W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

Re: Action-8 - Base set of mandatory algorithms

From: Richard L. Barnes <rbarnes@bbn.com>
Date: Mon, 16 Jul 2012 18:42:14 -0400
Cc: David Rogers <david.rogers@copperhorses.com>, public-webcrypto@w3.org, S.Durbha@cablelabs.com
Message-Id: <E5982812-7C09-4345-BC85-EDF6DCB9C429@bbn.com>
To: Wan-Teh Chang <wtc@google.com>
Meta-suggestion here: It would be really good for this list to have a high degree of overlap with the JOSE algorithms.

There's more text in the JWA document, but I like Wan-Teh's approach a little better.  It's good to have requirements to tie the algorithms back to.

For 3: My impression is that it would be marginally safer to use RSAES-OAEP, and it is pretty widely implemented.


On Jul 16, 2012, at 6:35 PM, Wan-Teh Chang wrote:

> Hi David,
> Thank you for sending your proposal.  I agree with your selection
> criteria in general.  I have some comments.
> 1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't
> seem useful in practice.  In addition, FIPS 186-3, which extends DSA
> to support key sizes greater than 1024 bits, does not specify a DSA
> key size of 1536 bits.
> 2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite
> B" specification.
> 3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both?
> Similarly for "RSASSA".
> 4. Do you think the HMAC-based KDF (HKDF), specified in RFC 5869,
> would be more appropriate than the NIST concatenation KDF?  It seems
> that the concatenation KDF never became popular in practice.
> Wan-Teh
Received on Monday, 16 July 2012 22:42:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC