IETF Logo Mail Archive

Re: [Cfrg] [saag] Fwd: W3C Web Crypto API - moving to Last Call

"Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk> Fri, 21 March 2014 18:15 UTC

Return-Path: <Kenny.Paterson@rhul.ac.uk>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 594EC1A0A22 for <cfrg@ietfa.amsl.com>; Fri, 21 Mar 2014 11:15:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.601
X-Spam-Level:
X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id aQuJGJQRM40e for <cfrg@ietfa.amsl.com>; Fri, 21 Mar 2014 11:15:49 -0700 (PDT)
Received: from ch1outboundpool.messaging.microsoft.com (ch1ehsobe001.messaging.microsoft.com [216.32.181.181]) by ietfa.amsl.com (Postfix) with ESMTP id BCD4E1A07C1 for <cfrg@irtf.org>; Fri, 21 Mar 2014 11:15:49 -0700 (PDT)
Received: from mail3-ch1-R.bigfish.com (10.43.68.251) by CH1EHSOBE008.bigfish.com (10.43.70.58) with Microsoft SMTP Server id 14.1.225.22; Fri, 21 Mar 2014 18:15:40 +0000
Received: from mail3-ch1 (localhost [127.0.0.1]) by mail3-ch1-R.bigfish.com (Postfix) with ESMTP id E4D0420018C; Fri, 21 Mar 2014 18:15:39 +0000 (UTC)
X-Forefront-Antispam-Report: CIP:157.56.248.5; KIP:(null); UIP:(null); IPV:NLI; H:AMSPRD0310HT004.eurprd03.prod.outlook.com; RD:none; EFVD:NLI
X-SpamScore: -5
X-BigFish: PS-5(zf7Izbb2dI98dI542I1432Izz1f42h208ch1ee6h1de0h1d18h1fdah2073h2146h1202h1e76h2189h1d1ah1d2ah21bch1fc6hzz1de098h17326ah8275bh8275dh1de097h186068hz2fh109h2a8h839h944he5bhf0ah1220h1288h12a5h12a9h12bdh137ah13b6h1441h1504h1537h153bh162dh1631h1758h18e1h1946h19b5h19ceh1ad9h1b0ah224fh1d0ch1d2eh1d3fh1dfeh1dffh1fe8h1ff5h209eh2216h22d0h2336h2438h2461h2487h24d7h2516h2545h255eh25cch25f6h2605h262fh268bh1155h)
Received-SPF: pass (mail3-ch1: domain of rhul.ac.uk designates 157.56.248.5 as permitted sender) client-ip=157.56.248.5; envelope-from=Kenny.Paterson@rhul.ac.uk; helo=AMSPRD0310HT004.eurprd03.prod.outlook.com ; .outlook.com ;
X-Forefront-Antispam-Report-Untrusted: SFV:NSPM; SFS:(10019001)(6009001)(428001)(189002)(199002)(51704005)(2473001)(479174003)(24454002)(13464003)(54316002)(47736001)(56776001)(54356001)(76482001)(47976001)(50986001)(53806001)(86362001)(4396001)(92566001)(46102001)(93516002)(85852003)(49866001)(15975445006)(83506001)(81816001)(95416001)(81686001)(94316002)(94946001)(98676001)(19580395003)(80976001)(19580405001)(83322001)(97336001)(97186001)(93136001)(2656002)(87266001)(83072002)(87936001)(92726001)(56816005)(90146001)(85306002)(74366001)(63696002)(79102001)(77982001)(74482001)(36756003)(74876001)(81342001)(81542001)(15202345003)(76786001)(74662001)(74502001)(47446002)(66066001)(65816001)(80022001)(95666003)(20776003)(51856001)(59766001)(31966008); DIR:OUT; SFP:1102; SCL:1; SRVR:DBXPR03MB384; H:DBXPR03MB383.eurprd03.prod.outlook.com; FPR:174E7A93.89E695C2.41FB9F8B.D1EADB5C.202DA; MLV:sfv; PTR:InfoNoRecords; MX:1; A:1; LANG:en;
Received: from mail3-ch1 (localhost.localdomain [127.0.0.1]) by mail3-ch1 (MessageSwitch) id 1395425738193523_13936; Fri, 21 Mar 2014 18:15:38 +0000 (UTC)
Received: from CH1EHSMHS008.bigfish.com (snatpool2.int.messaging.microsoft.com [10.43.68.238]) by mail3-ch1.bigfish.com (Postfix) with ESMTP id 2A4461E00CA; Fri, 21 Mar 2014 18:15:38 +0000 (UTC)
Received: from AMSPRD0310HT004.eurprd03.prod.outlook.com (157.56.248.5) by CH1EHSMHS008.bigfish.com (10.43.70.8) with Microsoft SMTP Server (TLS) id 14.16.227.3; Fri, 21 Mar 2014 18:15:37 +0000
Received: from DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) by AMSPRD0310HT004.eurprd03.prod.outlook.com (10.255.40.39) with Microsoft SMTP Server (TLS) id 14.16.423.0; Fri, 21 Mar 2014 18:15:35 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com (10.141.10.15) by DBXPR03MB384.eurprd03.prod.outlook.com (10.141.10.20) with Microsoft SMTP Server (TLS) id 15.0.898.11; Fri, 21 Mar 2014 18:15:35 +0000
Received: from DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) by DBXPR03MB383.eurprd03.prod.outlook.com ([10.141.10.15]) with mapi id 15.00.0898.005; Fri, 21 Mar 2014 18:15:35 +0000
From: "Paterson, Kenny" <Kenny.Paterson@rhul.ac.uk>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "saag@ietf.org" <saag@ietf.org>
Thread-Topic: [saag] Fwd: W3C Web Crypto API - moving to Last Call
Thread-Index: AQHPRS696WWZ7Sz43EejtnMM+IzKnprr2LaA
Date: Fri, 21 Mar 2014 18:15:34 +0000
Message-ID: <CF522EF0.19491%kenny.paterson@rhul.ac.uk>
References: <239D7A53E5B17B4BB20795A7977613A40207DB59F189@CROEXCFWP04.gemalto.com> <9cb524b6-c260-484e-bf44-45d52e7319a1@email.android.com>
In-Reply-To: <9cb524b6-c260-484e-bf44-45d52e7319a1@email.android.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.3.9.131030
x-originating-ip: [80.42.226.146]
x-forefront-prvs: 0157DEB61B
Content-Type: text/plain; charset="us-ascii"
Content-ID: <30D4493425C9C64E86C44CD6F77DB678@eurprd03.prod.outlook.com>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: rhul.ac.uk
X-FOPE-CONNECTOR: Id%0$Dn%*$RO%0$TLS%0$FQDN%$TlsDn%
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/v5FxGEeXcb3WaR9N_cVBv2Kh1WA
Cc: "Virginie.GALINDO@gemalto.com" <Virginie.GALINDO@gemalto.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] [saag] Fwd: W3C Web Crypto API - moving to Last Call
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Mar 2014 18:15:53 -0000

