W3C home > Mailing lists > Public > public-webcrypto@w3.org > February 2013

RE: Proposal for key wrap/unwrap (ISSUE-35)

From: Mark Watson <watsonm@netflix.com>
Date: Mon, 25 Feb 2013 21:18:20 +0000
To: Ryan Sleevi <sleevi@google.com>
CC: "public-webcrypto@w3.org Group" <public-webcrypto@w3.org>
Message-ID: <438CCE43DFE22A4CBDBD3FDF65D8B20F799FF1B7@exmb106.corp.netflix.com>

From: Ryan Sleevi [sleevi@google.com]
Sent: Wednesday, January 16, 2013 7:13 PM
To: Mark Watson
Cc: public-webcrypto@w3.org Group
Subject: Re: Proposal for key wrap/unwrap (ISSUE-35)

Can you provide more design rationale for choosing RSA-KEM, rather
than the much more widely supported RSA-OAEP (eg: RFC 3560). I don't
know of a single well-tested, CORRECT implementation of RSA-KEM in the
popular cryptographic libraries and bindings.

MW> Ryan, we looked in detail at RSA-OAEP key transport and there is an issue in that it does not support payloads of arbitrary size - as required for JWK format payloads. At least not without using RSA keys of arbitrary size.

Do you have any other suggestions for RSA-based key wrap/unwrap ?

We also looked in detail at RSA-KEM and it doesn't look so bad after all. In fact it's much easier to understand than the RSA-OAEP documentation.

Received on Monday, 25 February 2013 21:18:49 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:15 UTC