Re: Web Crypto -- Named Curve Dictionary (adding secp256k1)

On 2013-12-15 19:09, Melvin Carvalho wrote:
> Harry and David suggested I send a message to this group.  I was wondering if the crypto group may consider adding support for *secp256k1* in the browser Named Curve dictionary. 
> 
> http://www.w3.org/TR/WebCryptoAPI/#EcKeyGenParams-dictionary
> 
> enum NamedCurve {
>   // NIST recommended curve P-256, also known as secp256r1.
>   "P-256",
>   // NIST recommended curve P-384, also known as secp384r1.
>   "P-384",
>   // NIST recommended curve P-521, also known as secp521r1.
>   "P-521"
> };
> 
> Over the last year, there has been a significant increase in deployment for this curve.  It's used in bitcoin and many other crypto currencies.  Bitcoin deployment now numbers in the millions of users and hundreds of companies.  There are also free software implementations in most languages. 
> 
> For more background on Koblitz curve used by bitcoin see:
> 
> https://bitcointalk.org/?topic=2699.0
> 
> I'm aware that the API tends to expose what's existing in NSS, 
> but, imho, if it were possible to add support for this curve would be a great step to help to many people that already work with crypto currencies in the browser.

There's a bunch of other curves that have been suggested for inclusion in TLS such as Brainpool (widely used in e-passports), SM2 (Chinese standard) and
https://tools.ietf.org/html/draft-josefsson-tls-curve25519-00.

The NIST curves are according to some people (not me) not trustworthy because they may contain an NSA backdoor.

Anders

Received on Sunday, 15 December 2013 19:54:38 UTC