W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

RE: Action-8 - Base set of mandatory algorithms

From: Anthony Nadalin <tonynad@microsoft.com>
Date: Mon, 16 Jul 2012 22:48:28 +0000
To: Eric Rescorla <ekr@rtfm.com>, Wan-Teh Chang <wtc@google.com>
CC: David Rogers <david.rogers@copperhorses.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, "S.Durbha@cablelabs.com" <S.Durbha@cablelabs.com>
Message-ID: <B26C1EF377CB694EAB6BDDC8E624B6E7554FE55E@BL2PRD0310MB362.namprd03.prod.outlook.com>
Agree on the PKCS 1.5, I would not say the same thing for OAEP

-----Original Message-----
From: Eric Rescorla [mailto:ekr@rtfm.com] 
Sent: Monday, July 16, 2012 3:45 PM
To: Wan-Teh Chang
Cc: David Rogers; public-webcrypto@w3.org; S.Durbha@cablelabs.com
Subject: Re: Action-8 - Base set of mandatory algorithms

On Mon, Jul 16, 2012 at 3:35 PM, Wan-Teh Chang <wtc@google.com> wrote:
> Hi David,
>
> Thank you for sending your proposal.  I agree with your selection 
> criteria in general.  I have some comments.
>
> 1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't 
> seem useful in practice.  In addition, FIPS 186-3, which extends DSA 
> to support key sizes greater than 1024 bits, does not specify a DSA 
> key size of 1536 bits.
>
> 2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite 
> B" specification.
>
> 3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both?
> Similarly for "RSASSA".

FWIW, I think it's clear that we need to have PKCS #1 1.5, since that's basically what all current protocols use.

-Ekr
Received on Monday, 16 July 2012 22:49:08 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC