- From: Ryan Sleevi <sleevi@google.com>
- Date: Thu, 13 Sep 2012 10:38:11 -0700
- To: Richard Barnes <rbarnes@bbn.com>
- Cc: Emily Stark <estark@mit.edu>, Zooko Wilcox-OHearn <zooko@leastauthority.com>, public-webcrypto@w3.org
On Thu, Sep 13, 2012 at 10:28 AM, Richard Barnes <rbarnes@bbn.com> wrote:
> By "unsafe namespace", do you mean that we would put things like ECB under a special namespace to say "Don't use these unless you know what you're doing?"
Yes.
The exact details of how to do that are not immediately clear. Under
the current spec, this might require using a separate algorithm name -
eg: UNSAFE-AES-ECB - or require using a separate implementation of the
Crypto interface (eg: window.crypto.unsafe.createEncrypter('AES-ECB'
...)
>
>
>
> On Sep 13, 2012, at 12:41 PM, Emily Stark wrote:
>
>> I can't find discussion on the mailing list about the unsafe namespace idea (maybe my search skills are failing me) -- are there arguments against it?
>>
>>
>> On Thu, Sep 13, 2012 at 12:17 PM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote:
>> On Tue, Sep 11, 2012 at 12:15 PM, Ryan Sleevi <sleevi@google.com> wrote:
>> >
>> > To bootstrap any of the following modes with suitable performance
>> > characteristics:
>> >
>> > CTR || CCM (which starts with CTR) || GCM (which starts with CTR)
>>
>> I don't understand how a situation could arise where a programmer
>> would need to use ECB mode to implement these (or for any other
>> purpose). It seems like that situation would arise only if the
>> underlying platform offered ECB mode but not CTR mode. But why don't
>> we just discourage implementors from offering ECB mode and encourage
>> them to offer CTR mode? (And, as previously suggested, encourage them
>> to offer an AES block-encryption function that operates on only a
>> single block.)
>>
>> Regards,
>>
>> Zooko Wilcox-O'Hearn
>>
>> Founder, CEO, and Customer Support Rep -- Least Authority Enterprises
>>
>> https://leastauthority.com
>>
>>
>
Received on Thursday, 13 September 2012 17:38:39 UTC