Re: [Cfrg] Request from W3C Web Crypto WG to adopt "Security Considerations" document?
"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Wed, 06 August 2014 10:16 UTC
Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17B421B2D12 for <cfrg@ietfa.amsl.com>; Wed, 6 Aug 2014 03:16:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dslfJgS7bEf for <cfrg@ietfa.amsl.com>; Wed, 6 Aug 2014 03:16:52 -0700 (PDT)
Received: from emea01-db3-obe.outbound.protection.outlook.com (mail-db3lrp0081.outbound.protection.outlook.com [213.199.154.81]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E94CB1B28B9 for <cfrg@irtf.org>; Wed, 6 Aug 2014 03:16:51 -0700 (PDT)
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB381.eurprd03.prod.outlook.com (10.141.10.11) with Microsoft SMTP Server (TLS) id 15.0.995.14; Wed, 6 Aug 2014 10:16:48 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0995.014; Wed, 6 Aug 2014 10:16:48 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Harry Halpin <hhalpin@w3.org>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [Cfrg] Request from W3C Web Crypto WG to adopt "Security Considerations" document?
Thread-Index: AQHPpTiUOLwQAa0+o0SvSKtW2u0xbZusJ3QAgBTGf4CAApdjAA==
Date: Wed, 06 Aug 2014 10:16:47 +0000
Message-ID: <D007BF01.295A3%kenny.paterson@rhul.ac.uk>
References: <53CD9D23.6030401@w3.org> <CFF422C0.28814%kenny.paterson@rhul.ac.uk> <53DFE219.4020702@w3.org>
In-Reply-To: <53DFE219.4020702@w3.org>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.4.3.140616
x-originating-ip: [134.219.227.30]
x-microsoft-antispam: BCL:0;PCL:0;RULEID:
x-forefront-prvs: 02951C14DC
x-forefront-antispam-report: SFV:NSPM; SFS:(6009001)(377454003)(479174003)(24454002)(52604005)(199002)(51704005)(189002)(36756003)(66066001)(4396001)(31966008)(101416001)(79102001)(107046002)(107886001)(19580405001)(77982001)(83322001)(19580395003)(561944003)(85306004)(19273905006)(80022001)(64706001)(86362001)(83506001)(15975445006)(21056001)(20776003)(81342001)(2656002)(87936001)(74502001)(74482001)(74662001)(15202345003)(106116001)(83072002)(81542001)(105586002)(106356001)(76176999)(50986999)(54356999)(76482001)(46102001)(15395725005)(92566001)(92726001)(99396002)(563064011); DIR:OUT; SFP:; SCL:1; SRVR:DBXPR03MB381; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:; MLV:sfv; PTR:InfoNoRecords; MX:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-ID: <5F870EB610FA5D418C35CD04DFB0C3AE@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/NkTQOauKesgCAX95KoZlgCfPM7E
Subject: Re: [Cfrg] Request from W3C Web Crypto WG to adopt "Security Considerations" document?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Aug 2014 10:16:55 -0000
Harry Excellent, thanks for confirming. We await your draft with interest! Cheers, Kenny On 04/08/2014 20:42, "Harry Halpin" <hhalpin@w3.org> wrote: >On 07/22/2014 08:26 PM, Paterson, Kenny wrote: >> Dear Harry, >> >> The CFRG would be interested in being involved in this activity. As you >> say, it should have wider applicability than W3C, and there's a good >> chance that CFRG will have a greater longevity than the WebCrypto >>working >> group. >> >> With luck, the CFRG session here in Toronto tomorrow will not be so >>packed >> with other things that we can't squeeze a few words from Wendy Seltzer >> into the AoB. The CFRG chairs are also around all week if she wants to >> catch us beforehand. > > >I believe Wendy managed to discuss this in the CFRG AOB. Just to >confirm, we will produce an Informational RFC for the consideration of >CFRG as soon as possible for the per-algorithm security considerations. >The W3C appreciates the support of the CFRG in this matter, which we >agree may have wider applicability than the W3C Web Cryptography API. > > thanks, > harry > > >> >> Regards, >> >> Kenny >> >> On 21/07/2014 19:07, "Harry Halpin" <hhalpin@w3.org> wrote: >> >>> CFRG, >>> >>> The W3C Web Cryptography Working Group has an open issue on Security >>> Considerations for the Web Cryptography API [1], with details in the >>> bugzilla [2]. >>> >>> Graham Steel (INRIA), with feedback from Rich Salz and help from the >>> W3C staff, is willing to help create a "per-algorithm" security >>> consideration Informational RFC for the algorithms listed in the Web >>> Cryptography API (see his blog post [3]). However, as the landscape of >>> algorithms is changing and the Web Cryptography Working Group may have >>>a >>> finite lifespan, we thought the CFRG would be a place to host such a >>> document as the CFRG will continue after the Web Crypto Working Group >>> ends and the CFRG obviously has the experience and expertise to help >>> make sure such a document reaches the high standards the Internet >>> community deserves. >>> >>> Would the CFRG be OK with publishing such a document and maintaining >>>it, >>> if we took the effort to produce the first draft and the W3C helped in >>> maintaining it? We think such a list of known attacks on a popular >>> subset of algorithms would be useful also to other IETF and W3C >>> standards, although the need is most pressing with the Web Crypto API. >>> >>> Although I will not be at IETF Toronto, Wendy Seltzer from the W3C will >>> be, and we hope this can be discussed during the "AOB" session at the >>> CFRG meeting. >>> >>> Please inform us over at the Web Cryptography WG if this proposal is >>> accepted by CFRG. >>> >>> cheers, >>> harry >>> >>> [1]https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html >>> [2]https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607 >>> [3]http://cryptosense.com/choice-of-algorithms-in-the-w3c-crypto-api/ >>> >>> _______________________________________________ >>> Cfrg mailing list >>> Cfrg@irtf.org >>> http://www.irtf.org/mailman/listinfo/cfrg >>> >> >
- [Cfrg] Request from W3C Web Crypto WG to adopt "S… Harry Halpin
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Paterson, Kenny
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Harry Halpin
- Re: [Cfrg] Request from W3C Web Crypto WG to adop… Paterson, Kenny