RE: Action-8 - Base set of mandatory algorithms from GALINDO Virginie on 2012-07-19 (public-webcrypto@w3.org from July 2012)

From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
Date: Thu, 19 Jul 2012 23:47:50 +0200
To: Anthony Nadalin <tonynad@microsoft.com>
CC: "S.Durbha@cablelabs.com" <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, David Rogers <david.rogers@copperhorses.com>
Message-ID: <076ED1F6CB375B4BB5CAE787369136070358C75B052D@CROEXCFWP04.gemalto.com>

Anthony,
Do you foresee some high discrepancy compared to the list Seetharama and David offered - if we include also Eric, WTC and Richard  suggestions ?
Regards,
Virginie

From: Anthony Nadalin [mailto:tonynad@microsoft.com]
Sent: mardi 17 juillet 2012 00:51
To: David Rogers; public-webcrypto@w3.org
Cc: S.Durbha@cablelabs.com
Subject: RE: Action-8 - Base set of mandatory algorithms

I think it would be better to look the environments like .Net, OSX, iOS, Android Java, Java, node.js and PHP to see what is actually implemented.

From: David Rogers [mailto:david.rogers@copperhorses.com]
Sent: Monday, July 16, 2012 12:10 PM
To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org>
Cc: S.Durbha@cablelabs.com<mailto:S.Durbha@cablelabs.com>
Subject: Action-8 - Base set of mandatory algorithms

Hi all,

Please find below a proposal for the base set of mandatory algorithms on behalf of Seetharama and myself. Our aim has been to baseline but also to at least give us a 'fresh start'. We didn't think putting loads of legacy in for the sake of it is going to be either good for the web or good for security. That said, we've tried to be reasonably pragmatic in the list. We've also tried to think about small device uses such as mobile. For example, we have not included SHA-384 because the computational cost is about the same as SHA-512 so it isn't worth putting it in as a base (for example for mobile apps). As a reference, this is also mentioned in RFC-4051:

"2.1.3.  SHA-384

   Identifier:
      http://www.w3.org/2001/04/xmldsig-more#sha384

   The SHA-384 algorithm [FIPS-180-2] takes no explicit parameters.  An
   example of a SHA-384 DigestAlgorithm element is:

   <DigestAlgorithm
      Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" />

   A SHA-384 digest is a 384 bit string.  The content of the DigestValue
   element shall be the base64 [RFC2405] encoding of this string viewed
   as a 48-octet stream.  Because it takes roughly the same amount of
   effort to compute a SHA-384 message digest as a SHA-512 digest and
   terseness is usually not a criteria in XML application, consideration
   should be given to the use of SHA-512 as an alternative.
"

Anyway, this is a start and I hope we can agree this list as a starting point:

Encryption Algorithms:
AES-128
AES-256

Encryption Modes:
CTR
CBC
GCM

Hash Functions:
SHA-256
SHA-512

MACs
HMAC with SHA-256
HMAC with SHA-512

Key Agreement
Diffie-Hellman (1024/1536/2048 bit keys)

Key Transport
AES-128 key wrap
AES-256 key wrap
RSAES (1024/1536/2048 bit keys)

Signature Schemes
DSA (1024/1536/2048 keys)
RSASSA (1024/1536/2048 bit keys) with SHA-256
RSASSA (1024/1536/2048 bit keys) with SHA-512

Key Derivation Functions
Concat KDF with SHA-256
Concat KDF with SHA-512

Thanks,

David.

__________________________________________________________________
David Rogers
Director
Copper Horse Solutions Limited
david.rogers@copperhorses.com<mailto:david.rogers@copperhorses.com>
Web: http://www.copperhorsesolutions.com<http://www.copperhorsesolutions.com/>
Blog: http://blog.mobilephonesecurity.org<http://blog.mobilephonesecurity.org/>
Twitter: http://twitter.com/drogersuk (@drogersuk)
__________________________________________________________________

Received on Thursday, 19 July 2012 21:48:23 UTC