- From: Wan-Teh Chang <wtc@google.com>
- Date: Tue, 23 Apr 2013 12:50:44 -0700
- To: Richard Barnes <rbarnes@bbn.com>
- Cc: Ryan Sleevi <sleevi@google.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
I think there is a small number of parameters that the low-level API can provide reasonable defaults. 1. The IV for block cipher CBC and OFB modes. 2. The public exponent for RSA key generation. As for the nonce for block cipher CTR and GCM modes, there is usually an efficient way to achieve uniqueness if we know more about the application or protocol. For example, if when encrypting network packets, we can use the packet sequence numbers. This is why I think it is not as useful for the UA to generate default random nonces for CTR and GCM modes, even though it is easy to do so. Wan-Teh
Received on Tuesday, 23 April 2013 19:51:15 UTC