W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

Re: Action-8 - Base set of mandatory algorithms

From: Wan-Teh Chang <wtc@google.com>
Date: Mon, 16 Jul 2012 15:35:41 -0700
Message-ID: <CALTJjxEGdPhxgUF6aFEG_pTjWfywnxbCVq5FB-+zrRv7b6ipHA@mail.gmail.com>
To: David Rogers <david.rogers@copperhorses.com>
Cc: public-webcrypto@w3.org, S.Durbha@cablelabs.com
Hi David,

Thank you for sending your proposal.  I agree with your selection
criteria in general.  I have some comments.

1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't
seem useful in practice.  In addition, FIPS 186-3, which extends DSA
to support key sizes greater than 1024 bits, does not specify a DSA
key size of 1536 bits.

2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite
B" specification.

3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both?
Similarly for "RSASSA".

4. Do you think the HMAC-based KDF (HKDF), specified in RFC 5869,
would be more appropriate than the NIST concatenation KDF?  It seems
that the concatenation KDF never became popular in practice.

Wan-Teh
Received on Monday, 16 July 2012 22:36:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC