- From: <bugzilla@jessica.w3.org>
- Date: Thu, 12 Jun 2014 23:23:09 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=26080
--- Comment #7 from Greg Slepak <hi@okturtles.com> ---
(In reply to Ryan Sleevi from comment #6)
> (In reply to Greg Slepak from comment #5)
> > This bug started as an offshoot of bug 25839, where I was told (by you) in
> > not
> > precisely these words, that the Web Crypto API is not recommending that
> > specific
> > curves be implemented.
>
> WebCrypto IS normatively requiring that, if ECDSA or ECDH are supported as
> algorithms, the curves specified MUST be supported.
>
> WebCrypto is NOT requiring that ECDSA or ECDH are supported.
Thanks for clearing that up.
> > I wouldn't have created this bug if your spec offered a single safe curve,
> > but it does not, so it can be argued that the "tools" it's providing aren't
> > very good (currently). Hopefully a safe curve(s) will be added to the spec
> > soon.
>
> The misnomer of "safe curve" will continue to cause confusion. Truly
> unfortunate.
A misnomer? You're saying DJB was wrong to call them unsafe?
> > That doesn't mean, however, that in all cases the security of WebCrypto is
> > limited by TLS (for example, browser extensions that store pinned certs or
> > fingerprints locally would clearly have security exceeding that of TLS +
> > X.509).
>
> Extensions updated via TLS? That are signed with { RSA or
> ECDSA-using-the-NIST-curves }? Which are both UA-specific implementation
> details?
Valid concerns. It might be possible for extensions to attempt to mitigate
against updates, but those are implementation and US-specific details.
> >
> > A look forward for more (safer) curve diversity in the spec, and hope it
> > makes
> > it into the 1.0 (or w/e you call your final release).
>
> That is unlikely.
I hope nobody uses the spec then.
--
You are receiving this mail because:
You are on the CC list for the bug.
Received on Thursday, 12 June 2014 23:23:10 UTC