W3C home > Mailing lists > Public > public-webcrypto@w3.org > October 2015

Re: Transition to PR: New "Proposed Algorithm" note for algorithms without interop (and Curve 25519 from CFRG)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 12 Oct 2015 08:52:29 -0700
Message-ID: <CACvaWvbm8ZAgaUXsNSLdFkTqiAhouO8wP92YfwfLpc_DbqMcKg@mail.gmail.com>
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
On Sun, Oct 11, 2015 at 6:29 PM, Harry Halpin <hhalpin@w3.org> wrote:

> WebCrypto Working Group,
> We still have two formal objections that we have to prove are properly
> resolved to progress out of Candidate Recommendation phase and
> algorithms in the spec have to show interoperable implementation to get
> out CR.
> So as part of our transition to we have is that some algorithms are
> going to removed, including some we might add back in shortly like
> RSA-PSS. However, as part of the effort we would like to take all
> algorithms that cannot demonstrate interoperability between two
> different browser teams from the Candidate Recommendation. Rather than
> have the text lost, as it is likely some of these will be added back to
> the spec (like RSA-PSS), I propose that we add this to a "Proposed
> Algorithms" document that will be published as a Working Group Note. It
> will have no normative status and in the Working Group Note we can
> outline the criteria we will use to add specifications to the Working
> Group. Is the WG OK with this?

It is unclear the value of this, other than perhaps some process working

> There was lots of comments over the lack of support for "non-NIST"
> elliptic curve cryptography. We resolved to eventually inlcude in our
> Recommendation whatever elliptic curves were recommended by the IRTF
> CFRG [1]. Note that since then the CFRG has recommended Curve 25519 for
> DH and for signatures. So  I would further add Trevor Perrin's text for
> Curve 25519 [2]  support to this "Proposed Algorithms" Note as well if
> he has time to update it and the editors and WG can check his description.

I do not, and the CFRG's recommendation is still without final consensus on
spec that would be necessary before finalizing such text.

A Proposed Note suffers from the same issues of CR/PR, namely, that it's
perceived as frozen in time (even though the web never freezes), so given
that we know it's not in a place to be frozen, it's unclear how to
reconcile that.

> I would like to propose a call for consensus on this proposal at our
> next meeting, and can discuss it on tomorrow's teleconference if there
> is any questions.

Our workmode is that we reach consensus on the mailing lists, as has been
repeatedly established :)
Received on Monday, 12 October 2015 15:52:59 UTC

This archive was generated by hypermail 2.3.1 : Monday, 12 October 2015 15:53:00 UTC