IETF Logo Mail Archive

Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API

Watson Ladd <watsonbladd@gmail.com> Thu, 20 November 2014 18:09 UTC

Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B996C1A1B55 for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:09:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eGG2GCk2I81k for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:09:17 -0800 (PST)
Received: from mail-yk0-x229.google.com (mail-yk0-x229.google.com [IPv6:2607:f8b0:4002:c07::229]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 11C091A1B2A for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:09:13 -0800 (PST)
Received: by mail-yk0-f169.google.com with SMTP id 79so1539540ykr.14 for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:09:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=kaUieAEw7hy8BZEmFZ3T0WYS13RJ6CFgiYn4FKu0l9k=; b=Mk73AUdyIu/E0cerLxHt+09oa6Sj7H5F9wj/GW1+ycgpSPl7gP6rzgcj1Xy9wYMcLF iPdAw2kHNlACspxQ+Z0XJnW/il5OdCbmvEcGvETyLUq8/fJ2Q6npOBrKL5axFQmIKETs 4XJ9ZHZU+PkapLmMjNZMsOOhUi56OnTmnt23v0a7BeuWTkJifWFAdPRofHmtWN+xkBdX AirKBASBJ0GgJSwQAiiJ2Hd2yZzamTqycXOjsl/B5LbeznhJb+OVAsX/4yLNCCX+mian pL/NzrL4ADLSHNTAgPJ6yqvNHme4CZrae6H4FWFIlMtKs6H1m0kBXlYVdCjpb6RTB7n2 QGJw==
MIME-Version: 1.0
X-Received: by 10.170.111.210 with SMTP id d201mr36741ykb.126.1416506952167; Thu, 20 Nov 2014 10:09:12 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Thu, 20 Nov 2014 10:09:11 -0800 (PST)
Received: by 10.170.195.21 with HTTP; Thu, 20 Nov 2014 10:09:11 -0800 (PST)
In-Reply-To: <546E297D.5040405@gmail.com>
References: <mailman.2305.1416497925.5552.cfrg@irtf.org> <546E297D.5040405@gmail.com>
Date: Thu, 20 Nov 2014 10:09:11 -0800
Message-ID: <CACsn0cmXqSQv74obdxvkp8M_U4JF_h64ZBF5A_aG6QLWUzQAQQ@mail.gmail.com>
From: Watson Ladd <watsonbladd@gmail.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="001a11379d68b4b75405084e39bf"
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/CvOy-kMN1KoIpwa1Nd1PuSaZaFc
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 18:09:23 -0000

On Nov 20, 2014 9:49 AM, "Yaron Sheffer" <yaronf.ietf@gmail.com> wrote:
>
> Hi Harry,
>
> The draft makes for fascinating reading for CFRG folks, as can be seen by
the mailing list discussion. But I think it does not make any sense to
"developers" (programmers who typically have next to no understanding of
crypto, and certainly none at all of formal security models/proofs). They
simply would not understand 90% of the text.

>
> So it may be fine as a rationale for the selected list of algorithms. It
may be fine for a few star crypto developers. But IMHO, not for the general
population of people who'll be coding to your API.

Should people who don't know anything about cryptography write code that
uses it? We've already mentioned that protocol design is hard, but that
will force a lot of other choices, so it's not clear what is actually
addressed by these recommendations.

Unlike TLS this is not about properly configuring an implementation.  It's
a case where the developers have unbounded creativity, and so can mess it
up in unexpected ways, which no list of negative commandments can cover.

The right approach is to design misuse resistant primitives on top of the
ones in Webcrypto, and tell programmers to use them.

Sincerely,
Watson Ladd

>
> I am a co-author of the TLS BCP (
http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-06). It certainly has its
share of flaws, but what we did right is to clearly mark recommendations
vs. rationale, and to simplify recommendations as much as we could.
>
> Thanks,
>         Yaron
>
>
>
>>
>> Everyone,
>>
>> As the W3C Web Cryptography API gets ready to move to Candidate
>> Recommendation, we wanted to address the concerns brought up by Rich
>> Salz and others for better security guidelines for developers, given
>> that the API exposes a variety of algorithms. I've taken Graham Steel's
>> excellent write-up, which is in a large part based on Smart et al.'s
>> magisterial ENISA report,  and have turned it into a draft CFRG note.
>>
>> We'd like to see the security guidelines below discussed here, and if
>> there's no objections after discussion, move this onwards. W3C commits
>> to maintaining this note as much as possible.
>>
>> Links to draft:
>>
>> TXT:
>>
http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.txt
>> HTML:
>>
http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.html
>>
>> cheers,
>>      harry
>>
>
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email