Re: Action-8 - Base set of mandatory algorithms from Eric Rescorla on 2012-07-16 (public-webcrypto@w3.org from July 2012)

From: Eric Rescorla <ekr@rtfm.com>
Date: Mon, 16 Jul 2012 15:44:46 -0700
To: Wan-Teh Chang <wtc@google.com>
Cc: David Rogers <david.rogers@copperhorses.com>, public-webcrypto@w3.org, S.Durbha@cablelabs.com
Message-ID: <CABcZeBOU=qHOOTWwktpa_F6HEWicXxNLCzgdtSwYB4xX0xJ1-A@mail.gmail.com>

On Mon, Jul 16, 2012 at 3:35 PM, Wan-Teh Chang <wtc@google.com> wrote:
> Hi David,
>
> Thank you for sending your proposal.  I agree with your selection
> criteria in general.  I have some comments.
>
> 1. The 1536-bit key size for Diffie-Hellman, DSA, and RSA keys doesn't
> seem useful in practice.  In addition, FIPS 186-3, which extends DSA
> to support key sizes greater than 1024 bits, does not specify a DSA
> key size of 1536 bits.
>
> 2. SHA-384 seems more useful than SHA-512 because of the US NSA "Suite
> B" specification.
>
> 3. By "RSAES", did you mean RSAES-OAEP, RSAES-PKCS1-V1_5, or both?
> Similarly for "RSASSA".

FWIW, I think it's clear that we need to have PKCS #1 1.5, since that's
basically what all current protocols use.

-Ekr

Received on Monday, 16 July 2012 22:45:54 UTC