[Bug 25839] Curve25519 Named Curve

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

--- Comment #38 from Harry Halpin <hhalpin@w3.org> ---
(In reply to Brian LaMacchia from comment #36)
> (In reply to Harry Halpin from comment #35)
> > (In reply to Greg Slepak from comment #29)
> > > (In reply to Ryan Sleevi from comment #26)
> > > > (In reply to Harry Halpin from comment #24)
> > > > >  [snip]
> > > > > In order to be fair, I suggest that Matt, Greg, or other people that want
> > > > > this curve please provide sample text that fulfills this:
> > > > > 
> > > > > http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/#defining-an-algorithm
> > > > >  [snip]
> > > > Harry,
> > > > 
> > > > None of what you said conflicts with what I've said, except in on key,
> > > > critical point.
> > > > 
> > > > This document is in the process of being finished. We have had a WGLC. We
> > > > should NOT be adding to it at this time, especially without strong support
> > > > from implementers AS WELL AS users.
> > > > 
> > > > Nothing prevents Curve25519 from being pursued as a separate document. We
> > > > have made the same comments regarding other algorithms - SEED and GOST. The
> > > > WG can then review such a document and decide whether or not to adopt it as
> > > > REC track, and let that proceed through.
> > > > 
> > > > Continuing to argue for its inclusion in the spec only delays CR - after
> > > > all, a significant change like adding Curve25519 (which again, despite there
> > > > being implementations, lacks a good spec). Please note that Curve25519 is
> > > > itself a curve that is NOT compatible with ECDSA NOR is negotiation the same
> > > > as with ECDH (thus making it 'useless' from the perspective of the two APIs
> > > > that *take* NamedCurve parameters).
> > > > 
> > > > These are all reasons why it's best addressed as a separate spec, that
> > > > focuses just on the operations usable with it, and working through naming
> > > > issues (eg: Do you use Ed25519 with ECDSA? Do you call the sign/verify some
> > > > other thing?) is fruitful. But not today. Certainly not 8+ weeks ago when we
> > > > went for WGLC.
> > > 
> > > OK, thank you Harry and Ryan for your comments about this.
> > > 
> > > Harry: thanks for the suggestion and the link. I will not be able to do this,
> > > but maybe Matt (or someone else) could?
> > 
> > @Matt - can you specify the algorithm given the format in the link? 
> > 
> > i.e. 
> > http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/#defining-an-algorithm
> > 
> > If needed, you may wish to pursue a separate document for the reasons noted
> > by Ryan. If you have any questions, just ask.
> > 
> > Until we get a very clear proposal in terms of textual changes (either as
> > changes to the existing spec or as a new document), it will be hard to close
> > this bug fairly. 
> > 
> > Ryan is obviously busy with many other bugs, so I think it's very fair to
> > ask the developers who need this to define it.
> > 
> 
> Harry,
> 
> I (and others here at MSR) would be happy to supply the relevant text for
> the MSR curves (we've started calling them the NUMS curves, short for
> "nothing up my sleeves").  Would you prefer raw text or diffs on the
> existing Overview-WebCryptoAPI.xml file?


Brian,

Two questions:

1) Does the MSR curves include Curve25519 for DH? 
2) Do those curves require any additional work (key formats etc.) that make
them more complex than the rest of the algorithms already registered? 

I've had a substantial discussion about whether these curves should be included
as registered algorithms in the "main spec" text of the API or as a separate
extension spec. While Ryan would prefer an extension spec, I'm neutral. Any
opinion?

Regardless, could you do the text of those diffs or an extension spec within
about two weeks?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Tuesday, 24 June 2014 11:08:34 UTC