Cryptographic primitives supported by current smart phones #340
Labels
future
security-tracker
Group bringing to attention of security, or tracked by the security Group but not needing response.
Comments
simoneonofri
added
the
security-tracker
This comment has been minimized.
This comment has been minimized.
Sh-Amir
changed the title
|
We are grateful for this response from SING and look forward to considering it as part of a future version of the specification |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This issue refers to the security review requested at w3c/security-request/#55.
I was wondering if the current recommendation of cryptographic primitives can be satisfied by all the smartphones that are available currently in the market. To elaborate on this point, based on research that we did, which is based on publicly available data link, the cryptographic algorithms supported by CC-certified StrongBox implementations are limited by the capabilities of their eSE. For example, only the ECDSA with the P-256 curve is supported by just two out of the three CC-certified implementations: KNOX Vault and the Titan M2 chip (see Section 3.4 for more details). Given that, I was wondering if there is a need to give more flexibility or if the situation will be changed in the near future and we can stick to the current recommendation.
I agree that this is a small use-case in the bigger world; however, I think it deserves a small attention.
The text was updated successfully, but these errors were encountered: