- From: Nikos Mavrogiannopoulos <nikos.mavrogiannopoulos@esat.kuleuven.be>
- Date: Thu, 23 May 2013 10:45:49 +0200
- To: <public-webcrypto-comments@w3.org>
- Cc: danny de cock <Danny.DeCock@esat.kuleuven.be>, Filipe Beato <filipe.beato@esat.kuleuven.be>
* In the security considerations there is no mentioning of attacks like user impersonation due to malicious javascript applications, which in our opinion is a big threat against such scheme. * Section 6: "If user agents permit keys to be re-used between origins, without performing any secondary operations such as key derivation that includes the origin," comes out of the blue. Where is key derivation or unique keys per origin are discussed before that? * Interface CryptoOperation. How a specific nonce or an IV to an algorithm is used? For example how could a MAC algorithm that requires a nonce with each message (i.e., UMAC) can be implemented? Or CBC or GCM encryption? Are the IV and nonces automatically generated? How do protocols that require specific nonces are handled? The AES-CTR/CBC algorithm solves it by specifying the nonce as part of the algorithm parameters, that as we understand is the optional array passed to SubtleCrypto::encrypt. That way in order to change the nonce/counter, the cipher has to be re-initialized (a new CryptoOperation has to be obtained) with the same key. That seems like a waste of resources. It looks like a method setNonce could help.
Received on Thursday, 23 May 2013 10:12:59 UTC