W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2012

RE: Action-8 - Base set of mandatory algorithms

From: Anthony Nadalin <tonynad@microsoft.com>
Date: Fri, 20 Jul 2012 17:25:10 +0000
To: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
CC: "S.Durbha@cablelabs.com" <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, David Rogers <david.rogers@copperhorses.com>
Message-ID: <B26C1EF377CB694EAB6BDDC8E624B6E7555025A3@BL2PRD0310MB362.namprd03.prod.outlook.com>
We are working through a matrix of what is real for developers and what has been proposed, should have an idea soon

From: GALINDO Virginie [mailto:Virginie.GALINDO@gemalto.com]
Sent: Thursday, July 19, 2012 2:48 PM
To: Anthony Nadalin
Cc: S.Durbha@cablelabs.com; public-webcrypto@w3.org; David Rogers
Subject: RE: Action-8 - Base set of mandatory algorithms

Do you foresee some high discrepancy compared to the list Seetharama and David offered - if we include also Eric, WTC and Richard  suggestions ?

From: Anthony Nadalin [mailto:tonynad@microsoft.com]<mailto:[mailto:tonynad@microsoft.com]>
Sent: mardi 17 juillet 2012 00:51
To: David Rogers; public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Cc: S.Durbha@cablelabs.com<mailto:S.Durbha@cablelabs.com>
Subject: RE: Action-8 - Base set of mandatory algorithms

I think it would be better to look the environments like .Net, OSX, iOS, Android Java, Java, node.js and PHP to see what is actually implemented.

From: David Rogers [mailto:david.rogers@copperhorses.com]
Sent: Monday, July 16, 2012 12:10 PM
To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Cc: S.Durbha@cablelabs.com<mailto:S.Durbha@cablelabs.com>
Subject: Action-8 - Base set of mandatory algorithms

Hi all,

Please find below a proposal for the base set of mandatory algorithms on behalf of Seetharama and myself. Our aim has been to baseline but also to at least give us a 'fresh start'. We didn't think putting loads of legacy in for the sake of it is going to be either good for the web or good for security. That said, we've tried to be reasonably pragmatic in the list. We've also tried to think about small device uses such as mobile. For example, we have not included SHA-384 because the computational cost is about the same as SHA-512 so it isn't worth putting it in as a base (for example for mobile apps). As a reference, this is also mentioned in RFC-4051:

"2.1.3.  SHA-384


   The SHA-384 algorithm [FIPS-180-2] takes no explicit parameters.  An
   example of a SHA-384 DigestAlgorithm element is:

      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />

   A SHA-384 digest is a 384 bit string.  The content of the DigestValue
   element shall be the base64 [RFC2405] encoding of this string viewed
   as a 48-octet stream.  Because it takes roughly the same amount of
   effort to compute a SHA-384 message digest as a SHA-512 digest and
   terseness is usually not a criteria in XML application, consideration
   should be given to the use of SHA-512 as an alternative.

Anyway, this is a start and I hope we can agree this list as a starting point:

Encryption Algorithms:

Encryption Modes:

Hash Functions:

HMAC with SHA-256
HMAC with SHA-512

Key Agreement
Diffie-Hellman (1024/1536/2048 bit keys)

Key Transport
AES-128 key wrap
AES-256 key wrap
RSAES (1024/1536/2048 bit keys)

Signature Schemes
DSA (1024/1536/2048 keys)
RSASSA (1024/1536/2048 bit keys) with SHA-256
RSASSA (1024/1536/2048 bit keys) with SHA-512

Key Derivation Functions
Concat KDF with SHA-256
Concat KDF with SHA-512



David Rogers
Copper Horse Solutions Limited
Web: http://www.copperhorsesolutions.com<http://www.copperhorsesolutions.com/>
Blog: http://blog.mobilephonesecurity.org<http://blog.mobilephonesecurity.org/>
Twitter: http://twitter.com/drogersuk (@drogersuk)
Received on Friday, 20 July 2012 17:26:22 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:11 UTC