This project has moved and is read-only. For the latest updates, please go here.

MSFT: What is the roadmap / future of this project ?

Jan 25, 2013 at 7:42 PM
Edited Jan 25, 2013 at 7:44 PM

Can the project owner or project manager comment on what the roadmap for CLR Security looks like and what project does Microsoft intend to spotlight as the main cryptographic and security library?

For details:

I ask because the official .NET 4.5 libraries don't seem to have any support for authenticated encryption like AES-GCM. At least I couldn't find it. Then the only option I ran into was CLR Security (this!) and this too seemed to support only AES-GCM (not OCB or EAX). On top of that, looking the project activity levels, it was surprisingly low, making me wonder if MSFT has had a change of plans. Not that crypto algos change monthly, but still ...

The only other option I see is the 3rd party library BouncyCastle.org.

Considering that NSA Suite B recommends AES-GCM as the (only) suggested symmetric encryption mode for traffic (http://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml), and newer, slightly better modes like OCB have recently had their licensing dramatically softened, I think there is room for improvement in terms of documentation within MSDN, having a strong roadmap for commercial projects making a decision on which library to commit to etc.

I'm told security is a serious topic at Microsoft I'm wondering what the roadmap actually is!

Apr 21, 2013 at 11:31 AM
I would like to know as well.
May 21, 2013 at 5:51 PM
I am interested in the GCM - EAX - OCB support as well.

It was interesting to see recent developer code on some MSDN blogs reference Mono, for security functions. Is this a trend of things to come?
Feb 17, 2016 at 4:39 PM
+1
Feb 23, 2016 at 4:41 PM
This project doesn't have a clear roadmap because right now the focus is getting functionality from this project into the .NET Framework.

GCM support is definitely on the radar for .NET Framework. Unfortunately the API integration wasn't quite as simple as copying code from here to there :).

EAX and OCB are harder, because Windows doesn't have direct support for them (https://msdn.microsoft.com/en-us/library/windows/desktop/aa376211%28v=vs.85%29.aspx#BCRYPT_CHAINING_MODE).

Tech from this project has started making its way into .NET Core: https://github.com/dotnet/corefx/