23499 – Add a note to AES-CBC/AES-CFB and add AES-PSM?

This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 23499 - Add a note to AES-CBC/AES-CFB and add AES-PSM?

Summary: Add a note to AES-CBC/AES-CFB and add AES-PSM?

Status:	RESOLVED WONTFIX

Alias:	None

Product:	Web Cryptography
Classification:	Unclassified
Component:	Web Cryptography API Document (show other bugs)
Version:	unspecified
Hardware:	PC Linux

Importance:	P2 normal
Target Milestone:	---
Assignee:	Ryan Sleevi
QA Contact:

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2013-10-14 19:50 UTC by Harry Halpin
Modified:	2014-05-08 15:32 UTC (History)
CC List:	1 user (show)

See Also:

Attachments

Description Harry Halpin 2013-10-14 19:50:04 UTC

I know you warned me about this, but the use of the words "Recommended algorithms" is somewhat confusing, especially since the list includes several weak algorithms.

    Any chance the section can be titled "Recommended algorithms for backwards compatibility" ?


    I would encourage the authors to not give AES-CBC as example code. This
    should be changed to AES-GCM.

    Why is AES-CFB on the list?

    ----

    AES-CBC should not be used for encryption at all in his opinion. Mike Jones disagreed, noting it could be used correctly.

    A note specifying that AES-CBC should not be used for new protocols (at least without authentication). Dan would encourage use AES-PSM be added, refer to IETF (http://datatracker.ietf.org/doc/draft-mcgrew-aead-aes-cbc-hmac-sha2/) or federal version.

    Noting that AES-CFB also has issues, should also in Dan's opinion be removed or warned, even if it's not recommended.

- Dan Boneh

Comment 1 Ryan Sleevi 2014-05-08 15:32:59 UTC

Addressed on the mailing list to no further response.