[Cfrg] Request from W3C Web Crypto WG to adopt "Security Considerations" document?
Harry Halpin <hhalpin@w3.org> Mon, 21 July 2014 23:07 UTC
Return-Path: <hhalpin@w3.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F037B1A0083 for <cfrg@ietfa.amsl.com>; Mon, 21 Jul 2014 16:07:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.903
X-Spam-Level:
X-Spam-Status: No, score=-6.903 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M9c-ZDHuWDog for <cfrg@ietfa.amsl.com>; Mon, 21 Jul 2014 16:07:24 -0700 (PDT)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DA00D1A0024 for <cfrg@irtf.org>; Mon, 21 Jul 2014 16:07:23 -0700 (PDT)
Received: from [70.42.157.30] (helo=[10.6.106.163]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1X9Mfy-00010w-0J for cfrg@irtf.org; Mon, 21 Jul 2014 19:07:22 -0400
Message-ID: <53CD9D23.6030401@w3.org>
Date: Tue, 22 Jul 2014 01:07:15 +0200
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: "cfrg@irtf.org" <cfrg@irtf.org>
X-Enigmail-Version: 1.6
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/FmO12pVISIqXi8wZy5YVeo6Jop8
Subject: [Cfrg] Request from W3C Web Crypto WG to adopt "Security Considerations" document?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Jul 2014 23:07:29 -0000
CFRG, The W3C Web Cryptography Working Group has an open issue on Security Considerations for the Web Cryptography API [1], with details in the bugzilla [2]. Graham Steel (INRIA), with feedback from Rich Salz and help from the W3C staff, is willing to help create a "per-algorithm" security consideration Informational RFC for the algorithms listed in the Web Cryptography API (see his blog post [3]). However, as the landscape of algorithms is changing and the Web Cryptography Working Group may have a finite lifespan, we thought the CFRG would be a place to host such a document as the CFRG will continue after the Web Crypto Working Group ends and the CFRG obviously has the experience and expertise to help make sure such a document reaches the high standards the Internet community deserves. Would the CFRG be OK with publishing such a document and maintaining it, if we took the effort to produce the first draft and the W3C helped in maintaining it? We think such a list of known attacks on a popular subset of algorithms would be useful also to other IETF and W3C standards, although the need is most pressing with the Web Crypto API. Although I will not be at IETF Toronto, Wendy Seltzer from the W3C will be, and we hope this can be discussed during the "AOB" session at the CFRG meeting. Please inform us over at the Web Cryptography WG if this proposal is accepted by CFRG. cheers, harry [1]https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html [2]https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 [3]http://cryptosense.com/choice-of-algorithms-in-the-w3c-crypto-api/
- [Cfrg] Request from W3C Web Crypto WG to adopt "S… Harry Halpin
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Paterson, Kenny
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Harry Halpin
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Paterson, Kenny