W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2015

Re: Diffie-Hellman in WebCrypto?

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 5 Oct 2015 10:52:22 -0700
Message-ID: <CACvaWvZ=YLTs0cu07+Y274j3bMU-GyQbgVS3vHTivAo34qRHnA@mail.gmail.com>
To: Eric Roman <ericroman@google.com>
Cc: Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Its use in a wide variety of protocols that one might want to implement in
JS is somewhat suspect (c.f. the DH attacks in TLS resulting in the
negotiated-dh) - much like PKCS#1v1.5 encryption.

It's markedly slower than the elliptic curve counterpart.

And not to mention the keysystem attacks in static/ephemeral negotiations
(note: not ephemeral/ephemeral)

We've seen no demand for it, no use cases that can't otherwise be met, and
are already in the process of deprecating DHE elsewhere (e.g. in TLS). So
we have no plans to implement at this time.

On Mon, Oct 5, 2015 at 9:41 AM, Eric Roman <ericroman@google.com> wrote:

> On Mon, Oct 5, 2015 at 9:10 AM, Harry Halpin <hhalpin@w3.org> wrote:
>
>> On 10/05/2015 12:08 PM, Eric Roman wrote:
>>
>> Chrome is not planning to implement DH:
>> https://code.google.com/p/chromium/issues/detail?id=438391
>>
>>
>> Any reason why?
>>
>> It seems relatively stable.
>>
>
> Ryan, can you comment on the specifics?
>
>
>>   yours,
>>      harry
>>
>>
>> On Mon, Oct 5, 2015 at 8:45 AM, Harry Halpin <hhalpin@w3.org> wrote:
>>
>>> Is there any plans from Microsoft or Google's side to support
>>> Diffie-Hellman key exchange?
>>>
>>> It's implemented by Mozilla and seems to be a well-known primitive that
>>> should, in general, be supported as its used in a wide variety of
>>> protocols one might want to implement in Javascript.
>>>
>>>   yours,
>>>        harry
>>>
>>>
>>>
>>>
>>
>>
>
Received on Monday, 5 October 2015 17:52:54 UTC

This archive was generated by hypermail 2.3.1 : Monday, 5 October 2015 17:52:54 UTC