W3C home > Mailing lists > Public > public-webcrypto@w3.org > April 2014

[Bug 25431] Error names allow RSAES-PKCS1-v1_5 oracle attack against wrapped keys

From: <bugzilla@jessica.w3.org>
Date: Tue, 29 Apr 2014 23:05:18 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25431-7213-hGXNUPyXXm@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25431

Richard Barnes <rlb@ipv.sx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |rlb@ipv.sx

--- Comment #2 from Richard Barnes <rlb@ipv.sx> ---
The changes needed to make this safe would make the API even more cryptic to
devs than it already is.  I would prefer to just drop RSAES-PKCS1-v1_5 from
unwrapKey.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 29 April 2014 23:05:19 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC