- From: GALINDO Virginie <Virginie.GALINDO@gemalto.com>
- Date: Thu, 19 Jul 2012 23:47:50 +0200
- To: Anthony Nadalin <tonynad@microsoft.com>
- CC: "S.Durbha@cablelabs.com" <S.Durbha@cablelabs.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, David Rogers <david.rogers@copperhorses.com>
- Message-ID: <076ED1F6CB375B4BB5CAE787369136070358C75B052D@CROEXCFWP04.gemalto.com>
Anthony, Do you foresee some high discrepancy compared to the list Seetharama and David offered - if we include also Eric, WTC and Richard suggestions ? Regards, Virginie From: Anthony Nadalin [mailto:tonynad@microsoft.com] Sent: mardi 17 juillet 2012 00:51 To: David Rogers; public-webcrypto@w3.org Cc: S.Durbha@cablelabs.com Subject: RE: Action-8 - Base set of mandatory algorithms I think it would be better to look the environments like .Net, OSX, iOS, Android Java, Java, node.js and PHP to see what is actually implemented. From: David Rogers [mailto:david.rogers@copperhorses.com] Sent: Monday, July 16, 2012 12:10 PM To: public-webcrypto@w3.org<mailto:public-webcrypto@w3.org> Cc: S.Durbha@cablelabs.com<mailto:S.Durbha@cablelabs.com> Subject: Action-8 - Base set of mandatory algorithms Hi all, Please find below a proposal for the base set of mandatory algorithms on behalf of Seetharama and myself. Our aim has been to baseline but also to at least give us a 'fresh start'. We didn't think putting loads of legacy in for the sake of it is going to be either good for the web or good for security. That said, we've tried to be reasonably pragmatic in the list. We've also tried to think about small device uses such as mobile. For example, we have not included SHA-384 because the computational cost is about the same as SHA-512 so it isn't worth putting it in as a base (for example for mobile apps). As a reference, this is also mentioned in RFC-4051: "2.1.3. SHA-384 Identifier: http://www.w3.org/2001/04/xmldsig-more#sha384 The SHA-384 algorithm [FIPS-180-2] takes no explicit parameters. An example of a SHA-384 DigestAlgorithm element is: <DigestAlgorithm Algorithm="http://www.w3.org/2001/04/xmldsig-more#sha384" /> A SHA-384 digest is a 384 bit string. The content of the DigestValue element shall be the base64 [RFC2405] encoding of this string viewed as a 48-octet stream. Because it takes roughly the same amount of effort to compute a SHA-384 message digest as a SHA-512 digest and terseness is usually not a criteria in XML application, consideration should be given to the use of SHA-512 as an alternative. " Anyway, this is a start and I hope we can agree this list as a starting point: Encryption Algorithms: AES-128 AES-256 Encryption Modes: CTR CBC GCM Hash Functions: SHA-256 SHA-512 MACs HMAC with SHA-256 HMAC with SHA-512 Key Agreement Diffie-Hellman (1024/1536/2048 bit keys) Key Transport AES-128 key wrap AES-256 key wrap RSAES (1024/1536/2048 bit keys) Signature Schemes DSA (1024/1536/2048 keys) RSASSA (1024/1536/2048 bit keys) with SHA-256 RSASSA (1024/1536/2048 bit keys) with SHA-512 Key Derivation Functions Concat KDF with SHA-256 Concat KDF with SHA-512 Thanks, David. __________________________________________________________________ David Rogers Director Copper Horse Solutions Limited david.rogers@copperhorses.com<mailto:david.rogers@copperhorses.com> Web: http://www.copperhorsesolutions.com<http://www.copperhorsesolutions.com/> Blog: http://blog.mobilephonesecurity.org<http://blog.mobilephonesecurity.org/> Twitter: http://twitter.com/drogersuk (@drogersuk) __________________________________________________________________
Received on Thursday, 19 July 2012 21:48:23 UTC