Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
Watson Ladd <watsonbladd@gmail.com> Thu, 20 November 2014 18:09 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B996C1A1B55 for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:09:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGG2GCk2I81k for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:09:17 -0800 (PST)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C091A1B2A for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:09:13 -0800 (PST)
Received: by mail-yk0-f169.google.com with SMTP id 79so1539540ykr.14 for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:09:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kaUieAEw7hy8BZEmFZ3T0WYS13RJ6CFgiYn4FKu0l9k=; b=Mk73AUdyIu/E0cerLxHt+09oa6Sj7H5F9wj/GW1+ycgpSPl7gP6rzgcj1Xy9wYMcLF iPdAw2kHNlACspxQ+Z0XJnW/il5OdCbmvEcGvETyLUq8/fJ2Q6npOBrKL5axFQmIKETs 4XJ9ZHZU+PkapLmMjNZMsOOhUi56OnTmnt23v0a7BeuWTkJifWFAdPRofHmtWN+xkBdX AirKBASBJ0GgJSwQAiiJ2Hd2yZzamTqycXOjsl/B5LbeznhJb+OVAsX/4yLNCCX+mian pL/NzrL4ADLSHNTAgPJ6yqvNHme4CZrae6H4FWFIlMtKs6H1m0kBXlYVdCjpb6RTB7n2 QGJw==
MIME-Version: 1.0
X-Received: by 10.170.111.210 with SMTP id d201mr36741ykb.126.1416506952167; Thu, 20 Nov 2014 10:09:12 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Thu, 20 Nov 2014 10:09:11 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Thu, 20 Nov 2014 10:09:11 -0800 (PST)
In-Reply-To: <546E297D.5040405@gmail.com>
References: <mailman.2305.1416497925.5552.cfrg@irtf.org> <546E297D.5040405@gmail.com>
Date: Thu, 20 Nov 2014 10:09:11 -0800
Message-ID: <CACsn0cmXqSQv74obdxvkp8M_U4JF_h64ZBF5A_aG6QLWUzQAQQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a11379d68b4b75405084e39bf"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/CvOy-kMN1KoIpwa1Nd1PuSaZaFc
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 18:09:23 -0000
On Nov 20, 2014 9:49 AM, "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote: > > Hi Harry, > > The draft makes for fascinating reading for CFRG folks, as can be seen by the mailing list discussion. But I think it does not make any sense to "developers" (programmers who typically have next to no understanding of crypto, and certainly none at all of formal security models/proofs). They simply would not understand 90% of the text. > > So it may be fine as a rationale for the selected list of algorithms. It may be fine for a few star crypto developers. But IMHO, not for the general population of people who'll be coding to your API. Should people who don't know anything about cryptography write code that uses it? We've already mentioned that protocol design is hard, but that will force a lot of other choices, so it's not clear what is actually addressed by these recommendations. Unlike TLS this is not about properly configuring an implementation. It's a case where the developers have unbounded creativity, and so can mess it up in unexpected ways, which no list of negative commandments can cover. The right approach is to design misuse resistant primitives on top of the ones in Webcrypto, and tell programmers to use them. Sincerely, Watson Ladd > > I am a co-author of the TLS BCP ( http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-06). It certainly has its share of flaws, but what we did right is to clearly mark recommendations vs. rationale, and to simplify recommendations as much as we could. > > Thanks, > Yaron > > > >> >> Everyone, >> >> As the W3C Web Cryptography API gets ready to move to Candidate >> Recommendation, we wanted to address the concerns brought up by Rich >> Salz and others for better security guidelines for developers, given >> that the API exposes a variety of algorithms. I've taken Graham Steel's >> excellent write-up, which is in a large part based on Smart et al.'s >> magisterial ENISA report, and have turned it into a draft CFRG note. >> >> We'd like to see the security guidelines below discussed here, and if >> there's no objections after discussion, move this onwards. W3C commits >> to maintaining this note as much as possible. >> >> Links to draft: >> >> TXT: >> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.txt >> HTML: >> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.html >> >> cheers, >> harry >> > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > http://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] Proposed Informational Note: Security Guid… Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Salz, Rich
- Re: [Cfrg] Proposed Informational Note: Security … Watson Ladd
- Re: [Cfrg] Proposed Informational Note: Security … Jonathan Berliner
- Re: [Cfrg] Proposed Informational Note: Security … Paul Hoffman
- Re: [Cfrg] Proposed Informational Note: Security … Scott Fluhrer (sfluhrer)
- Re: [Cfrg] Proposed Informational Note: Security … Manuel Pégourié-Gonnard
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … David Gil
- Re: [Cfrg] Proposed Informational Note: Security … Watson Ladd
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Dan Brown
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … Dan Harkins
- Re: [Cfrg] Proposed Informational Note: Security … Manuel Pégourié-Gonnard