RE: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of new curves in Web Crypto API from Lu HongQian Karen on 2014-09-05 (public-webcrypto@w3.org from September 2014)

From: Lu HongQian Karen <karen.lu@gemalto.com>
Date: Fri, 5 Sep 2014 15:05:14 +0000
To: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
CC: Harry Halpin <hhalpin@w3.org>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <A57CF975EE20E94794D73B2B8943F62CBC8AC2ED@A1GTOEMBXV003.gto.a3c.atos.net>

+1

From: GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
Sent: Tuesday, September 02, 2014 3:33 PM
To: public-webcrypto@w3.org
Cc: Harry Halpin; Wendy Seltzer
Subject: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of new curves in Web Crypto API

Dear all,

Based on the recent discussions, provided that the endorsement of NUMS or curves 25519 received objections, and provided that most of WG members expressed a wish to expect IETF/CFRG recommendation for TLS prior choosing curves, I suggest that we suspend the discussions about integrating one curve or another into our current deliverables Web Crypto API until IETF/CFRG actually issues some recommendations.

As such, here is a proposed resolution, that need to receive your endorsement (+1), objection (-1) or neutral view (0).

Proposed Resolution :
The WG will not decide which additional curve to integrate before IETF/CFRG share its recommendation. Once this recommendation shared, based on timing constraint, algorithm maturity, the WG will make decision about integrating the curves, in accordance with the extensible mechanism the WG will decide, according to bug 25618 [0]. In case IETF/CFRG does not share recommendation before the Web Crypto API move to Proposed Recommendation, there will be no curve added.

If this resolution is adopted, I suggest we move on with the following plan :

-          The Web Crypto will exit Last Call without any mention to those algorithms, without any provisioned place holder, but an editorial note stating that 'some new curves may be added if IETF/CFRG issue recommendations and that curves description are mature and complete enough to be referenced in our deliverables before we move to Proposed Recommendation. In that special case, the specification would go back to Last Call' [1]

-          If IETF/CFRG does not give any recommendation before we move to Proposed Recommendation, we will not integrate any new curve in our Web Crypto API current specification, and this will be done in the next version of our deliverables.

-          A liaison will be sent to IETF/CFRG exposing that situation.

Note that this resolution does not prevent anyone to share with the Working Group some draft describing NUMS or 25519 curves, in line with the extension mechanism to be described in bug 25618 [0]. This resolution prevents someone asking to make decision about formal endorsement of a new curve, between the exit to Last Call and the move to Proposed Recommendation milestones, if the IETF/CFRG has not yet issued its own recommendation.

Please vote on that proposed resolution, do not provide alternatives, or challenge the rationale. Just answer that mail saying +1, -1, 0, and help the WG to move on...

Thanks,
Virginie Galindo
chair of the web crypto wg

[0] bug 25618 related to extension mecanism https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618
[1] 2005 process charter http://www.w3.org/2014/Talks/chairs-part4/#/45
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.
________________________________
This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Friday, 5 September 2014 15:06:21 UTC