- From: Ryan Sleevi <sleevi@google.com>
- Date: Wed, 26 Jun 2013 10:36:24 -0700
- To: Alessandro Di Federico <alessandro.difederico@mail.polimi.it>
- Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>, Michele Beretta <michele3.beretta@mail.polimi.it>
On Tue, Jun 25, 2013 at 7:16 AM, Alessandro Di Federico <alessandro.difederico@mail.polimi.it> wrote: > Hi, I'm a Ms.C student from Politecnico di Milano, and I'm using the > WebCryptoAPI (PolyCrypto, right now) for my thesis. > > I've some suggestions/questions about the WebCryptoAPI: > > 1. Why don't you include the newly standardized SHA-3 hashing > algorithm in the document? While Keccak has been chosen for SHA-3, NIST has not yet released recommended parameters that would define what SHA-3 actually is. > 2. It'd be nice to have an alternative to RSA for asymmetric > encryption, why don't you include ElGamal and EC-ElGamal? Per the charter and original discussions, this was based on exposing cryptographic functionality that browsers/user agents already had implemented (and applied for various controls for, such as export licenses) and exposing those to content scripts. With this criteria, ElGamal/EC-ElGamal are not widely implemented. > 3. For our project we need an authenticated Diffie-Hellman key > exchange, we plan to use HMQV [1]. We can implement it over the > standard DH primitive, but having it native would be the best. > Can you consider to include it? For the same criteria given above, I think it's unlikely. Likewise, begin the debate on HMQV vs FHMQV. > > Thanks in advance, > Alessandro Di Federico > > [1] http://link.springer.com/chapter/10.1007%2F11535218_33 > [2] http://www.w3.org/TR/WebCryptoAPI/#dh-EcdhKeyDeriveParams > > > > >
Received on Wednesday, 26 June 2013 17:36:51 UTC