W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > November 2012

Re: RSA blind signatures

From: David Dahl <ddahl@mozilla.com>
Date: Tue, 27 Nov 2012 11:42:21 -0800 (PST)
To: Anthony Nadalin <tonynad@microsoft.com>
Cc: Tolga Acar <tolga.acar@intel.com>, Mike Jones <Michael.Jones@microsoft.com>, Stefan Xenon <stefanxe@gmx.net>, public-webcrypto-comments@w3.org, Ryan Sleevi <sleevi@google.com>
Message-ID: <781358317.1554334.1354045341694.JavaMail.root@mozilla.com>
One of the original intents (of mine anyway) was to avoid polyfilling. However, I think we should defer to TC39 on the question of bigint within this DOM API.

Cheers,

David

----- Original Message -----
> From: "Anthony Nadalin" <tonynad@microsoft.com>
> To: "Ryan Sleevi" <sleevi@google.com>
> Cc: "Tolga Acar" <tolga.acar@intel.com>, "Mike Jones" <Michael.Jones@microsoft.com>, "Stefan Xenon"
> <stefanxe@gmx.net>, public-webcrypto-comments@w3.org
> Sent: Tuesday, November 27, 2012 1:20:34 PM
> Subject: RE: RSA blind signatures
> 
> I don't believe it's outside the current charter at all, please point
> to where you think this violates the current charter, I also don't
> believe the sole purpose of this group is to avoid polyfilling
> 
> -----Original Message-----
> From: Ryan Sleevi [mailto:sleevi@google.com]
> Sent: Tuesday, November 27, 2012 11:17 AM
> To: Anthony Nadalin
> Cc: Acar, Tolga; Mike Jones; Stefan Xenon;
> public-webcrypto-comments@w3.org
> Subject: Re: RSA blind signatures
> 
> On Tue, Nov 27, 2012 at 10:55 AM, Anthony Nadalin
> <tonynad@microsoft.com> wrote:
> > Just not sure I follow the logic from this thread, we are propose
> > other function that is needed for various crypto functions, why not
> > the bigint?
> 
> Because we're specifically not proposing something that low-level.
> The only reason you need bigint is to polyfill something. The whole
> point of this API is so that you don't have to polyfill something.
> 
> > When it comes to blind signatures there are several ways to do
> > that,
> > we have the requirement to be able to use blind signatures (not
> > Chaum's RSA) within the browser, we also need bigint. So we are in
> > favor of this proposal.
> 
> There has not been a proposal. This is a question about something
> outside of our charter. The question at hand is whether or not to
> recharter to embrace this feature.
> 
> I strongly oppose rechartering, since this is clearly an issue of the
> language, and not of user agents. If Javascript wishes to support
> arbitrary precision integers, as opposed to the current types today,
> then it should be done in TC39. Given that TC39 has discussed this
> in the past, I see no value in us taking up that mantle.
> 
> This is especially true because, within this group, the only reason
> to talk bigints is to talk about polyfilling (whether ZRTP,
> arbitrary KDFs from DH shared secrets, blind signatures, or vanity
> crypto), and I would argue that the entire purpose of this group is
> to avoid the need for polyfilling (which you can already do today -
> see, for example, SJCL)
> 
> >
> >
> >
> > From: Acar, Tolga [mailto:tolga.acar@intel.com]
> > Sent: Monday, November 26, 2012 4:45 PM
> > To: Mike Jones; Stefan Xenon; public-webcrypto-comments@w3.org;
> > sleevi@google.com
> >
> >
> > Subject: RE: RSA blind signatures
> >
> >
> >
> > Although I, too, would like to work on and use a bigint API in js,
> > I
> > am much less inclined to augment the web crypto API with a general
> > purpose bigint API that looks more like math (group operations in
> > particular) than crypto library. If there is interest in a bigint
> > API
> > in js, and it looks like there is, that should come under separate
> > cover instead of being mixed with the Web Crypto API. So, what does
> > that "separate cover" mean? A new WG, a natural extension of this
> > WG?
> >
> >
> >
> > -          Tolga
> >
> >
> >
> > From: Mike Jones [mailto:Michael.Jones@microsoft.com]
> > Sent: Friday, November 23, 2012 10:57 PM
> > To: Stefan Xenon; public-webcrypto-comments@w3.org;
> > sleevi@google.com
> > Subject: RE: RSA blind signatures
> >
> >
> >
> > For what it's worth, I know of other groups interested in native
> > speed
> > bigint math in JavaScript.
> >
> > -- Mike
> >
> > ________________________________
> >
> > From: Stefan Xenon
> > Sent: 11/23/2012 8:15 AM
> > To: public-webcrypto-comments@w3.org; sleevi@google.com
> > Subject: Re: RSA blind signatures
> >
> > Hi Ryan,
> > by any chance, could we propose such bigint API? If this would have
> > a
> > realistic chance, how is the process to move forward?
> >
> > Regards
> > Stefan
> >
> > Am 23.11.2012 18:43, schrieb Ryan Sleevi:
> >> A bigint API has not been proposed.
> >>
> >> On Nov 23, 2012 1:47 AM, "Stefan Xenon" <stefanxe@gmx.net
> >> <mailto:stefanxe@gmx.net>> wrote:
> >>
> >>     Hi!
> >>     We are developing a system (www.opencoin.org
> >>     <http://www.opencoin.org>) which uses Chaum's RSA
> >>     blind signatures. Of course I don't expect the Web Crypto API
> >>     to
> >>     natively support blind signatures. Instead we would like to
> >>     utilize
> >>     "raw" big integer operations to speed up our calculations. But
> >>     In your
> >>     current draft I couldn't find such basic operations exposed to
> >>     web
> >>     applications. Primarily we would need big integer operations
> >>     for
> >>     exponentiation and inverting (both modulo). Did I overlook
> >>     such
> >>     functions? Or would it be possible for your API to expose such
> >> functions
> >>     to web applications?
> >>
> >>     Regards,
> >>     Stefan
> >>
> >>
> 
> 
> 
> 
> 
> 
Received on Tuesday, 27 November 2012 19:42:50 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 27 November 2012 19:42:50 GMT