- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 05 Oct 2015 14:03:54 -0400
- To: Ryan Sleevi <sleevi@google.com>, Eric Roman <ericroman@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <5612BB8A.2030507@w3.org>
On 10/05/2015 01:52 PM, Ryan Sleevi wrote: > Its use in a wide variety of protocols that one might want to > implement in JS is somewhat suspect (c.f. the DH attacks in TLS > resulting in the negotiated-dh) - much like PKCS#1v1.5 encryption. > > It's markedly slower than the elliptic curve counterpart. > > And not to mention the keysystem attacks in static/ephemeral > negotiations (note: not ephemeral/ephemeral) > > We've seen no demand for it, no use cases that can't otherwise be met, > and are already in the process of deprecating DHE elsewhere (e.g. in > TLS). So we have no plans to implement at this time. Sounds reasonable to me, particularly given the Weak DH attacks, but wanted to double-check before we removed DH from the spec. cheers, harry > > On Mon, Oct 5, 2015 at 9:41 AM, Eric Roman <ericroman@google.com > <mailto:ericroman@google.com>> wrote: > > On Mon, Oct 5, 2015 at 9:10 AM, Harry Halpin <hhalpin@w3.org > <mailto:hhalpin@w3.org>> wrote: > > On 10/05/2015 12:08 PM, Eric Roman wrote: >> Chrome is not planning to implement DH: >> https://code.google.com/p/chromium/issues/detail?id=438391 > > Any reason why? > > It seems relatively stable. > > > Ryan, can you comment on the specifics? > > > yours, > harry > >> >> On Mon, Oct 5, 2015 at 8:45 AM, Harry Halpin <hhalpin@w3.org >> <mailto:hhalpin@w3.org>> wrote: >> >> Is there any plans from Microsoft or Google's side to support >> Diffie-Hellman key exchange? >> >> It's implemented by Mozilla and seems to be a well-known >> primitive that >> should, in general, be supported as its used in a wide >> variety of >> protocols one might want to implement in Javascript. >> >> yours, >> harry >> >> >> >> > > >
Received on Monday, 5 October 2015 18:03:56 UTC