[Bug 25839] Curve25519 Named Curve

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

Henri Sivonen <hsivonen@hsivonen.fi> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |hsivonen@hsivonen.fi

--- Comment #15 from Henri Sivonen <hsivonen@hsivonen.fi> ---
(In reply to Ryan Sleevi from comment #1)
> We could, but it would have to be marked as a feature at risk.
> 
> Judging by implementation status - especially within the cryptographic
> libraries that support the various UAs' ongoing implementations (NSS,
> CommonCrypto, and CNG - for Chrome/Firefox, Safari, and IE, respectively),
> it does not seem likely that this would meet the requirements of multiple
> inter-operable specifications at the time of REC.

When different CPU architectures have distinct implementations, you could count
x86_64 impl. by person A and armv7 impl. by person B as distinct
implementations.

(In reply to Ryan Sleevi from comment #8)
> While you can disagree with these, they are real issues that User Agent
> vendors have to deal with. Things like export controls and FIPS 140-2 remain
> issues for UAs and UA vendors.

What's the export control issue? Curve25519 appears to have been shipped as
part of QUIC in Chrome and Opera and as part of AirPlay as well as some other
stuff in Apple products.

As for FIPS, it seems wrong to limit the cryptographic primitives available
world-wide just because a particular government doesn't want to use those
primitives on their intranet.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 26 May 2014 12:06:34 UTC