[W3C Web Crypto WG] about bug 25839 (Curve25519 Named Curve) : call for opinion in order to resolve the bug

Henri,

Thanks for your feedback and clarification.

If your exact question is 'did the WG had a chance to consider the inclusion of the named curves during the algorithm choice phase ?', then the answer is yes. WG contributors were free to bring their list of algorithm and it was a collective effort to select the algorithms in the current version of the specification, and as a result, the list does not include named curves.

From you answer I also get that : you are not requesting named curves algorithms 25519 to be described in our spec, you do not foresee Mozilla implementing it, but rather expect other implementers to implement it. Am I right ?

Regards,
Virginie
gemalto
Chair of the web crypto WG


-----Original Message-----
From: Henri Sivonen [mailto:hsivonen@hsivonen.fi]
Sent: mardi 10 juin 2014 11:59
To: GALINDO Virginie
Cc: public-webcrypto@w3.org; hi@okturtles.com; bal@microsoft.com; w3@bluematt.me
Subject: [++SPAM++]: Re: [W3C Web Crypto WG] about bug 25839 (Curve25519 Named Curve) : call for opinion in order to resolve the bug

On Tue, Jun 3, 2014 at 11:58 PM, GALINDO Virginie <Virginie.Galindo@gemalto.com> wrote:
> Inclusion of several new algorithms in our spec has been requested in
> the bug discussion : curve25519, Brainpool curves, MSR curves

I think that phrasing gives the wrong idea of the bug. There seem to be several people interested in Curve25519 whereas the Brainpool and MSR curves were mentioned by one person. Also, it seems wrong to represent Curve25519 and the MSR curves as being on equal footing considering that Curve25519 has been around for a while and has deployment but the MSR curves seem like something new without adoption yet.

> I did not see in the thread browser makers expressing interest for
> such algorithms except Microsoft for the MSR curves and Mozilla (via
> Henri
> Sivonen) for the curve25519

I think it's incorrect to read my comments as expressions of interest by Mozilla. Personally, I'd be happy to see Curve25519 in the Web Crypto API, but even inferring that from my comments on the bug would be an extrapolation. After all, my comments didn't say "I want
Curve25519 in the Web Crypto API." (though I personally would indeed like it to be available via the API.) Rather, I expressed skepticism over the vague reasons given against having it.

The above paragraph should not be read as disinterest by Mozilla, either. Rather, you should ask Richard what might or might not end up in Mozilla's implementation.

> Assuming that my sumup is fair, and that a feature in the Web Crypto
> API will stay in the final recommendation, only if there are two
> successful implementations, the proposed resolution for this bug is :

As I pointed out on the bug, I believe that for the purposes of the W3C Process, you could count an implementation of Curve25519 for instruction set X by person A and an implementation for instruction set Y by person B as two interoperable independent implementations.

That is, I think Process-based reasons against Curve25519 look weak as reasons to not even try.

--
Henri Sivonen
hsivonen@hsivonen.fi
https://hsivonen.fi/

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Tuesday, 10 June 2014 18:05:01 UTC