@WatsonLadd @sleevi_ @kaepora I am aware of the attacks. It wasn’t in older drafts of the WebCrypto API though
-
-
@bascule@WatsonLadd@kaepora Um, it's been in since 2012 - http://www.w3.org/TR/2012/WD-WebCryptoAPI-20120913/ … -
@sleevi_@WatsonLadd@kaepora anyway, it’s still all non-normative right? -
@bascule@WatsonLadd@kaepora All algs are non-normative. That said, it's very likely to be implemented, for purpose of legacy/interop -
@sleevi_@WatsonLadd@kaepora it would be nice if browser vendors had enough taste to avoid the ones with known attacks -
@bascule@WatsonLadd@kaepora So no RSA-OAEP either then, right? ;) -
@sleevi_@WatsonLadd@kaepora perhaps we should get rid of AES-192+ due to related key attacks ;) -
@bascule@WatsonLadd@kaepora (Referring to the I2OS issues generally described in https://www.cdc.informatik.tu-darmstadt.de/reports/reports/mangers_attack_revisited.pdf … )
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.