- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 19 Sep 2012 12:20:48 -0700
- To: Travis Mayberry <travism@ccs.neu.edu>
- Cc: public-webcrypto-comments@w3.org
On Wed, Sep 19, 2012 at 11:50 AM, Travis Mayberry <travism@ccs.neu.edu> wrote: > Right, I can see how that could get out of hand rather quickly. The > difference I see between those cases though is that counter mode and CBC > each have advantages/disadvantages (i.e. counter mode allows for random > access to encrypted data) that warrant using one over the other depending on > the scenario. Hopefully developers will investigate the different modes > before they pick the one that most suits their situation. PKCS#1 and OAEP > on the other hand are functionally equivalent, but one has potential > security holes and the other does not. Like Wan-Teh mentioned, the concern is not one necessarily of functionality (yes, they both use RSA keys to perform encryption or, in the case of PSS, signing), but of deployment/support. This includes both platform-native support (which is fairly good post XP-SP2), but also support for secure elements, TPMs, etc, where it's unfortunately lacking. So the concern is less one of functionality, and more one of compatibility between systems and between (existing) protocols. But yes, you've definitely picked on an issue we've discussed at a fair length so far (and for which other groups, such as the IETF's JOSE WG, have also discussed at fair length)
Received on Wednesday, 19 September 2012 19:21:16 UTC