- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 19 Sep 2012 16:14:24 -0700
- To: Travis Mayberry <travism@ccs.neu.edu>
- Cc: public-webcrypto-comments@w3.org
Filed this as https://www.w3.org/Bugs/Public/show_bug.cgi?id=18925 to make sure we've captured the feedback for future discussion. Thanks again. On Wed, Sep 19, 2012 at 12:20 PM, Ryan Sleevi <sleevi@google.com> wrote: > On Wed, Sep 19, 2012 at 11:50 AM, Travis Mayberry <travism@ccs.neu.edu> wrote: >> Right, I can see how that could get out of hand rather quickly. The >> difference I see between those cases though is that counter mode and CBC >> each have advantages/disadvantages (i.e. counter mode allows for random >> access to encrypted data) that warrant using one over the other depending on >> the scenario. Hopefully developers will investigate the different modes >> before they pick the one that most suits their situation. PKCS#1 and OAEP >> on the other hand are functionally equivalent, but one has potential >> security holes and the other does not. > > Like Wan-Teh mentioned, the concern is not one necessarily of > functionality (yes, they both use RSA keys to perform encryption or, > in the case of PSS, signing), but of deployment/support. This includes > both platform-native support (which is fairly good post XP-SP2), but > also support for secure elements, TPMs, etc, where it's unfortunately > lacking. > > So the concern is less one of functionality, and more one of > compatibility between systems and between (existing) protocols. > > But yes, you've definitely picked on an issue we've discussed at a > fair length so far (and for which other groups, such as the IETF's > JOSE WG, have also discussed at fair length)
Received on Wednesday, 19 September 2012 23:14:52 UTC