Re: Public keys and key usage from Eric Roman on 2015-11-16 (public-webcrypto@w3.org from November 2015)

From: Eric Roman <ericroman@google.com>
Date: Mon, 16 Nov 2015 13:56:57 -0800
To: Jim Schaad <ietf@augustcellars.com>
Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAFswn4==G0S4a9iFF5dFP+=ecaE4sqfnHbZz04m3j9Z4xePtdA@mail.gmail.com>

I didn't search the mailinglist archives, but here are some relevant
discussions on bug threads:

https://www.w3.org/Bugs/Public/show_bug.cgi?id=26413 says that keys should
only be allowed to be created with usages that are applicable to the
particular algorithm and key type.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25820: says that empty
usages should not be allowed for private/secret keys, but makes an
allowance for public keys.

>From the way ECDH defines the deriveKey and deriveBits in terms of the
private key (with public key just another parameter of the algorithm) it
follows that the private key can have deriveBits/deriveKey usage. But there
is no corresponding usage enforced for public keys. The only option then is
for their usages to be empty, since invalid usages for keys are not allowed
per that first bug.

On Mon, Nov 16, 2015 at 1:18 PM, Jim Schaad <ietf@augustcellars.com> wrote:

> Ryan,
>
> I did a quick search of my mail box and could not find the reasoning for
> forcing public ECDH keys to have an empty usage field.  Was there one or
> was it never discussed?
>
> Jim
>
>
>
>
>

Received on Monday, 16 November 2015 21:57:31 UTC