W3C home > Mailing lists > Public > public-webcrypto@w3.org > May 2014

[Bug 25839] Curve25519 Named Curve

From: <bugzilla@jessica.w3.org>
Date: Sat, 24 May 2014 18:28:22 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25839-7213-zJkM7XeS24@http.www.w3.org/Bugs/Public/>
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

--- Comment #11 from Greg Slepak <hi@okturtles.com> ---
Sorry, just realized I had another question:

(In reply to Ryan Sleevi from comment #8)
> Yes, there is more than technical discussion here (although Curve25519
> remains a highly charged technical discussion). The political issues are
> very much applicable for User Agents, particularly those that need to be
> available to users in a variety of countries and purposes.
> 
> While you can disagree with these, they are real issues that User Agent
> vendors have to deal with. Things like export controls and FIPS 140-2 remain
> issues for UAs and UA vendors.

Could you elaborate on these issues?

Without researching them myself, it sounds like: "We don't want to recommend
Curve25519 because it's secure."

Is that an accurate rephrasing? Is the job then of this working group to
recommend insecure ciphers?

-- 
You are receiving this mail because:
You are on the CC list for the bug.
Received on Saturday, 24 May 2014 18:28:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:17:22 UTC