W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25607] Need to advise authors about security considerations

From: <bugzilla@jessica.w3.org>
Date: Thu, 08 May 2014 22:34:35 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25607-7213-gan6VLSYXY@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607

--- Comment #6 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Rich Salz from comment #5)
> At least arguing in BZ you get more than 140 chars.  Sigh.
> 
> I don't care what your opinion is about particular ciphers, any more than
> you should care about mine.  A band of cryptographers and the open
> literature should be taken as definitive.  Not what you are I say.

And you're needlessly reducing the security analysis, which is often triggered
on specific conditions or combinations.

Implying that they're unsafe-for-any-purpose is not a fair or accurate
representation, and covering the nuances is a far more involved task that is
suitable for the CFRG or similar, as has already been discussed.

This is the entire point - ANY discussion of "security" inevitably depends on
the context, and it's this context that we clearly have disagreement on, and
for which opinions clearly matter.

> 
> I believe that if you take the changes here, you can close those other BZ
> reports with a straight face saying "we didn't disallow anything but we put
> in real security considerations."  I will contact the other reporters for
> their opinion.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Thursday, 8 May 2014 22:34:39 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC