Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 20 November 2014 21:00 UTC
Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B83F1ACE3B for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 13:00:43 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id g_ga18hZzbak for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 13:00:41 -0800 (PST)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AB451ACE39 for <cfrg@irtf.org>; Thu, 20 Nov 2014 13:00:41 -0800 (PST)
Received: by mail-wg0-f48.google.com with SMTP id y19so4827358wgg.35 for <cfrg@irtf.org>; Thu, 20 Nov 2014 13:00:40 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=ZxZuWqFtpHl05xONRPi26oJROz2X5d/EBNXceV3fhmk=; b=ytwKKMKAEARZJ+xi6s1VaIDZT6yabBpd8MEgAaQtZCIXS+fovgBhVVV5ytMkjQLC3c PlfIFsIkrjZvNVkKrcqp1czQ7CMBB3oOgJfk9Q8K4aLNWQnMBqmvhSjlKjekivQR33Be MM2n1sAj06rfr+Y9vUcpeFdtFxca2Qh3/3YS4RXy18VajZnbabS3sy+85Cc3/Tsu578U j4Y3eK9zNyjqxpKxTK+OiDBPnwlD3NHNP2cLEJFM/IVPXytKJD2m+HmW7eiTD4VTJ+e8 TyMvM1OINphExip7pKV4JK7D0OGjzEp6pYA7NIrGfPIPTxPhgR1ihec0zpg1828Nf+DS 5weg==
X-Received: by 10.180.73.143 with SMTP id l15mr1495598wiv.24.1416517240133; Thu, 20 Nov 2014 13:00:40 -0800 (PST)
Received: from [10.0.0.4] (bzq-79-176-2-1.red.bezeqint.net. [79.176.2.1]) by mx.google.com with ESMTPSA id e7sm5004980wjx.31.2014.11.20.13.00.39 for <cfrg@irtf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Nov 2014 13:00:39 -0800 (PST)
Message-ID: <546E5676.1090500@gmail.com>
Date: Thu, 20 Nov 2014 23:00:38 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <mailman.23.1416513612.22880.cfrg@irtf.org>
In-Reply-To: <mailman.23.1416513612.22880.cfrg@irtf.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/TZv135HLKGMWqI61Lt_5OyToJPA
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 21:00:43 -0000
> > Yaron, > > For developers, I imagine the important part will be the table, so we > want extra eyes on that. > > We of course cannot fit in a course in cryptography and protocol design > in an informational document, but we do need to cite the right sources. > We're also looking for important attacks and proofs we may have missed. > > I do agree some kind of "warning, possible hard to understand > justifications" before we go into per-algorithm justifications, so > developers are warned. However, if you have any way to justify or > simplify any of the justifications or the more developer-facing table, > we'd be very appreciative. > > However, I would note the first few uses of Web Crypto did use AES-CBC > with RSAES-PKCS1-v1_5 :) > I actually missed the table on first reading, sorry about that. I think the table in general is fine, but I would add to the three AES-xxx a comment right there, "MUST be used with a keyed MAC, see sec. yyy" (a section that explains what's the proper way of composing encryption and integrity protection). Thanks, Yaron
- [Cfrg] Proposed Informational Note: Security Guid… Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Salz, Rich
- Re: [Cfrg] Proposed Informational Note: Security … Watson Ladd
- Re: [Cfrg] Proposed Informational Note: Security … Jonathan Berliner
- Re: [Cfrg] Proposed Informational Note: Security … Paul Hoffman
- Re: [Cfrg] Proposed Informational Note: Security … Scott Fluhrer (sfluhrer)
- Re: [Cfrg] Proposed Informational Note: Security … Manuel Pégourié-Gonnard
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … David Gil
- Re: [Cfrg] Proposed Informational Note: Security … Watson Ladd
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Harry Halpin
- Re: [Cfrg] Proposed Informational Note: Security … Dan Brown
- Re: [Cfrg] Proposed Informational Note: Security … Yaron Sheffer
- Re: [Cfrg] Proposed Informational Note: Security … Dan Harkins
- Re: [Cfrg] Proposed Informational Note: Security … Manuel Pégourié-Gonnard