- From: Wan-Teh Chang <wtc@google.com>
- Date: Wed, 17 Apr 2013 19:25:42 -0700
- To: Richard Barnes <rbarnes@bbn.com>
- Cc: Web Cryptography Working Group <public-webcrypto@w3.org>
Hi Richard, 1. I think you have identified the parameters that can have good default values. In contrasts, parameters such as RSA key size and the hash algorithm used in a signature don't have default values that will be good forever. 2. I agree with your proposed default values for the 'iv' parameter of AES-CBC and AES-CFB. However, if the iv is a random value generated by the UA, it must be part of the output of encryption, for example, as the first ciphertext block. The spec will need to address this. 3. As for the 'counter' parameter of AES-CTR and the 'iv' parameter of AES-GCM, their proper values are so specific to the protocol or application in question that I believe the protocol or application will end up fully specify what the proper value for 'counter' or 'iv' should be. For example, this is the case for the AES GCM cipher suites for TLS (the GCMNonce structure in RFC 5288, Section 3). So it doesn't seem as useful for the UA to provide default values for the 'counter' parameter of AES-CTR and the 'iv' parameter of AES-GCM. Wan-Teh
Received on Thursday, 18 April 2013 02:26:09 UTC