On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
> The Web Cryptography Working Group looks well organized, provides a > very good roadmap, and offers good documentation. > http://www.w3.org/2012/webcrypto/. I have a blog post about it forthcoming, but I'd like to share the tl;dr version here: The normative parts of the specification seem mostly fine. The specification provides no normative advice about what algorithms to use, and worse, provides a non-normative listing of algorithms which are not authenticated encryption modes (for symmetric ciphers, the only mode listed in the spec is AES-GCM) At the very least, I'd like to see the non-normative examples section expanded to include a lot more authenticated encryption modes (EAX mode comes to mind, and seeing support for NaCl algorithms like crypto_box and crypto_secretbox would be super). Right now they give some rather poor recommendations, for example they recommend CBC mode which is fraught with problems. Finally, it'd be great to see someone like NIST or ECRYPT provide browser vendors with normative advice on algorithms to standardize on. The existing WebCrypto spec leaves browser vendors to their own devices, and in that eventuality, the browser venders will probably wind up implementing the W3C spec's (poorly chosen) non-normative recommendations. For an in-depth look at the problems, I'd recommend checking out Matt Green's blog post: http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html -- Tony Arcieri
_______________________________________________ cryptography mailing list cryptography@randombit.net http://lists.randombit.net/mailman/listinfo/cryptography
