RE: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of curve25519 in WG deliverables (please vote until the 26th of August)

Richard,
Thanks for that input.

All,
A possible action to avoid interfering with that IETF / CFRG discussion, could be to send an official message to IETF/CFRG
(1) mentioning that we are preparing the integration of next generation curves in W3C Web Crypto API, which explains why there are draft contributions circulating in our Web Crypto WG, but
(2) clarifying that we are expecting their final decision and recommendation to actually  finalize our deliverables.
Which is something I believe everyone agreed, during the call this week.

Regards,
Virginie



From: Richard Barnes [mailto:rlb@ipv.sx]
Sent: mardi 12 août 2014 17:51
To: Ryan Sleevi
Cc: GALINDO Virginie; Wendy Seltzer; hhalpin@w3.org; webcrypto@trevp.net; public-webcrypto@w3.org
Subject: Re: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of curve25519 in WG deliverables (please vote until the 26th of August)

I don't disagree with you on the merits.  There is running code for Curve25519.  In the spirit of limiting curve proliferation, though, I would prefer that we keep the focus on the CFRG-selected curves (assuming the process works).  That could very well result in renewed focus on Curve25519 a little later.
My main point is just that this is a really bad time to be deciding on which curves to support.  There's already one such fight going on in CFRG.  Let's let that play out before we make our decisions.
--Richard

On Tue, Aug 12, 2014 at 11:43 AM, Ryan Sleevi <sleevi@google.com<mailto:sleevi@google.com>> wrote:

Richard,

It seems that, independent of CFRG/TLSes decision, Trevor's point about a non-trivial amount of code using Curve25519 still stands. This is fundamentally different than NUMS, on many layers. It seems useful to expose, even if TLs (one particular WG) or CFRG (making recommendations for new protocols/EC alternatives) goes elsewhere.

But a +1 to the proposal.
On Aug 12, 2014 8:38 AM, "Richard Barnes" <rlb@ipv.sx<mailto:rlb@ipv.sx>> wrote:
-1
Strong -1.  We should not be balloting on specific curves right now, either NUMS or Curve25519.  We should agree on the principle that we will support the next generation curves that CFRG and TLS agree on, and work to support that once it's decided.

On Tue, Aug 12, 2014 at 9:22 AM, GALINDO Virginie <Virginie.Galindo@gemalto.com<mailto:Virginie.Galindo@gemalto.com>> wrote:
Dear all,

I would like to call for consensus on the way we will move forward with the contribution provided by Trevor Perrin describing Curve25519 operation [1]. We discussed several options and I would like to submit the following resolution to your vote.

Proposed resolution : the WG agrees on the principle that Curve25519 will be added to Web Crypto WG deliverables as an extension to the Web Crypto API specification. An extension being here a separate specification having its own Recommendation Track.

Deadline : votes have to be expressed expected until 26th of August 23:59 UTC
Guideline for voting : reply to all to this mail, indicating, +1 if you agree with the resolution, -1 means if you object, 0 if you can live with it. While silence means implicit endorsement of the resolution, explicit expression of vote is encouraged, to help the chair measuring the enthusiasm of the WG participants.

Note the following additional information :

-          This extension will be used as a beta test for the extensibility mechanism that we need to address as raised in bug 25618

-          The proposed editor is Trevor, as long as Trevor agrees to maintain the document

-          This resolution does not imply that the draft submitted by Trevor is endorsed in its current state, as the WG did not have a chance to discuss the content. The discussion about that content can be conducted over the mailing list, or during a dedicated call, where we will invite Trevor.

Have a great week !
Virginie
Chair of the Web Crypto WG

[1] http://lists.w3.org/Archives/Public/public-webcrypto/2014Aug/0064.html


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.


________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.