Re: comments on web crypto API: Diffie-Hellman parameters [3/6] from Ryan Sleevi on 2013-05-23 (public-webcrypto-comments@w3.org from May 2013)

From: Ryan Sleevi <sleevi@google.com>
Date: Thu, 23 May 2013 10:13:15 -0700
To: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@esat.kuleuven.be>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, danny de cock <Danny.DeCock@esat.kuleuven.be>, Filipe Beato <filipe.beato@esat.kuleuven.be>
Message-ID: <CACvaWvZFafXv+qnjcMaYNa7=e7MAi-ej+DPEUzJfVk-NMtKh3Q@mail.gmail.com>

On Thu, May 23, 2013 at 1:42 AM, Nikos Mavrogiannopoulos
<nikos.mavrogiannopoulos@esat.kuleuven.be> wrote:
> The diffie-hellman parameters in 19.13.3 are restricted to the prime and
> generator. With that information special parameters that allow for
> optimizations (see "Computational Introduction to Number Theory and Algebra"
> by V. Shoup) are not allowed (an example is when p=2wq+1). An easy way to
> overcome this restriction would be to add an additional parameter that
> indicates the desired size of the private key, similarly to PKCS #3 format
> for DH.
>
>
>
>

This omission was intentional, due to lack of wide implementation of support.

You can see such design decisions in other algorithm parameter
choices, such as the lack of selection of MGF algorithm in OAEP/PSS,
even though some implementations (eg: PKCS#11) may allow for such
flexibility.

Received on Thursday, 23 May 2013 17:13:46 UTC