Re: Please verify from Ryan Sleevi on 2015-11-24 (public-webcrypto@w3.org from November 2015)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 23 Nov 2015 18:16:00 -0800
To: Jim Schaad <ietf@augustcellars.com>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvZ3WPqj4y+frB4-pd+JW0cQmsf1J2jdpv4RhMvQwn-yjg@mail.gmail.com>

On Mon, Nov 23, 2015 at 6:15 PM, Ryan Sleevi <sleevi@google.com> wrote:

>
>
> On Mon, Nov 23, 2015 at 6:06 PM, Jim Schaad <ietf@augustcellars.com>
> wrote:
>
>> In doing a deep read of the document, I want to verify that the following
>> is
>> intended.
>>
>> I have modified the example in section 33.1 by removing the "sign" usage
>> from the set of usages in the generateKey line.
>>
>> *  A zero-length sequence will pass Web IDL as it is legal
>> * Section 14.3.6 does not appear to check any of the usages for
>> generateKey
>> * Section 20.8 says only throw an exception if some usage other than
>> "sign"
>> or "verify" exists.  This is not the case so it will pas step 1 of
>> Generate
>> Key
>> * Step 18 of Generate Key will set [[usages]] to [] (intersection of []
>> and
>> ["sign"]
>> -- This means that the generateKey will be successful.
>>
>
> No,
>
> See step 8, which checks the [usages] of both a CryptoKey and a
> CryptoKeyPair to ensure that a private key does not have an empty usages.
>
>
Sorry, that's Step 8 of 14.3.6

Received on Tuesday, 24 November 2015 02:17:11 UTC