- From: Wendy Seltzer <wseltzer@w3.org>
- Date: Tue, 05 Feb 2013 14:57:57 -0500
- To: public-webcrypto-comments@w3.org
- CC: Björn Kinscher <bjoern.kinscher@googlemail.com>
-------- Original Message -------- Subject: [Moderator Action] ECC Curves Date: Fri, 25 Jan 2013 14:19:13 +0000 From: Björn Kinscher <bjoern.kinscher@googlemail.com> To: public-webcrypto@w3.org Hi, I attended the talk of Harry Halpin at the 29c3, where I heard that there is still a lot of ongoing work on the webcrypto api. I would like to know if it is considered to give api users the possibility of defining their own curves for ECDSA and ECDH. Last year I worked with the new german identity card. It uses recently defined curves, which are not available in any classic encryption libraries. Thus I think it is necessary to enable api users to define their own curves to ensure compatibility with other applications. I do not want api users to create their own curves, but that they are able to use recently approved ones without waiting for user agent vendors to implement them. I know there is a risk of users creating weak ones, but I still think the possibility to define new curves would be very useful. Especially since a user agent can't include all possible useful curves. My suggestion is to extend EcKeyGenParams with something like the following to give api users the possibility to define their custom curves: typedef (namedCurve or customCurve) CurveIdentifier; dictionary customCurve { // prime number BigInteger prime; // a and b are definded by the equatation y^2 = x^3 + a*x + b BigInteger a; BigInteger b; // generator of the group ECPoint generator; // order of the group BigInteger order; // index of the sub-group BigInteger cofactor; } dictionary EcKeyGenParams : AlgorithmParameters { // A named or a custom curve CurveIdentifier curve; }; Another option would be to add an interface to register new named curves with these parameters. Regards Björn Kinscher
Received on Tuesday, 5 February 2013 19:57:59 UTC