IETF Logo Mail Archive

Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API

Yaron Sheffer <yaronf.ietf@gmail.com> Thu, 20 November 2014 17:48 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E38631A07BC for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 09:48:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5gBxdLPfui7x for <cfrg@ietfa.amsl.com>; Thu, 20 Nov 2014 09:48:49 -0800 (PST)
Received: from mail-wi0-x22b.google.com (mail-wi0-x22b.google.com [IPv6:2a00:1450:400c:c05::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 666111A1A78 for <cfrg@irtf.org>; Thu, 20 Nov 2014 09:48:49 -0800 (PST)
Received: by mail-wi0-f171.google.com with SMTP id bs8so9518622wib.10 for <cfrg@irtf.org>; Thu, 20 Nov 2014 09:48:48 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=4QnDoXqjBHuEWaoTInwrg6LVGQLLmd6AT3x5rlkGOF4=; b=agVlCXcVrhS6Ndv56XYe0KVpRqk5KNY4nT1bV/onvtfrjKPGWhmwHRR8QR3hiUGjVt /6dzJpH5k9tjB/j2bCmMi/xUDRR8tCsLSFmphpU+TvIz4QEyFHH8aPC/AcDud+o5T8eD uMclJ1/1IBUT3why9/cjn+lPUm5WF+BVplBJLi3AC7fQvoEsn8oQRiYcYbLme0PM46jk RMHGDHc7abLmmX1snafPXTxnCOk51fzW3lXG3UC26bI1VIQ/GYTQMOtUyN6pXmzMVNgN eLof7snBARb3lAigU3qw98nDKLRJclGt42jOz5FF1wZ2HflAKSInKPvf66Hb3Dd5jQ1Z 6fXw==
X-Received: by 10.180.211.166 with SMTP id nd6mr6254492wic.81.1416505728156; Thu, 20 Nov 2014 09:48:48 -0800 (PST)
Received: from [10.2.0.130] (93-172-142-150.bb.netvision.net.il. [93.172.142.150]) by mx.google.com with ESMTPSA id cm18sm4347363wjb.25.2014.11.20.09.48.47 for <cfrg@irtf.org> (version=TLSv1.2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 20 Nov 2014 09:48:47 -0800 (PST)
Message-ID: <546E297D.5040405@gmail.com>
Date: Thu, 20 Nov 2014 19:48:45 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.2.0
MIME-Version: 1.0
To: cfrg@irtf.org
References: <mailman.2305.1416497925.5552.cfrg@irtf.org>
In-Reply-To: <mailman.2305.1416497925.5552.cfrg@irtf.org>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/cfrg/p_bj2yttk_U34jISU4fALtNalHk
Subject: Re: [Cfrg] Proposed Informational Note: Security Guidelines for Cryptographic Algorithms in the W3C Web Cryptography API
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 20 Nov 2014 17:48:52 -0000

Hi Harry,

The draft makes for fascinating reading for CFRG folks, as can be seen 
by the mailing list discussion. But I think it does not make any sense 
to "developers" (programmers who typically have next to no understanding 
of crypto, and certainly none at all of formal security models/proofs). 
They simply would not understand 90% of the text.

So it may be fine as a rationale for the selected list of algorithms. It 
may be fine for a few star crypto developers. But IMHO, not for the 
general population of people who'll be coding to your API.

I am a co-author of the TLS BCP 
(http://tools.ietf.org/html/draft-ietf-uta-tls-bcp-06). It certainly has 
its share of flaws, but what we did right is to clearly mark 
recommendations vs. rationale, and to simplify recommendations as much 
as we could.

Thanks,
	Yaron


>
> Everyone,
>
> As the W3C Web Cryptography API gets ready to move to Candidate
> Recommendation, we wanted to address the concerns brought up by Rich
> Salz and others for better security guidelines for developers, given
> that the API exposes a variety of algorithms. I've taken Graham Steel's
> excellent write-up, which is in a large part based on Smart et al.'s
> magisterial ENISA report,  and have turned it into a draft CFRG note.
>
> We'd like to see the security guidelines below discussed here, and if
> there's no objections after discussion, move this onwards. W3C commits
> to maintaining this note as much as possible.
>
> Links to draft:
>
> TXT:
> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.txt
> HTML:
> http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.html
>
> cheers,
>      harry
>

v2.23.0 | Report a Bug | By Email