W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2015

Re: Diffie-Hellman in WebCrypto?

From: Harry Halpin <hhalpin@w3.org>
Date: Mon, 05 Oct 2015 14:03:54 -0400
Message-ID: <5612BB8A.2030507@w3.org>
To: Ryan Sleevi <sleevi@google.com>, Eric Roman <ericroman@google.com>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>


On 10/05/2015 01:52 PM, Ryan Sleevi wrote:
> Its use in a wide variety of protocols that one might want to
> implement in JS is somewhat suspect (c.f. the DH attacks in TLS
> resulting in the negotiated-dh) - much like PKCS#1v1.5 encryption.
>
> It's markedly slower than the elliptic curve counterpart.
>
> And not to mention the keysystem attacks in static/ephemeral
> negotiations (note: not ephemeral/ephemeral)
>
> We've seen no demand for it, no use cases that can't otherwise be met,
> and are already in the process of deprecating DHE elsewhere (e.g. in
> TLS). So we have no plans to implement at this time.

Sounds reasonable to me, particularly given the Weak DH attacks, but
wanted to double-check before we removed DH from the spec.

         cheers,
              harry

>
> On Mon, Oct 5, 2015 at 9:41 AM, Eric Roman <ericroman@google.com
> <mailto:ericroman@google.com>> wrote:
>
>     On Mon, Oct 5, 2015 at 9:10 AM, Harry Halpin <hhalpin@w3.org
>     <mailto:hhalpin@w3.org>> wrote:
>
>         On 10/05/2015 12:08 PM, Eric Roman wrote:
>>         Chrome is not planning to implement DH:
>>         https://code.google.com/p/chromium/issues/detail?id=438391
>
>         Any reason why?
>
>         It seems relatively stable.
>
>
>     Ryan, can you comment on the specifics?
>
>
>           yours,
>              harry
>
>>
>>         On Mon, Oct 5, 2015 at 8:45 AM, Harry Halpin <hhalpin@w3.org
>>         <mailto:hhalpin@w3.org>> wrote:
>>
>>             Is there any plans from Microsoft or Google's side to support
>>             Diffie-Hellman key exchange?
>>
>>             It's implemented by Mozilla and seems to be a well-known
>>             primitive that
>>             should, in general, be supported as its used in a wide
>>             variety of
>>             protocols one might want to implement in Javascript.
>>
>>               yours,
>>                    harry
>>
>>
>>
>>
>
>
>
Received on Monday, 5 October 2015 18:03:56 UTC

This archive was generated by hypermail 2.3.1 : Monday, 5 October 2015 18:03:57 UTC