ISSUE-16: Definition for Key Expiration

Definition for Key Expiration

State:
CLOSED
Product:
Web Cryptography API
Raised by:
Ryan Sleevi
Opened on:
2012-08-06
Description:
During the July Face-to-Face, the topic of Key Expiration was raised. However, a solid definition is lacking for what the semantics should be.

Argument for Implementation Semantics:
- Expiration could serve as a quota-management technique. Keys may represent expensive resources, particularly in constrained environments. Therefore, an understanding of how long a key is supposed to live may allow a user agent to remove 'expired' keys over time.

Argument for Application Semantics:
- Expiration should have no specific meaning to the implementation; it is simply provided to the application in an advisory capability to inform the application how a key can/should be used. This is particularly important for implementations that use pre-existing cryptographic APIs, such as OS APIs, as the underlying API may enforce these semantics. An example was given for a keypair where the private key may no longer be able to sign messages after a particular date, but the associated public key may be used to verify existing messages.

Should expiration be handled on a per-application basis in the custom attributes, or is it a global attribute on all Key types that should be managed by the User Agent?
Related Actions Items:
No related actions
Related emails:
  1. Draft minutes, 9/4 call (from wseltzer@w3.org on 2012-09-04)
  2. Code: 83263 / Re: W3C Web Crypto WG - agenda for 4th of sept call - today (from wseltzer@w3.org on 2012-09-04)
  3. W3C Web Crypto WG - agenda for 4th of sept call - today (from Virginie.GALINDO@gemalto.com on 2012-09-04)
  4. Re: Closing ISSUE-16 (from wtc@google.com on 2012-08-31)
  5. Closing ISSUE-16 (from sleevi@google.com on 2012-08-30)
  6. [W3C Web Crypto WG] functional features list in draft API and issue tracker (from Virginie.GALINDO@gemalto.com on 2012-08-22)
  7. Re: [W3C Web Crypto WG] functional features list in draft API and issue tracker (from sleevi@google.com on 2012-08-21)
  8. [W3C Web Crypto WG] functional features list in draft API and issue tracker (from Virginie.GALINDO@gemalto.com on 2012-08-21)
  9. Re: New Editor's Draft (from sleevi@google.com on 2012-08-17)
  10. RE: New Editor's Draft (from Vijay.Bharadwaj@microsoft.com on 2012-08-14)
  11. RE: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from Vijay.Bharadwaj@microsoft.com on 2012-08-14)
  12. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from ddahl@mozilla.com on 2012-08-09)
  13. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from sleevi@google.com on 2012-08-09)
  14. Re: New Editor's Draft (from sleevi@google.com on 2012-08-09)
  15. Re: New Editor's Draft (from sleevi@google.com on 2012-08-09)
  16. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from hhalpin@w3.org on 2012-08-08)
  17. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from ddahl@mozilla.com on 2012-08-08)
  18. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from hhalpin@w3.org on 2012-08-08)
  19. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from mountie.lee@mw2.or.kr on 2012-08-06)
  20. crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from sysbot+tracker@w3.org on 2012-08-06)
  21. New Editor's Draft (from sleevi@google.com on 2012-08-05)
  22. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from sleevi@google.com on 2012-08-05)
  23. Re: crypto-ISSUE-16: Definition for Key Expiration [Web Cryptography API] (from sleevi@google.com on 2012-08-05)

Related notes:

No additional notes.

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 16.html,v 1.1 2017/02/13 16:16:50 ted Exp $