Re: Recommended Algorithms and Registry issue from Thomas Roessler on 2013-09-11 (public-webcrypto@w3.org from September 2013)

From: Thomas Roessler <tlr@w3.org>
Date: Wed, 11 Sep 2013 10:36:43 +0200
To: Ryan Sleevi <sleevi@google.com>
Cc: public-webcrypto@w3.org
Message-Id: <CCF295A4-19EB-443A-804B-296283B20ABA@w3.org>

On 2013-09-10, at 22:27 +0200, Ryan Sleevi <sleevi@google.com> wrote:

> The issue is not convincing me, or anyone, that AES-CBC without integrity is bad - that's obvious to anyone familiar with basic cryptographic constructions, much in the same way using AES-ECB beyond a block sizes' worth of data (eg: the AES-KW case) or using AES-CTR without integrity protection that includes the counter value.
> 
> I'm fully in favour of characterizing "recommended" as "recommended for implementations",

+1

> with a split between "Recommended to support existing applications" and "Recommended to support new applications" dichotomy,

+1

Also, it is probably worth pointing out explicitly that, in the first list, the primary goal of the selection is compatibility, not security.

I believe the obvious difference between these two lists of algorithms is AES-CBC vs. AES-GCM.  Are there other choices that you would recommend to make different for a "recommended to support new applications" list?

Received on Wednesday, 11 September 2013 08:36:46 UTC