This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 18925 - Highlight algorithm-specific security considerations
Summary: Highlight algorithm-specific security considerations
Status: RESOLVED DUPLICATE of bug 25607
Alias: None
Product: Web Cryptography
Classification: Unclassified
Component: Web Cryptography API Document (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: David Dahl
QA Contact:
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2012-09-19 23:13 UTC by Ryan Sleevi
Modified: 2014-09-26 23:39 UTC (History)
1 user (show)

See Also:


Attachments

Description Ryan Sleevi 2012-09-19 23:13:13 UTC
( Raised by Travis Mayberry at http://lists.w3.org/Archives/Public/public-webcrypto-comments/2012Sep/0016.html )

The 13 September 2012 draft ( http://www.w3.org/TR/2012/WD-WebCryptoAPI-20120913/ ) includes support for PKCS#1 v1.5 modes of encryption and signing (RSAES and RSASSA). These modes are frequently subject to implementation errors that permit padding oracle attacks.

Travis suggests: "I would suggest then that a note be put in emphasizing it should be used carefully and that OAEP is the better choice if you are not forced to use PKCS#1.  My main concern is that a developer, upon deciding to use this API but not being familiar with the issues we are discussing, will simply pick one of the two at random and potentially open himself up to an attack that could have easily been avoided. "
Comment 1 Mark Watson 2014-09-22 17:34:31 UTC
I believe this is a subset / dup of 25607. Resolve dup ?
Comment 2 Mark Watson 2014-09-26 23:39:47 UTC

*** This bug has been marked as a duplicate of bug 25607 ***