restricts other use-cases, such as key escrow.

>
> Any attempt to create/return a key with KeyUsage of “unwrap” and “decrypt”
> returns an error

Relies on the caller supplying a valid set of attributes, whereas
Mark's requirement is that the caller is not trusted.

>
>
>
>>Michael

Received on Tuesday, 18 June 2013 01:41:11 UTC