Re: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of new curves in Web Crypto API from Richard Barnes on 2014-09-05 (public-webcrypto@w3.org from September 2014)

From: Richard Barnes <rlb@ipv.sx>
Date: Fri, 5 Sep 2014 14:44:39 -0400
To: Lu HongQian Karen <karen.lu@gemalto.com>
Cc: GALINDO Virginie <Virginie.Galindo@gemalto.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>, Harry Halpin <hhalpin@w3.org>, Wendy Seltzer <wseltzer@w3.org>
Message-ID: <CAL02cgTZwuCqwtVTtBxtv6AzZYrh8e2+XDNhSX118ErpCMzqkg@mail.gmail.com>

+1


On Fri, Sep 5, 2014 at 11:05 AM, Lu HongQian Karen <karen.lu@gemalto.com>
wrote:

>  +1
>
>
>
> *From:* GALINDO Virginie [mailto:Virginie.Galindo@gemalto.com]
> *Sent:* Tuesday, September 02, 2014 3:33 PM
> *To:* public-webcrypto@w3.org
> *Cc:* Harry Halpin; Wendy Seltzer
> *Subject:* [W3C Web Crypto WG] CfC : Call for Consensus on the
> integration of new curves in Web Crypto API
>
>
>
> Dear all,
>
>
>
> Based on the recent discussions, provided that the endorsement of NUMS or
> curves 25519 received objections, and provided that most of WG members
> expressed a wish to expect IETF/CFRG recommendation for TLS prior choosing
> curves, I suggest that we suspend the discussions about integrating one
> curve or another into our current deliverables Web Crypto API until
> IETF/CFRG actually issues some recommendations.
>
>
>
> As such, here is a proposed resolution, that need to receive your
> endorsement (+1), objection (-1) or neutral view (0).
>
>
>
> Proposed Resolution :
>
> The WG will not decide which additional curve to integrate before
> IETF/CFRG share its recommendation. Once this recommendation shared, based
> on timing constraint, algorithm maturity, the WG will make decision about
> integrating the curves, in accordance with the extensible mechanism the WG
> will decide, according to bug 25618 [0]. In case IETF/CFRG does not share
> recommendation before the Web Crypto API move to Proposed Recommendation,
> there will be no curve added.
>
>
>
> If this resolution is adopted, I suggest we move on with the following
> plan :
>
> -          The Web Crypto will exit Last Call without any mention to
> those algorithms, without any provisioned place holder, but an editorial
> note stating that ‘some new curves may be added if IETF/CFRG issue
> recommendations and that curves description are mature and complete enough
> to be referenced in our deliverables before we move to Proposed
> Recommendation. In that special case, the specification would go back to
> Last Call’ [1]
>
> -          If IETF/CFRG does not give any recommendation before we move
> to Proposed Recommendation, we will not integrate any new curve in our Web
> Crypto API current specification, and this will be done in the next version
> of our deliverables.
>
> -          A liaison will be sent to IETF/CFRG exposing that situation.
>
>
>
> Note that this resolution does not prevent anyone to share with the
> Working Group some draft describing NUMS or 25519 curves, in line with the
> extension mechanism to be described in bug 25618 [0]. This resolution
> prevents someone asking to make decision about formal endorsement of a new
> curve, between the exit to Last Call and the move to Proposed
> Recommendation milestones, if the IETF/CFRG has not yet issued its own
> recommendation.
>
>
>
> Please vote on that proposed resolution, do not provide alternatives, or
> challenge the rationale. Just answer that mail saying +1, -1, 0, and help
> the WG to move on…
>
>
>
> Thanks,
>
> Virginie Galindo
>
> chair of the web crypto wg
>
>
>
>
>
> [0] bug 25618 related to extension mecanism
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618
>
> [1] 2005 process charter http://www.w3.org/2014/Talks/chairs-part4/#/45
>  ------------------------------
>
>
>
> *This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited. E-mails are susceptible
> to alteration. Our company shall not be liable for the message if altered,
> changed or falsified. If you are not the intended recipient of this
> message, please delete it and notify the sender. Although all reasonable
> efforts have been made to keep this transmission free from viruses, the
> sender will not be liable for damages caused by a transmitted virus.*
>  ------------------------------
> This message and any attachments are intended solely for the addressees
> and may contain confidential information. Any unauthorized use or
> disclosure, either whole or partial, is prohibited.
> E-mails are susceptible to alteration. Our company shall not be liable for
> the message if altered, changed or falsified. If you are not the intended
> recipient of this message, please delete it and notify the sender.
> Although all reasonable efforts have been made to keep this transmission
> free from viruses, the sender will not be liable for damages caused by a
> transmitted virus.
>

Received on Friday, 5 September 2014 18:45:07 UTC