Re: Double-checking with NUMS and Curve 25519 [was Re: Elliptic Curve Extensibility - your view is expected] from Mark Watson on 2014-10-17 (public-webcrypto@w3.org from October 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Fri, 17 Oct 2014 16:39:28 -0700
To: Trevor Perrin <trevp@trevp.net>
Cc: Brian LaMacchia <bal@microsoft.com>, Richard Barnes <rlb@ipv.sx>, Harry Halpin <hhalpin@w3.org>, "public-webcrypto@w3.org Working Group" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdDzNiH3KeqYvPG4MjAoKLRuNu2TV1jWzYxQS7Kc2PdN4Q@mail.gmail.com>

On Fri, Oct 17, 2014 at 4:16 PM, Trevor Perrin <trevp@trevp.net> wrote:

> On Fri, Oct 17, 2014 at 3:54 PM, Mark Watson <watsonm@netflix.com> wrote:
> > Trevor,
> >
> > Look again - I just updated it.
>
> OK.  The PKCS8 looks like the extension point isn't in the right place
> - e.g. in ECDH ImportKey, the "Otherwise" is after stuff has been
> parsed.
>

Ah, I see. In Export we do not assume that other curves will use the
ECPrivateKey structure but for import we do. I will fix this.

>
> You're also assuming the JWK "EC" type, which requires full x and y
> coordinates, so disallows single-coordinate or compressed public keys.
>

Do you think they would use a different "kty" value if JWK was extended
for single-coordinate or compressed public keys ?

>
> Those could be fixed - whether all this is saving any effort or
> cleaner than just defining new algorithms, I don't have strong
> opinions on.
>

I don't much care either, myself, but others have expressed strong
opinions in the past that adding to the NamedCurve list is superior to
defining new algorithms and noone has expressed the converse opinion.

...Mark

>
>
> Trevor
>

Received on Friday, 17 October 2014 23:39:56 UTC