W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > December 2012

Re: feedback from CFRG

From: Anders Rundgren <anders.rundgren@telia.com>
Date: Sun, 30 Dec 2012 13:47:28 +0100
Message-ID: <50E037E0.5080809@telia.com>
CC: zooko@leastauthority.com, "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
http://lists.w3.org/Archives/Public/public-webcrypto/2012Sep/0186.html

A possible way addressing these issues (which also has the advantage that it can be applied to algorithms that for some reason are found inadequate in the future), is that during key creation limit the key to a set of endorsed algorithms.   The following XML fragment shows how this concept has been integrated in the SKS/KeyGen2 scheme ("KeyEntry" is a create-key object):

<KeyEntry
   AppUsage="authentication"
   EndorsedAlgorithms="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"
   ID="Key.1"
   KeyAlgorithm="http://xmlns.webpki.org/keygen2/1.0#algorithm.rsa2048"
   MAC="nlO9pILictqoygLtxC8n/lML9uPEkL1XEeBTQuSRrYM="/>

Regarding the risk that somebody uses a "bad" algorithm this is probably only going to happen in closed communities and IMO such communities tend to screw-up the rest as well so I wouldn't worry too much about that.   IMO, it should be enough with a note "Not recommended for new designs".

Anders
Received on Sunday, 30 December 2012 12:48:03 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 30 December 2012 12:48:04 GMT