- From: Ryan Sleevi <sleevi@google.com>
- Date: Fri, 22 Mar 2013 16:36:22 -0700
- To: Mark Watson <watsonm@netflix.com>
- Cc: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Received on Friday, 22 March 2013 23:36:49 UTC
On Fri, Mar 22, 2013 at 4:21 PM, Mark Watson <watsonm@netflix.com> wrote: > All, > > It occurred to me that support for key wrapping could be simplified if we > made a blanket assumption that when unwrapping a key the resulting Key > object always has extractable = false. > > This would avoid the need for a new JWK attribute indicating > extractability. > It would avoid the need for the unwrapKey method to have an extractable > parameter. > It would avoid the confusion that arises from having extractability > defined both within the JWK and in the unwrapKey method. > It would be simpler. > I think this would make sense, because the act of wrapping a key and > sending it to a script with access to WebCrypto is explicitly saying that > you do not want the keying material to be visible except to whomever has > the unwrapping key. > > Does anyone have a use-case where a key needs to be unwrapped into a Key > which is then extractable ? > > …Mark > -1. There are plenty of reasons to use key wrapping independent of extraction concerns. The most obvious one is key transport.
Received on Friday, 22 March 2013 23:36:49 UTC