- From: Ryan Sleevi <sleevi@google.com>
- Date: Sun, 7 Dec 2014 06:25:15 -0800
- To: Harry Halpin <hhalpin@w3.org>
- Cc: public-webcrypto@w3.org
- Message-ID: <CACvaWvaeG1p3OSb8gP0q1CP6TrmXBeE1XvC_YnXUoEd+Q96uMg@mail.gmail.com>
On Dec 7, 2014 2:32 AM, "Harry Halpin" <hhalpin@w3.org> wrote: > > Going through the CFRG comments [1], AES-SIV [2] came up as an algorithm > that people on CFRG were interested in the status of in terms of > WebCrypto. It seems to have a good use-case in key wrapping, which is > motivating at least a few member of the WG. > > Opinions on AES-SIV? > > For implementers, any desire for support in the API? I am not aware of a single library in use by UAs that supports SIV, thus fails to meet our charter discussion of existing algorithms. Further, the AES-CMAC support, which SIV is built upon, is fairly scarce as well. It was not added to CNG until Windows 8, and does not even exist (yet) in PKCS#11 (though draft 2.3/2.4 does add it). It exists in OS X's CommonCrypto as of 10.7/iOS 8. CMAC is not implemented in BoringSSL, and is listed as highly experimental in the unreleased OpenSSL trunk (the presumed 1.1.0 eventual release). So while it could be specified and documented, the prospects for ubiquitous support in the next several years is extremely unlikely. > > cheers, > harry > > > [1] https://www.ietf.org/mail-archive/web/cfrg/current/msg05564.html > [2] http://tools.ietf.org/html/rfc5297 >
Received on Sunday, 7 December 2014 14:25:43 UTC