Hello, members of web app security group. My name is Ilya Chesnokov and I represent Proton Technologies AG - the company behind Protonmail, the world's largest encrypted email provider. Our company is interested in enhancing the web cryptography specification (https://www.w3.org/TR/WebCryptoAPI/) to include curve25519 and curve448. For the former curve, there exists a written proposal, albeit incomplete https://github.com/trevp/curve25519_webcrypto. Also, there was a formal voting with most votes against this; the main reason was that these curves were not included in the CFRG or TLS standards (an example vote is here https://lists.w3.org/Archives/Public/public-webcrypto/2014Aug/0107.html). Now both curves are included in CFRG standard https://tools.ietf.org/html/rfc7748 and in the TLS draft https://tools.ietf.org/html/draft-ietf-tls-curve25519-01, therefore, it seems that including these curves now in the web crypto API is a reasonable choice. Proton technologies is interested in writing necessary specification, since it will advance our openpgp implementation (working draft of the spec with curve 25519 is here https://tools.ietf.org/html/draft-koch-openpgp-rfc4880bis-02). This mail is intended to gauge interest in including curve 25519 and curve 448 to web crypto api, all replies are welcome. Best regards Ilya Chesnokov Sent with [ProtonMail](https://protonmail.com) Secure Email.
Received on Tuesday, 10 December 2019 09:47:47 UTC