W3C home > Mailing lists > Public > public-webcrypto-comments@w3.org > October 2012

Re: ECDSA support in practice - Rather limited

From: Ryan Sleevi <sleevi@google.com>
Date: Wed, 24 Oct 2012 12:14:57 -0700
Message-ID: <CACvaWvZYmgPaeFScx2fo916eNhsEWEx8dDFC7OsK3H4Kx+u9_Q@mail.gmail.com>
To: Anders Rundgren <anders.rundgren@telia.com>
Cc: "public-webcrypto-comments@w3.org" <public-webcrypto-comments@w3.org>
On Wed, Oct 24, 2012 at 11:33 AM, Anders Rundgren
<anders.rundgren@telia.com> wrote:
> On 2012-10-24 18:52, Ryan Sleevi wrote:
>> On Wed, Oct 24, 2012 at 1:58 AM, Anders Rundgren
>> <anders.rundgren@telia.com> wrote:
>>> NSS: Supports ECDSA but when used in Firefox (the User Agent) it is not except if you add a suitable *external* crypto provider.
>>> Windows: .NET 4.5 supports ECDSA but not for usage in TLS (WCF).  Seems to be the case even for W8.
>>> Android: KeyChain in JellyBean (4.1) seems to not support ECDSA although it is hard to say since the KeyChain documentation is virtually non-existent (the source code is the documentation?).
>>> I guess the RIM patent is still the issue here?
>>> Anders
>> This has been discussed previously at
>> http://lists.w3.org/Archives/Public/public-webcrypto/2012Jul/0131.html
> Nice table, all items in a one-dimensional list!
> .NET crypto is as dysfunctional as in Android:
> http://msdn.microsoft.com/en-us/library/system.security.cryptography.asymmetricalgorithm.aspx
> "The DSACryptoServiceProvider class is an implementation of a digital signature algorithm.
>  You can also use RSACryptoServiceProvider to create and verify a digital signature.
>  The System.Security.Cryptography namespace provides concrete classes for RSA and DSA only."
> I had to switch to BouncyCastle for my SKS/KeyGen2 .NET implementation.
> Mike's table isn't only unreadable, it is also incorrect.
> Anders

Thank you for your feedback. While I don't think this list is the best
avenue for providing you with programming help, since you were wrong
on both accounts, I think it's important to point it out so that
future readers are not confused or mislead.

Mike's table is not one-dimensional. This is an artifact of the W3C
Mail archives not preserving HTML mail. You will, however, find that
Mike attached the table to his message, which you can download just
fine, and shows the multi-dimensional and colour-coded nature of the

A simple search for ".NET ECDSA" with any of your favourite search
engines (I tested Google, Bing, Yahoo, Baidu, and Yandex, for
completeness)  all return, within the top two results:


Which supports Mike's claim, and the practical experience of thousands
of developers, which is that .NET supports ECDSA. This page is
similarly linked from the very page you reported.

Perhaps you're confused about what is provided by the .NET CLI and the
.NET runtime that is provided by Microsoft, and the .NET cryptographic
stack? This is no different than the Java core specification, JCE, and
that availability of algorithms offered by JCE providers/SPIs - of
which, I will note, BouncyCastle is one such implementation.

If you find the Microsoft documentation confusing, I suggest you use
Microsoft's feedback form to provide such feedback.
Received on Wednesday, 24 October 2012 19:15:26 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 20:12:48 UTC