- From: Mitar <mmitar@gmail.com>
- Date: Thu, 28 Jan 2016 00:26:14 -0800
- To: public-webcrypto@w3.org
Hi! To my understanding reading from minutes the only reason to remove AES-CMAC from the standard is because it was not implemented in browsers? But isn't this chicken and egg problem? Because AES-CMAC has some quite nice security properties and analysis, it is standardized (https://tools.ietf.org/html/rfc4493). Its inclusion would help a lot with interoperability with other systems. For example, Elliptic curve Diffie–Hellman shared secret generation which could be used as a shared encryption key can be done by deriving bits and then send those bits through AES-CMAC signing to generate a key (it is not recommended to use directly the output of the derived bits like it is done with web standards' deriveKey). Without AES-CMAC in web standards it is not possible to generate such shared key which would work together with some other system which is using it. Concretely, new Intel SGX CPU instructions have support for AES-CMAC and uses the algorithm described above to generate shared key based on ECDH. Those instructions are available in the SGX SDK, backed by native CPU instructions. By using only those functions one does not have to additionally increase the trusted codebase with a 3rd party crypto library. See: https://software.intel.com/sites/default/files/managed/d5/e7/Intel-SGX-SDK-Users-Guide-for-Windows-OS.pdf Section "Cryptography Library". So I would like to propose that AES-CMAC is added to the web crypto standard. Mitar -- http://mitar.tnode.com/ https://twitter.com/mitar_m
Received on Thursday, 28 January 2016 08:26:44 UTC