Re: [W3C Web Crypto] Call for Consensus on removing algorithms from the web API specification -> 20th of October from Richard Barnes on 2015-10-06 (public-webcrypto@w3.org from October 2015)

From: Richard Barnes <rlb@ipv.sx>
Date: Tue, 6 Oct 2015 14:10:06 -0400
To: Ryan Sleevi <sleevi@google.com>
Cc: Eric Roman <ericroman@google.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAL02cgTqdikASrJUC3xVtrCTKY+4CPvgp1vAfPAvR=dTs=qcgQ@mail.gmail.com>

On Tue, Oct 6, 2015 at 1:41 PM, Ryan Sleevi <sleevi@google.com> wrote:
> Correct, and I believe Richard was looking at getting someone to implement
> it for Mozilla 'real soon'; there was just some additional NSS API work that
> had to happen before they could expose it to WebCrypto, and Firefox's
> underlying cryptographic library supports it with one or two tweaks.

Yes, we are working on this in Q4.  I would oppose removing RSA-PSS
from WebCrypto.

Note also that RSA-PSS is a requirement for TLS 1.3.

--Richard


>
> On Tue, Oct 6, 2015 at 10:32 AM, Eric Roman <ericroman@google.com> wrote:
>>
>> The meeting notes say that there are no implementations of RSA-PSS:
>> > No implementations: RSA-PSS, AES-CMAC, AES-CFB, CONCAT
>>
>> Note that is not correct -- at least the Chrome browser implements RSA-PSS
>>
>>
>> On Tue, Oct 6, 2015 at 10:20 AM, GALINDO Virginie
>> <Virginie.Galindo@gemalto.com> wrote:
>>>
>>> Dear all,
>>>
>>>
>>>
>>> Following our last meeting call, we decided to remove from the normative
>>> part of our specification the following algorithms for not being implemented
>>> in at least 2 of the platform tested : RSA-PSS, AES-CMAC, AES-CFB, CONCAT,
>>> DH. Detailed discussion can be found under
>>> http://www.w3.org/2015/09/28-crypto-minutes.html.
>>>
>>>
>>>
>>> This mail is a call for consensus to validate that decision.
>>>
>>>
>>>
>>> Anyone objecting to that decision should make his motivated point before
>>> the 20th of October at 17:00 UTC.
>>>
>>> If this decision is endorsed, the algorithms descriptions will be
>>> gathered in a dedicated Note.
>>>
>>>
>>>
>>> Regards,
>>>
>>> Virginie
>>>
>>> Chair of the web crypto WG
>>>
>>>
>>>
>>> //please ignore the following statement
>>>
>>> ________________________________
>>> This message and any attachments are intended solely for the addressees
>>> and may contain confidential information. Any unauthorized use or
>>> disclosure, either whole or partial, is prohibited.
>>> E-mails are susceptible to alteration. Our company shall not be liable
>>> for the message if altered, changed or falsified. If you are not the
>>> intended recipient of this message, please delete it and notify the sender.
>>> Although all reasonable efforts have been made to keep this transmission
>>> free from viruses, the sender will not be liable for damages caused by a
>>> transmitted virus.
>>
>>
>

Received on Tuesday, 6 October 2015 18:10:34 UTC