Re: Fwd: New Liaison Statement, "Additional Curves" from Harry Halpin on 2015-03-14 (public-webcrypto@w3.org from March 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Sat, 14 Mar 2015 20:34:47 +0100
To: Ryan Sleevi <sleevi@google.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>
CC: public-webcrypto@w3.org, Richard Barnes <rlb@ipv.sx>
Message-ID: <55048D57.6040101@w3.org>
On 03/14/2015 05:51 PM, Ryan Sleevi wrote:
> I am confident that the point of having an algorithm definition and
> construction reviewed and agreed upon by the community will be longer than
> a month, even if all the pieces are "obvious" (as the discussion has shown,
> some pieces presumed obvious, such as endianness, are far from it)

I agree it is very likely longer than a month.

I think the simplest route forward would be adopt Trevor Perrin's spec
as a Working Draft for Curve 25519 (and create a Goldilocks spec if CFRG
adds that to recommended curves) and then use the errata process to
check that into the main spec when the CFRG/TLS process reaches
maturity. It would be good to get Trevor a co-editor as well.

In the mean time, we can continue tracking the discussion and should
probably respond to the liaison statement noting the above process and
then establishing a liaison with TLS WG.

    cheers,
        harry

> 
> +1 update after the fact, as much as I would love to see it in.
> On Mar 14, 2015 3:42 AM, "GALINDO Virginie" <Virginie.Galindo@gemalto.com>
> wrote:
> 
>> Harry and all,
>> When do you think open issues in IETF will be solved ? If this is about a
>> month,  we can take option a), if this is about 6 months,  I suggest we
>> follow b) (aka errata management).
>> Any opinion from WG members,  familiar with IETF life cycles  ?
>> I am not sure there is nothing we cant solve via e-mail here.
>> Virginie
>>
>> ---- Harry Halpin a écrit ----
>>
>>
>> On 03/12/2015 06:28 AM, Richard Barnes wrote:
>>> +1
>>>
>>> This is good news, in that it shows that the end is in sight, and there
>> are
>>> curves.  I would say we're clear to discuss charter work on the new
>> curves
>>> now, especially if it's at the level of "support the curves agreed by
>>> CFRG".  But it's still early to start laying down any API.
>>
>> Note we do have this early draft by Trevor (although representational
>> details are not specified in as much detail as needed):
>>
>>
>> http://htmlpreview.github.io/?https://github.com/trevp/curve25519_webcrypto/blob/master/Curve25519_WebCrypto.html
>>
>> I realize are still unresolved issues, as noted by the discussions on
>> CFRG. However, this statement has noted the "additional curve
>> discussion" has been resolved and the implementation (i.e.
>> "representation") details will now be handled by a combination of CFRG
>> and TLS WG. T
>>
>> In particular, there's numerous things we can do:
>>
>> 1) Nothing.
>>
>> 2) Co-ordinate on details with TLS and CFRG
>>
>> The latter is what the IETF->W3C liaison statement proposed:
>>
>> "We would be happy to see W3C work with the IETF and CFRas this work
>> proceeds to ensure that WebCrypto and TLS expose the same curves and,
>> insofar as possible, the same algorithms."
>>
>> Then there are two distinct options if we chose to co-ordinate:
>>
>> a) Return to Last Call if needed (however, this could take a long time
>> if representational details aren't settled quickly)
>>
>> b) Use the errata process to update the spec as soon represntational
>> details are solved.
>>
>> I think a telecon might be useful if there is disagreement on next steps.
>>
>>    cheers,
>>        harry
>>
>>
>>
>>>
>>> On Wed, Mar 11, 2015 at 9:28 PM, Ryan Sleevi <sleevi@google.com> wrote:
>>>
>>>> Harry,
>>>>
>>>> You've already received feedback from the CFRG about why this is unwise,
>>>> with regards to the still ongoing discussions. I appreciate your
>>>> enthusiasm, but there are still significant open issues being discussed.
>>>>
>>>> http://www.ietf.org/mail-archive/web/cfrg/current/msg06425.html
>>>>
>>>> In case that feedback wasn't clear, Watson did the courtesy of
>> explaining
>>>> more in depth why this matters:
>>>> http://www.ietf.org/mail-archive/web/cfrg/current/msg06433.html
>>>>
>>>> As noted, while the debate about the curve has settled, there is still
>>>> active and ongoing discussion of the representations which need to be
>>>> resolved.
>>>>
>>>> To be clear, I'm wanting to allow the process time to complete.
>>>>
>>>
>>
>> ________________________________
>>  This message and any attachments are intended solely for the addressees
>> and may contain confidential information. Any unauthorized use or
>> disclosure, either whole or partial, is prohibited.
>> E-mails are susceptible to alteration. Our company shall not be liable for
>> the message if altered, changed or falsified. If you are not the intended
>> recipient of this message, please delete it and notify the sender.
>> Although all reasonable efforts have been made to keep this transmission
>> free from viruses, the sender will not be liable for damages caused by a
>> transmitted virus.
>>
>
Received on Saturday, 14 March 2015 19:34:54 UTC