Re: W3C Web Crypto WG - about the NUMS/25519 curves integration in Web Crypto API

On Mon, Aug 4, 2014 at 12:57 PM, Harry Halpin <hhalpin@w3.org> wrote:

> Note again it's that it's not letting inertia win. It's letting the
> CFRG and TLS WG decide, and then a proposal that we include that TBD
> non-NIST curve in the main spec.
>

This is not true for a second.

It does the Web community a great disservice to have a variety of
algorithms at a variety of maturities included within the spec. The spec -
and this WG - would benefit greatly from focusing on developing and
resolving the issues of the current algorithms, without being distracted by
another algorithm or set of algorithms with known maturity issues.

This has nothing to do with me preferring NIST ECC curves, and everything
to do with me preferring that we actually focus on developing a half-decent
spec that can be reasonably implemented, rather than needlessly going in
circles on adding in everything and the kitchen sink, and using the excuse
"It's at risk" to avoid having to make the real and hard decisions that
"perfect is the enemy of the good".

In either event, I cannot support your proposal, because even though I
would love to see both NUMS and Curve25519 developed and mature, it's
unquestionably bad for the spec and bad for the web development community
to encourage such an addition.

Received on Monday, 4 August 2014 20:08:53 UTC