[w3ctag/design-reviews] Curve25519 in Web Cryptography (#466) from Qingsi Wang on 2020-01-23 (public-webapps-github@w3.org from January 2020)

From: Qingsi Wang <notifications@github.com>
Date: Wed, 22 Jan 2020 18:37:42 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/466@github.com>

Hello TAG!

I'm requesting a TAG review of adding support for Curve25519 in WebCrypto.

Today web developers are getting around the unavailability of [Curve25519][rfc7748] in browser by either including an implementation of its operations in JavaScript or compiling a native one into WebAssembly. Aside from wasting bandwidth shipping algorithms that are already included in browsers that support TLS 1.3, this practice also has security implications, e.g. side-channel attacks as studied by [Daniel Genkin et al][key-extraction].

  - Explainer (minimally containing user needs and example code): https://github.com/tQsW/webcrypto-curve25519/blob/master/explainer.md

  - Security and Privacy self-review: https://github.com/tQsW/webcrypto-curve25519/issues/1

  - GitHub repo (if you prefer feedback filed there): https://github.com/tQsW/webcrypto-curve25519

  - Primary contacts (and their relationship to the specification): 
      - Qingsi Wang @tqsw, Google
  - Organization/project driving the design: WebCrypto
  - External status/issue trackers for this feature (publicly visible, e.g. Chrome Status): Not yet available

Further details:

  - [x] I have reviewed the TAG's [API Design Principles](https://w3ctag.github.io/design-principles/)
  - The group where the work on this design is being done (or is intended to be done in the future): WebCrypto WG
  - Existing major pieces of multi-stakeholder review or discussion of this design: N/A
  - Major unresolved issues with or opposition to this design: N/A
  - This work is being funded by: N/A

We'd prefer the TAG provide feedback as (please delete all but the desired option):

  🐛 open issues in our GitHub repo for **each point of feedback**

[rfc7748]: https://tools.ietf.org/html/rfc7748

[key-extraction]: https://www.cs.tau.ac.il/~tromer/drivebycache/



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/466

Received on Thursday, 23 January 2020 02:37:46 UTC