- From: Wan-Teh Chang <wtc@google.com>
- Date: Mon, 16 Jul 2012 15:35:41 -0700
- To: David Rogers <david.rogers@copperhorses.com>
- Cc: public-webcrypto@w3.org, S.Durbha@cablelabs.com
Hi David, Thank you for sending your proposal. I agree with your selection criteria in general. I have some comments. 1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't seem useful in practice. In addition, FIPS 186-3, which extends DSA to support key sizes greater than 1024 bits, does not specify a DSA key size of 1536 bits. 2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite B" specification. 3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both? Similarly for "RSASSA". 4. Do you think the HMAC-based KDF (HKDF), specified in RFC 5869, would be more appropriate than the NIST concatenation KDF? It seems that the concatenation KDF never became popular in practice. Wan-Teh
Received on Monday, 16 July 2012 22:36:08 UTC