- From: Harry Halpin <hhalpin@w3.org>
- Date: Mon, 05 Oct 2015 14:03:54 -0400
- To: Ryan Sleevi <sleevi@google.com>, Eric Roman <ericroman@google.com>
- CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <5612BB8A.2030507@w3.org>
On 10/05/2015 01:52 PM, Ryan Sleevi wrote:
> Its use in a wide variety of protocols that one might want to
> implement in JS is somewhat suspect (c.f. the DH attacks in TLS
> resulting in the negotiated-dh) - much like PKCS#1v1.5 encryption.
>
> It's markedly slower than the elliptic curve counterpart.
>
> And not to mention the keysystem attacks in static/ephemeral
> negotiations (note: not ephemeral/ephemeral)
>
> We've seen no demand for it, no use cases that can't otherwise be met,
> and are already in the process of deprecating DHE elsewhere (e.g. in
> TLS). So we have no plans to implement at this time.
Sounds reasonable to me, particularly given the Weak DH attacks, but
wanted to double-check before we removed DH from the spec.
cheers,
harry
>
> On Mon, Oct 5, 2015 at 9:41 AM, Eric Roman <ericroman@google.com
> <mailto:ericroman@google.com>> wrote:
>
> On Mon, Oct 5, 2015 at 9:10 AM, Harry Halpin <hhalpin@w3.org
> <mailto:hhalpin@w3.org>> wrote:
>
> On 10/05/2015 12:08 PM, Eric Roman wrote:
>> Chrome is not planning to implement DH:
>> https://code.google.com/p/chromium/issues/detail?id=438391
>
> Any reason why?
>
> It seems relatively stable.
>
>
> Ryan, can you comment on the specifics?
>
>
> yours,
> harry
>
>>
>> On Mon, Oct 5, 2015 at 8:45 AM, Harry Halpin <hhalpin@w3.org
>> <mailto:hhalpin@w3.org>> wrote:
>>
>> Is there any plans from Microsoft or Google's side to support
>> Diffie-Hellman key exchange?
>>
>> It's implemented by Mozilla and seems to be a well-known
>> primitive that
>> should, in general, be supported as its used in a wide
>> variety of
>> protocols one might want to implement in Javascript.
>>
>> yours,
>> harry
>>
>>
>>
>>
>
>
>
Received on Monday, 5 October 2015 18:03:56 UTC