W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

Re: Action-8 - Base set of mandatory algorithms

From: Wan-Teh Chang <wtc@google.com>
Date: Mon, 16 Jul 2012 15:35:41 -0700
Message-ID: <CALTJjxEGdPhxgUF6aFEG_pTjWfywnxbCVq5FB-+zrRv7b6ipHA@mail.gmail.com>
To: David Rogers <david.rogers@copperhorses.com>
Cc: public-webcrypto@w3.org, S.Durbha@cablelabs.com
Hi David,

Thank you for sending your proposal.  I agree with your selection
criteria in general.  I have some comments.

1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't
seem useful in practice.  In addition, FIPS 186-3, which extends DSA
to support key sizes greater than 1024 bits, does not specify a DSA
key size of 1536 bits.

2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite
B" specification.

3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both?
Similarly for "RSASSA".

4. Do you think the HMAC-based KDF (HKDF), specified in RFC 5869,
would be more appropriate than the NIST concatenation KDF?  It seems
that the concatenation KDF never became popular in practice.

Received on Monday, 16 July 2012 22:36:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC