- From: Simson L. Garfinkel via GitHub <sysbot+gh@w3.org>
- Date: Fri, 25 Feb 2022 22:34:58 +0000
- To: public-dxwg-wg@w3.org
I can refer you to the NIST Post-Quantum Cryptography FAQ. * https://csrc.nist.gov/Projects/post-quantum-cryptography/faqs * https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/evaluation-criteria/security-(evaluation-criteria) SQLite3 supports four encryption modes: * AES-256 in OFB mode (recommended for all new development) * AES-128 in OFB mode * AES-128 in CCM mode * RC4 with security enhancements (legacy only) https://www.sqlite.org/see/doc/trunk/www/readme.wiki So it would be useful to know if an SQLite3 database has encrypted data in AES-256 OFB mode, which would be quantum-resistant, and AES-128 OFB, which is not quantum-resistant. It would be nice to be able to document this in DCAT. There are other examples. For example, S3 allows AES-256 for server-side encryption, but for client side-encryption it can be AES-128 or AES-256: https://nifi.apache.org/docs/nifi-docs/components/org.apache.nifi/nifi-aws-nar/1.11.4/org.apache.nifi.processors.aws.s3.encryption.StandardS3EncryptionService/index.html It would be useful to be able to document in DCAT which encryption mode is used. Checksums are encrypted, but they are encrypted with asymmetric algorithms (public key algorithms) with private keys so that they can be decrypted with public keys. This is how digital signatures work. Checksums may also include a nonce. This is how HMACs work. If you wish, I can provide some references to public key cryptography. However, that would be out of scope with this request. -- GitHub Notification of comment by simsong Please view or discuss this issue at https://github.com/w3c/dxwg/issues/1457#issuecomment-1051326876 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 25 February 2022 22:35:00 UTC