W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25839] Curve25519 Named Curve

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 May 2014 19:26:27 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25839-7213-sD7m95a8Io@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

--- Comment #6 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Brian LaMacchia from comment #5)
> I would object to adding only Curve25519 to the list of named curves if
> we're going to open up the NamedCurve list to curves beyond the NIST prime
> curves.  MSR recently published a paper [1] defining new Weierstrass curves
> that are faster than the corresponding NIST curves at the same security
> level and meet all the requirements of the SafeCurves project.  The
> Brainpool curves (which already have an IETF RFC) are also popular in
> non-NIST circles.  So, at a minimum, if we open up the NamedCurve to add
> Curve25519 then we should also add the Brainpool curves and the MSR curves.
> 
> [1] http://eprint.iacr.org/2014/130

The NamedCurve list has always been open. These would have all the same issues
as I described in Comment 1 - that is, a requirement to have multi-vendor
support (which even the Brainpool curves do not).

As such, their addition is highly likely to be short-lived.

An alternative is to separately spec, as described in Bug 25618, exactly what
these curves are and how they behave, the operations they're valid for, etc.

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 21 May 2014 19:26:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC