- From: <bugzilla@jessica.w3.org>
- Date: Thu, 05 Jun 2014 06:38:01 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25985 --- Comment #7 from Ryan Sleevi <sleevi@google.com> --- (In reply to Boris Zbarsky from comment #6) > OK. Let's stick with this concrete example. How feasible is requiring > implementations to support at least one of RSASSA-PKCS1-v1_5 and RSA-PSS? Variables that have to be considered: - Key sizes: - 1024 is generally considered insecure for new usages, but may be secure for short-term keys. - Should <1024 be permitted? - OS X only supports keys < 8K. Windows/NSS support 16K or more. - What increment function should be used? Multiples of 8K? - Hash algorithms - Support for SHA-1? - Support for SHA-2? - Exponents - Should only F4 be supported? What about support for F0? Despite the attacks, there are still keys out there with F0. Now let's say we solve all of these issues in the context of the three desktop browsers with implementations currently exposed (I don't believe Firefox's has landed yet). What about for mobile devices? The answers to the above questions are different. Or platforms which implement key storage on a TPM (1.2 / 2.0) - still origin restricted, but more secure? On a device like Chromecast, the restriction might be 2K keys, at F4, with only SHA-1, only SSA. Is that acceptable? Or does all of WebCrypto get disabled then? And that's not even beginning to touch on the (many) issues from http://www.cryptolaw.org/ I do think we're going to likely end up with algorithm profiles that result from the natural effect of implementations - both those now and those on (other) devices - and I do think we're going to end up with multiple profiles - I think at least within a realm of (embedded), (mobile), (desktop), if not more - based on the real platform limitations and constraints. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Thursday, 5 June 2014 06:38:02 UTC