W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2013

Re: Defaults: Getting concrete (round 2)

From: Wan-Teh Chang <wtc@google.com>
Date: Wed, 17 Apr 2013 19:25:42 -0700
Message-ID: <CALTJjxHVi=EGCsj9KPLwkYW9=vX1y58UG_7yfTs=rdG_p0_evw@mail.gmail.com>
To: Richard Barnes <rbarnes@bbn.com>
Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Hi Richard,

1. I think you have identified the parameters that can have good
default values. In contrasts, parameters such as RSA key size and the
hash algorithm used in a signature don't have default values that will
be good forever.

2. I agree with your proposed default values for the 'iv' parameter of
AES-CBC and AES-CFB. However, if the iv is a random value generated by
the UA, it must be part of the output of encryption, for example, as
the first ciphertext block. The spec will need to address this.

3. As for the 'counter' parameter of AES-CTR and the 'iv' parameter of
AES-GCM, their proper values are so specific to the protocol or
application in question that I believe the protocol or application
will end up fully specify what the proper value for 'counter' or 'iv'
should be. For example, this is the case for the AES GCM cipher suites
for TLS (the GCMNonce structure in RFC 5288, Section 3). So it doesn't
seem as useful for the UA to provide default values for the 'counter'
parameter of AES-CTR and the 'iv' parameter of AES-GCM.

Wan-Teh
Received on Thursday, 18 April 2013 02:26:09 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:16 UTC