- From: Cantor, Scott <cantor.2@osu.edu>
- Date: Tue, 14 Feb 2012 03:38:55 +0000
- To: Magnus Nystrom <mnystrom@microsoft.com>, "Frederick.Hirsch@nokia.com" <Frederick.Hirsch@nokia.com>, "public-xmlsec@w3.org" <public-xmlsec@w3.org>
On 2/13/12 10:23 PM, "Magnus Nystrom" <mnystrom@microsoft.com> wrote: >Personally I believe GCM is the better long-term choice, I view RFC 6476 >as a pragmatic solution but essentially a stop-gap. I cannot tell if >there is the possibility of a timing attack and this alone makes me >concerned. Additionally, if XML Sec 1.1 requires GCM I expect to see >uptake of that mode. OpenSSL isn't going to support GCM sooner because of XML specs. It's effectively off the table for me for a decade thanks to RH6 unless I implement it from scratch myself. I don't think non-cryptographers like me implementing algorithms outside the core libraries like OpenSSL is really a direction that leads to better security outcomes. >Finally, I'd really (like all of us, I think) like to see this effort >reach the goal line and if we keep doing modifications I fear that we'll >just move it out even further. I have no expectation of supporting it with GCM, so for me it's moot when it happens to complete. I also am not seeing any sign that GCM is going to be the initial solution for the JOSE work, for essentially the same reason. Lots of scripty implementations of things use OpenSSL underneath, so they're hobbled by the same limitation I am. -- Scott
Received on Tuesday, 14 February 2012 03:39:25 UTC