Re: W3C Web Crypto WG - about the NUMS/25519 curves integration in Web Crypto API

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The problem, as BAL pointed on the call, is that we do *not* have
resolution on a single curve from TLS or CFRG.  It is unclear when
those decisions will be made, although a decision is likely I would
say before we exist CR. However, chosing between NUMS and 25519 may be
premature optimization at this point. Nonetheless, as BAL noted on the
call and was backed up on the Bugzilla, there is a real demand for
non-NIST ECC curve support in Web Crypto.

In general, in W3C process it is *more* difficult to add features than
to subtract them when going into CR. Thus, the "feature at risk"
mechanism.

So, I'd like to add another proposal.  I suggest that we simply add a
"feature at risk", using a modification of BAL's edits, for a "TBD
non-NIST" curve in the main spec. This TBD curve, if not resolved and
supported by CFRG/TLS by the time we exit from CR, is then to be
removed from the main spec. If it is later resolved after we have
exited CR, then we propose to add these curves using the standard
extension mechanism.

   cheers,
      harry




On 08/04/2014 03:40 PM, GALINDO Virginie wrote:
> Hello Web Crypto participants,
> 
> Following our call last week [1], I have listed the different
> ideas/directions that were raised about the way to proceed on the
> integration of NUMS and 25519 curves, as discussed in bug
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839
> 
> ** Two possible options to handle NUMS and 25519 curves
> integration OPTION 1 : - We can decide to have an extension for
> NUMS and already have an editor for it - We can decide to have an
> extension for curves 25519 and have a potential draft with an
> editor coming on 10th of august - We can decide to have that/those
> extension(s) mandatory in the future browser profile Or OPTION 2 : 
> - We can decide ‘not to choose between extension and main spec’ but
> decide on the principle to develop the NUMS/curve 25519
> descriptions and put it into the spec once it is tested and proven
> it is available
> 
> ** Other requirements : - We have to stay synchronized with
> IETF/CFRG - TLS requirements, which may require new algorithms →
> this is in favor of delaying the decision, expecting IETF decision 
> - Learning loop : We have to decide how to make our spec extensible
> → this is favor to make early choice and beta test extension
> addition
> 
> I would like to have your views on the preferred path to progress,
> option 1 or option 2. If you have another option, feel free to
> suggest.
> 
> Note that we have a call scheduled next Monday 11th of August to
> discuss that question, but early opinion are helping to make calls
> efficient.
> 
> Regards, Virginie Chair of the web crypto WG
> 
> 
> [1]
> http://lists.w3.org/Archives/Public/public-webcrypto/2014Jul/0144.html
>
>  (please ignore statement below)
> 
> ________________________________ This message and any attachments
> are intended solely for the addressees and may contain confidential
> information. Any unauthorized use or disclosure, either whole or
> partial, is prohibited. E-mails are susceptible to alteration. Our
> company shall not be liable for the message if altered, changed or
> falsified. If you are not the intended recipient of this message,
> please delete it and notify the sender. Although all reasonable
> efforts have been made to keep this transmission free from viruses,
> the sender will not be liable for damages caused by a transmitted
> virus.
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/

iQIcBAEBAgAGBQJT35T2AAoJEPgwUoSfMzqcCIQP/RDTCzUQZy+FlVjH8T0XAhLb
GxEXrYPYbOLgLCClZn4deCD5kOO6cQTHtPiy2Dbt7C96TN/cqsx/aDGYjaTVEF6Y
JfpLn6aFXYGpJY6eyKkjq9PCbcWcwBfAkX1fUA1folLD9RGfWuzc18rfDQJXxM0P
M4D42oyYArPmLc0M6e4p9Gnd6tpGDLw40oDPpRT2GGDx2Rv1+f5iD5aOkEK1bg0L
982ndP2rVwqTeDquFR33BkktuHhgBlYXsLrawsCKXGMgzoX6Lm5Sz6DPYIF6JwJl
vZomOmhFl0HObvKzziEK73a0ErKUDjITExGT6DIw4x9E3r49IpZWOka1Qzyk0HZP
/0AYa14pOVpW/nG8er8dH/ndWbQGLyAVCCusGee2UAmnam75TwXl04G8D0etATmE
uQj4dqYL7dReCAV+H4po0/o0U442aTf4Uv9DtDz2iy4iGsgZokFsSmwwo4RG3B91
6Hmpz1Mgh+UtKCat/w7WGXlnKmcicIod8onXivCQ5yRwuZHh+EfBGJb3hLe4ppOM
oUWOzYQmuJj/iGJW8BenBmLmDXezrYSHtRQ61F0S1H2pCkyXn0BVq/WSJvwCKuQZ
sm7ru2f9BE+RpQj4borLioTDhLJiAbLtvBeNhv3ZPIvaz5eiprIgjAF24QM1yuVv
POqoeAp4a6VYizcbu0of
=RouZ
-----END PGP SIGNATURE-----

Received on Monday, 4 August 2014 14:13:18 UTC