crypto-ISSUE-53 (CBC): Add a note to AES-CBC and add AES-PSM? from Web Cryptography Working Group Issue Tracker on 2013-09-30 (public-webcrypto@w3.org from September 2013)

From: Web Cryptography Working Group Issue Tracker <sysbot+tracker@w3.org>
Date: Mon, 30 Sep 2013 20:44:04 +0000
To: public-webcrypto@w3.org
Message-Id: <E1VQkK4-0007TV-Vb@stuart.w3.org>

crypto-ISSUE-53 (CBC): Add a note to AES-CBC and add AES-PSM?

http://www.w3.org/2012/webcrypto/track/issues/53

Raised by: Asad Ali
On product: 

I know you warned me about this, but the use of the words "Recommended algorithms" is somewhat confusing, especially since the list includes several weak algorithms.     

Any chance the section can be titled "Recommended algorithms for backwards compatibility" ?


 I would encourage the authors to not give AES-CBC as example code.   This
should be changed to AES-GCM.  (Dan Boneh)
----

AES-CBC should not be used for encryption at all in his opinion. Mike Jones disagreed, noting it could be used correctly.

A note specifying that AES-CBC should not be used for new protocols (at least without authentication). Dan would encourage use AES-PSM be added, refer to IETF (http://datatracker.ietf.org/doc/draft-mcgrew-aead-aes-cbc-hmac-sha2/) or federal version.

Received on Monday, 30 September 2013 20:44:06 UTC