IETF Logo Mail Archive

Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API

Harry Halpin <hhalpin@w3.org> Thu, 20 November 2014 18:31 UTC

Return-Path: <hhalpin@w3.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 75CC71A1A88 for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:31:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.496
X-Spam-Level:
X-Spam-Status: No, score=-7.496 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RP_MATCHES_RCVD=-0.594, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VDvyH6ml7tlo for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 10:31:05 -0800 (PST)
Received: from jay.w3.org (ssh.w3.org [128.30.52.60]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 506E81A19F2 for <cfrg@irtf.org>; Thu, 20 Nov 2014 10:31:05 -0800 (PST)
Received: from [81.80.203.35] (helo=[172.17.2.197]) by jay.w3.org with esmtpsa (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.72) (envelope-from <hhalpin@w3.org>) id 1XrWVT-00038x-Ry for cfrg@irtf.org; Thu, 20 Nov 2014 13:31:04 -0500
Message-ID: <546E3360.2020909@w3.org>
Date: Thu, 20 Nov 2014 19:30:56 +0100
From: Harry Halpin <hhalpin@w3.org>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <mailman.2305.1416497925.5552.cfrg@irtf.org> <546E297D.5040405@gmail.com>
In-Reply-To: <546E297D.5040405@gmail.com>
Content-Type: text/plain; charset="windows-1252"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/VcNk0AhjiI_EwC44l5ZrKpoQOAM
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 18:31:07 -0000


On 11/20/2014 06:48 PM, Yaron Sheffer wrote:
> Hi Harry,
> 
> The draft makes for fascinating reading for CFRG folks, as can be seen
> by the mailing list discussion. But I think it does not make any sense
> to "developers" (programmers who typically have next to no understanding
> of crypto, and certainly none at all of formal security models/proofs).
> They simply would not understand 90% of the text.
> 
> So it may be fine as a rationale for the selected list of algorithms. It
> may be fine for a few star crypto developers. But IMHO, not for the
> general population of people who'll be coding to your API.
> 
> I am a co-author of the TLS BCP
> (http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-06). It certainly has
> its share of flaws, but what we did right is to clearly mark
> recommendations vs. rationale, and to simplify recommendations as much
> as we could.

Yaron,

For developers, I imagine the important part will be the table, so we
want extra eyes on that.

We of course cannot fit in a course in cryptography and protocol design
in an informational document, but we do need to cite the right sources.
We're also looking for important attacks and proofs we may have missed.

I do agree some kind of "warning, possible hard to understand
justifications" before we go into per-algorithm justifications, so
developers are warned. However, if you have any way to justify or
simplify any of the justifications or the more developer-facing table,
we'd be very appreciative.

However, I would note the first few uses of Web Crypto did use AES-CBC
with RSAES-PKCS1-v1_5  :)

   cheers,
      harry


> 
> Thanks,
>     Yaron
> 
> 
>>
>> Everyone,
>>
>> As the W3C Web Cryptography API gets ready to move to Candidate
>> Recommendation, we wanted to address the concerns brought up by Rich
>> Salz and others for better security guidelines for developers, given
>> that the API exposes a variety of algorithms. I've taken Graham Steel's
>> excellent write-up, which is in a large part based on Smart et al.'s
>> magisterial ENISA report,  and have turned it into a draft CFRG note.
>>
>> We'd like to see the security guidelines below discussed here, and if
>> there's no objections after discussion, move this onwards. W3C commits
>> to maintaining this note as much as possible.
>>
>> Links to draft:
>>
>> TXT:
>> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.txt
>>
>> HTML:
>> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.html
>>
>>
>> cheers,
>>      harry
>>
> 
> _______________________________________________
> Cfrg mailing list
> Cfrg@irtf.org
> http://www.irtf.org/mailman/listinfo/cfrg

v2.23.0 | Report a Bug | By Email