W3C home > Mailing lists > Public > public-webcrypto@w3.org > September 2012

Re: Support for ECB

From: Richard Barnes <rbarnes@bbn.com>
Date: Thu, 13 Sep 2012 13:28:13 -0400
Cc: Zooko Wilcox-OHearn <zooko@leastauthority.com>, sleevi@google.com, public-webcrypto@w3.org
Message-Id: <5E4120C4-3F4B-481E-ACA8-110132BCF889@bbn.com>
To: Emily Stark <estark@MIT.EDU>
By "unsafe namespace", do you mean that we would put things like ECB under a special namespace to say "Don't use these unless you know what you're doing?"



On Sep 13, 2012, at 12:41 PM, Emily Stark wrote:

> I can't find discussion on the mailing list about the unsafe namespace idea (maybe my search skills are failing me) -- are there arguments against it?
> 
> 
> On Thu, Sep 13, 2012 at 12:17 PM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote:
> On Tue, Sep 11, 2012 at 12:15 PM, Ryan Sleevi <sleevi@google.com> wrote:
> >
> > To bootstrap any of the following modes with suitable performance
> > characteristics:
> >
> > CTR || CCM (which starts with CTR) || GCM (which starts with CTR)
> 
> I don't understand how a situation could arise where a programmer
> would need to use ECB mode to implement these (or for any other
> purpose). It seems like that situation would arise only if the
> underlying platform offered ECB mode but not CTR mode. But why don't
> we just discourage implementors from offering ECB mode and encourage
> them to offer CTR mode? (And, as previously suggested, encourage them
> to offer an AES block-encryption function that operates on only a
> single block.)
> 
> Regards,
> 
> Zooko Wilcox-O'Hearn
> 
> Founder, CEO, and Customer Support Rep -- Least Authority Enterprises
> 
> https://leastauthority.com
> 
> 
Received on Thursday, 13 September 2012 17:28:41 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Thursday, 13 September 2012 17:28:42 GMT