RE: [W3C Web Crypto WG] Call for Consensus on moving curve 25519 to a W3C Working Draft from GALINDO Virginie on 2014-11-21 (public-webcrypto@w3.org from November 2014)

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Fri, 21 Nov 2014 10:08:44 +0000
To: Harry Halpin <hhalpin@w3.org>, Richard Barnes <rlb@ipv.sx>
CC: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2AC73D111F@A1GTOEMBXV003.gto.a3c.atos.net>
Harry,
I understand your point.
Nevertheless, I hear 2 objections to this call for consensus, and the decision will be taken based on the expression of the WG members.
Aside comment : I believe we are not in hurry and we may survive waiting few weeks to have CFRG voicing their recommendation.
Virginie


-----Original Message-----
From: Harry Halpin [mailto:hhalpin@w3.org]
Sent: jeudi 20 novembre 2014 23:23
To: Richard Barnes
Cc: GALINDO Virginie; public-webcrypto@w3.org
Subject: Re: [W3C Web Crypto WG] Call for Consensus on moving curve 25519 to a W3C Working Draft



On 11/20/2014 11:18 PM, Richard Barnes wrote:
> On Thu, Nov 20, 2014 at 5:13 PM, Harry Halpin <hhalpin@w3.org> wrote:
>
>>
>>
>> On 11/20/2014 11:08 PM, Richard Barnes wrote:
>>> -1
>>>
>>> I thought we had agreed to take no action on new curves until the
>>> CFRG / TLSWG process concluded.  AFAICT, it has not.
>>
>> My understanding that Curve 25519 would a test of how we could add
>> new algorithms by sending them through the WG independently of CFRG.
>>
>> If CFRG choses a curve, then I thought the WG agreed we would try to
>> include it.
>>
>> Thus, they are separable. However, in the case that CFRG does indeed
>> chose Curve 25519 (CFRG discussion is rumoured to be ending in early
>> Dec.) then we'll obviously not have this problem.
>>
>
> I don't see why we would use a curve other than the one(s) chosen by
> CFRG for this experiment.  We're just talking about a few more weeks.

The reason is so we can show we have adequately responded when we transition to CR to the numerous complaints over curves - and thus that our extensibility and errata-based mechanism can do the heavy-lifting.

However, we can write in the bugzilla that we will revisit when/if CFRG choses a curve. However, I see no harm and quite a bit of good in taking Curve 25519 forward as Working Draft and it does show serious commitment from the WG to the issue.

If CFRG choses another curve, that curve can also be included by either a similar mechanism or moving the whole spec back to Last Call.


>
> --Richard
>
>
>
>
>
>>
>>    cheers,
>>        harry
>>
>>>
>>> On Thu, Nov 20, 2014 at 12:46 PM, GALINDO Virginie <
>>> Virginie.Galindo@gemalto.com> wrote:
>>>
>>>>  Dear all,
>>>>
>>>>
>>>>
>>>> This is a call for consensus directed to WG participants to have
>>>> the
>> curve
>>>> 25519 draft provided by Trevor Perrin [1] to become a W3C Working
>> Draft, in
>>>> the Web Crypto WG.
>>>>
>>>> That draft has been discussed with WG members during an informal
>>>> call on the 18th of August [2]. We decided not to make decision to
>>>> endorse curve
>>>> 25519 in the web crypto API, but rather see it as a candidate for
>>>> our extension/errata process.
>>>>
>>>>
>>>>
>>>> Please answer to this call for consensus before the 5th of December
>> 23:59
>>>> UTC :
>>>>
>>>> -          Indicate in a reply mail (+1) if you agree
>>>>
>>>> -          Indicate in a reply mail (-1) if you object
>>>>
>>>>
>>>>
>>>> While explicit consent is preferable, silence means endorsement
>>>> (+1) of this decision to have this draft becoming a W3C Working Draft.
>>>>
>>>>
>>>>
>>>> Regards,
>>>>
>>>> Virginie
>>>>
>>>> Chair of  Web Crypto WG
>>>>
>>>>
>>>>
>>>> [1]
>>>>
>> http://htmlpreview.github.io/?https://github.com/trevp/curve25519_web

>> crypto/blob/master/Curve25519_WebCrypto.html
>>>>
>>>> [2] http://www.w3.org/2014/08/18-crypto-minutes.html

>>>>
>>>>
>>>>
>>>>
>>>>  ------------------------------
>>>> This message and any attachments are intended solely for the
>>>> addressees and may contain confidential information. Any
>>>> unauthorized use or disclosure, either whole or partial, is prohibited.
>>>> E-mails are susceptible to alteration. Our company shall not be
>>>> liable
>> for
>>>> the message if altered, changed or falsified. If you are not the
>> intended
>>>> recipient of this message, please delete it and notify the sender.
>>>> Although all reasonable efforts have been made to keep this
>>>> transmission free from viruses, the sender will not be liable for
>>>> damages caused by a transmitted virus.
>>>>
>>>
>>
>
________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
Received on Friday, 21 November 2014 10:09:16 UTC