- From: <bugzilla@jessica.w3.org>
- Date: Tue, 25 Nov 2014 10:19:48 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=27425
Bug ID: 27425
Summary: HKDF-CTR needs a new name
Product: Web Cryptography
Version: unspecified
Hardware: PC
OS: All
Status: NEW
Severity: blocker
Priority: P2
Component: Web Cryptography API Document
Assignee: sleevi@google.com
Reporter: sleevi@google.com
CC: ietf@augustcellars.com, public-webcrypto@w3.org,
vijaybh@microsoft.com, watsonm@netflix.com
The resolution for Bug 24838 attempted to resolve the inconsistencies in
HKDF-CTR by formalizing on SP 800-108, rather than RFC 5869.
However, this failed to capture several points from the discussion, and now
this creates a real risk of incompatibilities:
1) HKDF as a name specifically refers to RFC 5869.
- Jim raised this point during the discussion, and Vijay agreed to this in
http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0181.html
2) RFC 5869 and SP 800-108 are incompatible
3) Our specification does not impose limitations on how Label is encoded,
creating opportunities for a Null-Byte to be encoded in the Label and thus
confused with context (see
http://lists.w3.org/Archives/Public/public-webcrypto/2014Feb/0186.html for
discussion)
I think this is a spec blocker, because if there are any implementations of
this function using the HKDF-CTR name, we will create real risks of
incompatibilities with "other" HKDF implementations.
Suggestion:
1) Introduce HKDF as an algorithm based on RFC 5869
2) Rename the existing HKDF-CTR algorithm name to SP800-108
2.a) Clarify the existing ambiguities (with suitable review)
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Tuesday, 25 November 2014 10:19:49 UTC