Re: Diffie-Hellman in WebCrypto?

Is there known issues or reasons to believe it would be suspect to
implement in JS a client which is compatible with Off-the-Record v3
messaging or Cryptocat messaging?

Also, is there a known issue or reason to believe it would be suspect to
implement an SSH v2 over webrtc client?

How about a SMIME or PGP client that is compatible with existing DH keys?



On Mon, Oct 5, 2015 at 12:52 PM, Ryan Sleevi <sleevi@google.com> wrote:

> Its use in a wide variety of protocols that one might want to implement in
> JS is somewhat suspect (c.f. the DH attacks in TLS resulting in the
> negotiated-dh) - much like PKCS#1v1.5 encryption.
>
> It's markedly slower than the elliptic curve counterpart.
>
> And not to mention the keysystem attacks in static/ephemeral negotiations
> (note: not ephemeral/ephemeral)
>
> We've seen no demand for it, no use cases that can't otherwise be met, and
> are already in the process of deprecating DHE elsewhere (e.g. in TLS). So
> we have no plans to implement at this time.
>
> On Mon, Oct 5, 2015 at 9:41 AM, Eric Roman <ericroman@google.com> wrote:
>
>> On Mon, Oct 5, 2015 at 9:10 AM, Harry Halpin <hhalpin@w3.org> wrote:
>>
>>> On 10/05/2015 12:08 PM, Eric Roman wrote:
>>>
>>> Chrome is not planning to implement DH:
>>> https://code.google.com/p/chromium/issues/detail?id=438391
>>>
>>>
>>> Any reason why?
>>>
>>> It seems relatively stable.
>>>
>>
>> Ryan, can you comment on the specifics?
>>
>>
>>>   yours,
>>>      harry
>>>
>>>
>>> On Mon, Oct 5, 2015 at 8:45 AM, Harry Halpin <hhalpin@w3.org> wrote:
>>>
>>>> Is there any plans from Microsoft or Google's side to support
>>>> Diffie-Hellman key exchange?
>>>>
>>>> It's implemented by Mozilla and seems to be a well-known primitive that
>>>> should, in general, be supported as its used in a wide variety of
>>>> protocols one might want to implement in Javascript.
>>>>
>>>>   yours,
>>>>        harry
>>>>
>>>>
>>>>
>>>>
>>>
>>>
>>
>