- From: Richard Barnes <rbarnes@bbn.com>
- Date: Thu, 13 Sep 2012 13:28:13 -0400
- To: Emily Stark <estark@MIT.EDU>
- Cc: Zooko Wilcox-OHearn <zooko@leastauthority.com>, sleevi@google.com, public-webcrypto@w3.org
By "unsafe namespace", do you mean that we would put things like ECB under a special namespace to say "Don't use these unless you know what you're doing?" On Sep 13, 2012, at 12:41 PM, Emily Stark wrote: > I can't find discussion on the mailing list about the unsafe namespace idea (maybe my search skills are failing me) -- are there arguments against it? > > > On Thu, Sep 13, 2012 at 12:17 PM, Zooko Wilcox-OHearn <zooko@leastauthority.com> wrote: > On Tue, Sep 11, 2012 at 12:15 PM, Ryan Sleevi <sleevi@google.com> wrote: > > > > To bootstrap any of the following modes with suitable performance > > characteristics: > > > > CTR || CCM (which starts with CTR) || GCM (which starts with CTR) > > I don't understand how a situation could arise where a programmer > would need to use ECB mode to implement these (or for any other > purpose). It seems like that situation would arise only if the > underlying platform offered ECB mode but not CTR mode. But why don't > we just discourage implementors from offering ECB mode and encourage > them to offer CTR mode? (And, as previously suggested, encourage them > to offer an AES block-encryption function that operates on only a > single block.) > > Regards, > > Zooko Wilcox-O'Hearn > > Founder, CEO, and Customer Support Rep -- Least Authority Enterprises > > https://leastauthority.com > >
Received on Thursday, 13 September 2012 17:28:41 UTC