[Bug 25857] New: Extractability is not always specified when importing keys (in particular public keys) from bugzilla@jessica.w3.org on 2014-05-21 (public-webcrypto@w3.org from May 2014)

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 May 2014 18:58:55 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25857-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25857

            Bug ID: 25857
           Summary: Extractability is not always specified when importing
                    keys (in particular public keys)
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: ericroman@google.com
                CC: public-webcrypto@w3.org

The value of "key.extractable" for importKey() is not consistently specified by
the per-algorithm "Import Key".

For instance AES-KW defines it, however RSA-SSA, RSA-OAEP, RSA-ES, do not.

I suggest extracting the common properties out of the per-algorithm
definitions, and into the generic importKey() language.

In particular, it is worth clarifying how "key.extractable" behaves for public
keys.

In the case of generateKey(), the extractablity of public keys is always set to
true. So one might interpret likewise for importKey() unless it is indicated.
That said, I found evidence in the spec that the intent is for public keys to
respect the extractability set in importKey() -- since Diffie-Hellman's
definition spells it out.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Wednesday, 21 May 2014 18:58:56 UTC