Hi Stephen,

[Cross-posting to CFRG, since it seems relevant]

On 21/03/2014 17:54, "Stephen Farrell" <stephen.farrell@cs.tcd.ie> wrote:

>-------- Original Message --------
>From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
>Sent: 21 March 2014 17:10:45 GMT+00:00
>To: Jim Schaad <ietf@augustcellars.com>, "odonoghue@isoc.org"
><odonoghue@isoc.org>, "stephen.farrell@cs.tcd.ie"
><stephen.farrell@cs.tcd.ie>, "Kathleen.Moriarty.ietf@gmail.com"
><Kathleen.Moriarty.ietf@gmail.com>
>Cc: Harry Halpin <hhalpin@w3.org>, "wseltzer@w3.org" <wseltzer@w3.org>
>Subject: W3C Web Crypto API - moving to Last Call
>
>Hi IETF and JOSE team,
>
>
>
>The Web Cryptography Working Group has decided to go to Last Call for the
>Web Cryptography API next week. We'd like to make sure your group has
>enough time to review the specification. Is four weeks enough time? If I
>don't hear back from you, I am going to assume it is enough time. Our
>latest draft is here:
>
>
>
>https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html
>
>
>
>Regards,
>
>Virginie Galindo
>
>Gemalto
>
>chair of W3C web crypto wg
>


Tibor Jager, Juarj Somorovsky and I sent this team feedback some time ago
about the undesirability of standardising already-broken algorithms and
modes (e.g. PKCS#1v1.5 encryption, CBC-mode encryption with no integrity
protection). 

This was in response to a request for feedback from CFRG. We gave them
chapter and verse (and citations) about why this is generally a BAD IDEA:

http://lists.w3.org/Archives/Public/public-webcrypto/2012Sep/0186.html

The broken algorithms and modes are still in the Web Crypto document.
Moreover, there are no relevant warnings about these broken algorithms and
modes in the "security considerations" section of the current Web Crypto
draft.

Needless to say, I'm not minded to provide any more free advice to this
group.

Cheers,

Kenny

v2.23.0 | Report a Bug | By Email