IETF Logo Mail Archive

Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API

Harry Halpin <hhalpin@w3.org> Thu, 20 November 2014 18:23 UTC

Return-Path: <hhalpin@w3.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCD871A1B64 for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:23:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.496
X-Spam-Level:
X-Spam-Status: No, score=-7.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dMywmrUpdQrw for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:23:45 -0800 (PST)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B5ED51A19F2 for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:23:45 -0800 (PST)
Received: from [81.80.203.35] (helo=[172.17.2.197]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1XrWON-0002ZY-Ll; Thu, 20 Nov 2014 13:23:43 -0500
Message-ID: <546E31A8.3080909@w3.org>
Date: Thu, 20 Nov 2014 19:23:36 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: Paul Hoffman <paul.hoffman@vpnc.org>
References: <546E0AE5.3040601@w3.org> <B041D850-2A7D-4B0E-A234-27A4A9D5031B@vpnc.org>
In-Reply-To: <B041D850-2A7D-4B0E-A234-27A4A9D5031B@vpnc.org>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/D2TVnJLn9GgFnXvL-r87lEnQ9ZE
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 18:23:48 -0000


On 11/20/2014 05:57 PM, Paul Hoffman wrote:
> If you want this to be a CFRG-edited draft, that's great. As a few people have pointed out, it has some deep flaws, and having lots of eyes on it with regular updates would be valuable.
> 

Yes, that's the plan, as W3C will need the eyes of CFRG on it in the
future as well as new attacks and proofs are discovered.

We'll just watch the discussions on the preliminary version come in and
revise within a week or two unless there is serious disagreement between
members of CFRG. If theres is more or less agreement, I'll make the
edits and then formally submit this to be a CFRG edited draft.

   cheers,
        harry

> --Paul Hoffman
>

v2.23.0 | Report a Bug | By Email