- From: Ryan Sleevi <sleevi@google.com>
- Date: Fri, 15 Mar 2013 08:35:30 -0700
- To: Harry Halpin <hhalpin@w3.org>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
In discussions with others at IETF, this is not something that the CFRG tries to provide. That is, the CFRG helps provide input and design, particularly around the design of *new* protocols. This is not a suitable overlap with what you want - which is development guidance for the use of particular algorithms. The CFRG cipher catalog, which you have previously requested to reference, is entirely in the context of discussion of ciphers *in use by standard protocols*. You do not, for example, see discussions of OTR/mpOTR. Respectfully, a "how to be a cryptographer" is not a good activity. On Fri, Mar 15, 2013 at 8:10 AM, Harry Halpin <hhalpin@w3.org> wrote: > If so, it may be useful to discuss with them their feedback (via Zooko) to > the API. > > I have thought, and this came up in an OECD discussion with the IETF chair, > that per-algorithm security considerations *in a separate RFC* might be a > good idea. Note this is a separate conversation than the registry, but would > address their comments by putting the ball back in their court, so to speak. > > Then our API can point to their RFC, which they can then keep updated as > long as the CFRG runs. Did the CFRG discuss this, or the API, at all? > > cheers, > harry > > >
Received on Friday, 15 March 2013 15:36:01 UTC