ISSUE-38: Key initialization and "finalization"

Key initialization and "finalization"

State:
CLOSED
Product:
next for Web Crypto API
Raised by:
Ryan Sleevi
Opened on:
2012-08-30
Description:
It is common in cryptographic APIs that there is a distinct state of Keys that are first being created, to allow them to have attributes mutated or to allow keying material to be exported or escrowed, up until some point where the key is "finalized", and no further changes are supported.

An example use case for such feature would be:
- Generating a new keypair, escrowing the private key using a key escrow pprovider, then marking the generated key as non-exportable. Future attempts to export the key will fail once it has been "finalized".
- Creating a key, then defining one or more attributes after creation (perhaps after first registering the key with an authority), but then "finalizing" the key such that the attributes become read-only.

While I realize that this use case hasn't been brought up yet, the prevalence of such APIs seems that they may affect how key generation/derivation behaves, and thus we should consider whether such use cases should be prohibited - implicitly by choice of API, or explicitly by text.
Related Actions Items:
No related actions
Related emails:
  1. Re: [Moderator Action] Missing items in KeyUsage (from sleevi@google.com on 2013-04-02)
  2. W3C Web Crypto WG - Take Away from 17th of september call (from Virginie.GALINDO@gemalto.com on 2012-09-18)
  3. Re: crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from sleevi@google.com on 2012-09-07)
  4. Re: crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from wtc@google.com on 2012-09-07)
  5. RE: crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from Vijay.Bharadwaj@microsoft.com on 2012-09-07)
  6. Re: crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from sleevi@google.com on 2012-09-04)
  7. RE: crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from Vijay.Bharadwaj@microsoft.com on 2012-09-04)
  8. RE: ISSUE-17: Key Attributes - Proposed resolution (from Vijay.Bharadwaj@microsoft.com on 2012-09-04)
  9. Re: ISSUE-17: Key Attributes - Proposed resolution (from sleevi@google.com on 2012-08-31)
  10. crypto-ISSUE-38: Key initialization and 'finalization' [Web Cryptography API] (from sysbot+tracker@w3.org on 2012-08-30)

Related notes:

During TPAC Lyon F2F meeting it was discussed that this feature could be delayed to a next version of the API. As such it is catagorized as 'next' in our domain list.

Virginie GALINDO, 12 Nov 2012, 19:38:49

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 38.html,v 1.1 2017/02/13 16:16:51 ted Exp $