W3C home > Mailing lists > Public > public-webcrypto@w3.org > July 2014

[Bug 26080] Remove unsafe named curves from Web Crypto API

From: <bugzilla@jessica.w3.org>
Date: Sat, 12 Jul 2014 20:18:31 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-26080-7213-lnAKA5mUus@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26080

virginie.galindo@gemalto.com changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |virginie.galindo@gemalto.co
                   |                            |m

--- Comment #10 from virginie.galindo@gemalto.com ---
(In reply to Greg Slepak from comment #9)

To sumup the current status of the WG discussions with respect to your initial
bug demand: 
1. The curves that are listed as unsafe in [1] be removed from the Named
Curves.
--> the WG discussed during several months the list of algorithms described in
that spec, removing something is not something we are ready to do at the
moment. 

2. Safe ones be recommended in their place (like Curve25519)
--> This is currently discussed in the bug
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

3. Should any Named Curves be discovered to be unsafe in the future, that they
be deprecated and eventually removed from the spec.
--> This is currently discussed in the bug
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25607. A possible resolution
could be to reference a document listing the known algorithms weaknesses. 

With respect to that status, I suggest that we close the bug as WONTFIX (while
addressing your point #2 and #3, we wont fix #1). 

Virginie
Chair of the Web Crypto WG

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Saturday, 12 July 2014 20:18:33 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:23 UTC