W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25839] Curve25519 Named Curve

From: <bugzilla@jessica.w3.org>
Date: Wed, 21 May 2014 19:26:27 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25839-7213-sD7m95a8Io@http.www.w3.org/Bugs/Public/>

--- Comment #6 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Brian LaMacchia from comment #5)
> I would object to adding only Curve25519 to the list of named curves if
> we're going to open up the NamedCurve list to curves beyond the NIST prime
> curves.  MSR recently published a paper [1] defining new Weierstrass curves
> that are faster than the corresponding NIST curves at the same security
> level and meet all the requirements of the SafeCurves project.  The
> Brainpool curves (which already have an IETF RFC) are also popular in
> non-NIST circles.  So, at a minimum, if we open up the NamedCurve to add
> Curve25519 then we should also add the Brainpool curves and the MSR curves.
> [1] http://eprint.iacr.org/2014/130

The NamedCurve list has always been open. These would have all the same issues
as I described in Comment 1 - that is, a requirement to have multi-vendor
support (which even the Brainpool curves do not).

As such, their addition is highly likely to be short-lived.

An alternative is to separately spec, as described in Bug 25618, exactly what
these curves are and how they behave, the operations they're valid for, etc.

You are receiving this mail because:
You are on the CC list for the bug.
Received on Wednesday, 21 May 2014 19:26:30 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC