[cryptography] Web Cryptography API (W3C Working Draft 8 January 2013)

Tony Arcieri tony.arcieri at gmail.com
Sat Mar 9 20:25:31 EST 2013


On Sat, Mar 9, 2013 at 4:16 PM, Jeffrey Walton <noloader at gmail.com> wrote:

> The Web Cryptography Working Group looks well organized, provides a
> very good roadmap, and offers good documentation.
> http://www.w3.org/2012/webcrypto/.


I have a blog post about it forthcoming, but I'd like to share the tl;dr
version here:

The normative parts of the specification seem mostly fine.

The specification provides no normative advice about what algorithms to
use, and worse, provides a non-normative listing of algorithms which are
not authenticated encryption modes (for symmetric ciphers, the only mode
listed in the spec is AES-GCM)

At the very least, I'd like to see the non-normative examples section
expanded to include a lot more authenticated encryption modes (EAX mode
comes to mind, and seeing support for NaCl algorithms like crypto_box and
crypto_secretbox would be super). Right now they give some rather poor
recommendations, for example they recommend CBC mode which is fraught with
problems.

Finally, it'd be great to see someone like NIST or ECRYPT provide browser
vendors with normative advice on algorithms to standardize on. The existing
WebCrypto spec leaves browser vendors to their own devices, and in that
eventuality, the browser venders will probably wind up implementing the W3C
spec's (poorly chosen) non-normative recommendations.

For an in-depth look at the problems, I'd recommend checking out Matt
Green's blog post:

http://blog.cryptographyengineering.com/2012/12/the-anatomy-of-bad-idea.html

-- 
Tony Arcieri
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20130309/2cd2db74/attachment.html>


More information about the cryptography mailing list