W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 25607] Need to advise authors about security considerations

From: <bugzilla@jessica.w3.org>
Date: Tue, 01 Jul 2014 03:08:43 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25607-7213-6HgOcDfPW9@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607

--- Comment #23 from Rich Salz <rsalz@akamai.com> ---
If there's too much technical detail it will go over the heads of those who
most need guidance.  If you want such detail, see the link in comment 9.

As for avoiding a 'living spec' kind of thing, that's the problem with
security: it's all about trade-offs.  You can have a document for the ages that
will never be wrong, but if absent advice of the moment can lead people astray.
If that's what the WG wants, so be it. Others (see comment 7 for example) would
disagree.

As for the criteria of which algorithms get marked and which don't: I based it
on the advice of Paterson, Graham, Rogaway, NIST, and similar authorities.
Backed up by the papers listed in the would-be security references section. If
the WG wants to make more conservative choices, more power to them.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 1 July 2014 03:08:44 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC