Action-8 - Base set of mandatory algorithms from David Rogers on 2012-07-16 (public-webcrypto@w3.org from July 2012)

From: David Rogers <david.rogers@copperhorses.com>
Date: Mon, 16 Jul 2012 20:09:35 +0100
To: <public-webcrypto@w3.org>
Cc: <S.Durbha@cablelabs.com>
Message-ID: <000001cd6386$8a566e20$9f034a60$@copperhorses.com>

Hi all,

 

Please find below a proposal for the base set of mandatory algorithms on
behalf of Seetharama and myself. Our aim has been to baseline but also to at
least give us a 'fresh start'. We didn't think putting loads of legacy in
for the sake of it is going to be either good for the web or good for
security. That said, we've tried to be reasonably pragmatic in the list.
We've also tried to think about small device uses such as mobile. For
example, we have not included SHA-384 because the computational cost is
about the same as SHA-512 so it isn't worth putting it in as a base (for
example for mobile apps). As a reference, this is also mentioned in
RFC-4051:

 

"2.1.3.  SHA-384

 

   Identifier:

      http://www.w3.org/2001/04/xmldsig-more#sha384

 

   The SHA-384 algorithm [FIPS-180-2] takes no explicit parameters.  An

   example of a SHA-384 DigestAlgorithm element is:

 

   <DigestAlgorithm

      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />

 

   A SHA-384 digest is a 384 bit string.  The content of the DigestValue

   element shall be the base64 [RFC2405] encoding of this string viewed

   as a 48-octet stream.  Because it takes roughly the same amount of

   effort to compute a SHA-384 message digest as a SHA-512 digest and

   terseness is usually not a criteria in XML application, consideration

   should be given to the use of SHA-512 as an alternative.

"

 

Anyway, this is a start and I hope we can agree this list as a starting
point:

 

 

Encryption Algorithms:

AES-128

AES-256

 

Encryption Modes:

CTR

CBC

GCM

 

Hash Functions:

SHA-256

SHA-512

 

MACs

HMAC with SHA-256

HMAC with SHA-512

 

Key Agreement

Diffie-Hellman (1024/1536/2048 bit keys)

 

Key Transport

AES-128 key wrap

AES-256 key wrap

RSAES (1024/1536/2048 bit keys)

 

Signature Schemes

DSA (1024/1536/2048 keys)

RSASSA (1024/1536/2048 bit keys) with SHA-256

RSASSA (1024/1536/2048 bit keys) with SHA-512

 

Key Derivation Functions

Concat KDF with SHA-256

Concat KDF with SHA-512

 

 

Thanks,

 

 

David.

 

__________________________________________________________________

David Rogers

Director

Copper Horse Solutions Limited

david.rogers@copperhorses.com

Web: http://www.copperhorsesolutions.com
<http://www.copperhorsesolutions.com/>  

Blog: http://blog.mobilephonesecurity.org
<http://blog.mobilephonesecurity.org/> 

Twitter: http://twitter.com/drogersuk (@drogersuk)

__________________________________________________________________

Received on Monday, 16 July 2012 19:17:55 UTC