On 10 March 2013 10:58, Paterson, Kenny <kenny.pater...@rhul.ac.uk> wrote:
>
> On 10 Mar 2013, at 10:51, Ben Laurie wrote:
>
> On 10 March 2013 01:25, Tony Arcieri <tony.arci...@gmail.com> wrote:
>
> On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton <noloa...@gmail.com> wrote:
>
>
> The Web Cryptography Working Group looks well organized, provides a
>
> very good roadmap, and offers good documentation.
>
> http://www.w3.org/2012/webcrypto/.
>
>
> for example they recommend CBC mode which is fraught with
>
> problems.
>
>
> Where?
>
>
> Right here:  http://www.w3.org/TR/WebCryptoAPI:

Somehow missed that. Thanks.

> 19.1. Recommended algorithms
>
> This section is non-normative
>
> As the API is meant to be extensible in order to keep up with future
> developments within cryptography and to provide flexibility, there are no
> strictly required algorithms. Thus users of this API should check to see
> what algorithms are currently recommended and supported by implementations.

So ... despite Ryan's claim that the recommendations are for API
implementers, it says here that they're also for users of the API.

In which case, clearly, AE modes should be recommended.

> However, in order to promote interoperability for developers, there are a
> number of recommended algorithms. The recommended algorithms are:
>
> HMAC using SHA-256
> RSASSA-PKCS1-v1_5 using SHA-256
> ECDSA using P-256 curve and SHA-256
> AES-CBC
_______________________________________________
cryptography mailing list
cryptography@randombit.net
http://lists.randombit.net/mailman/listinfo/cryptography

Reply via email to