W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: Defaults issues with AES-GCM

From: Ryan Sleevi <sleevi@google.com>
Date: Wed, 17 Apr 2013 18:18:26 -0700
Message-ID: <CACvaWvZr65rZ_ocmC_vwKV25aXsxVeOTyja_81iukmBJ9NZSiQ@mail.gmail.com>
To: Richard Barnes <rbarnes@bbn.com>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
On Wed, Apr 17, 2013 at 5:52 PM, Richard Barnes <rbarnes@bbn.com> wrote:
> Two minor issues with AesGcmParams:
>
> 1. AdditionalData is optional, but GCM requires an AAD string, even if it's empty (SP800-38D, Section 5.2.1.1).  So it might be helpful to note that if not present, it MUST be set to an ArrayBufferView representing the empty byte string.

+1

>
> 2. Why is the default tagLength zero?  If that's the case, you might as well just use CTR and save some effort.  Suggest changing the default to 128, the full tag length.  As a bonus, this is compatible with RFC 5116.

+1

>
> Proposed revised AesGcmParams:
>
> dictionary AesGcmParams : AlgorithmParameters {
>   // The initialization vector to use. May be up to 2^56 bytes long.
>   ArrayBufferView? iv;
>   // The additional authentication data to include.
>   // If not present, MUST be set to an ArrayBufferView representing
>   // the empty byte string.
>   ArrayBufferView? additionalData;
>   // The desired length of the authentication tag. May be 0 - 128.
>   [EnforceRange] octet? tagLength = 128;
> };
Received on Thursday, 18 April 2013 01:18:53 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC