- From: Ryan Sleevi <sleevi@google.com>
- Date: Mon, 4 Aug 2014 08:52:41 -0700
- To: Harry Halpin <hhalpin@w3.org>
- Cc: public-webcrypto@w3.org
- Message-ID: <CACvaWvYvwjhttJV6GyjSTzLEjCTNS4oVtXgLykJntz3NFjyt4A@mail.gmail.com>
Harry, Is this an official endorsement of a third proposal? It seemed that for the entirity of discussion, it has specifically been two proposals, precisely so that we could avoid your third proposal. On Aug 4, 2014 7:14 AM, "Harry Halpin" <hhalpin@w3.org> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > The problem, as BAL pointed on the call, is that we do *not* have > resolution on a single curve from TLS or CFRG. It is unclear when > those decisions will be made, although a decision is likely I would > say before we exist CR. However, chosing between NUMS and 25519 may be > premature optimization at this point. Nonetheless, as BAL noted on the > call and was backed up on the Bugzilla, there is a real demand for > non-NIST ECC curve support in Web Crypto. > > In general, in W3C process it is *more* difficult to add features than > to subtract them when going into CR. Thus, the "feature at risk" > mechanism. > > So, I'd like to add another proposal. I suggest that we simply add a > "feature at risk", using a modification of BAL's edits, for a "TBD > non-NIST" curve in the main spec. This TBD curve, if not resolved and > supported by CFRG/TLS by the time we exit from CR, is then to be > removed from the main spec. If it is later resolved after we have > exited CR, then we propose to add these curves using the standard > extension mechanism. > > cheers, > harry > > > > > On 08/04/2014 03:40 PM, GALINDO Virginie wrote: > > Hello Web Crypto participants, > > > > Following our call last week [1], I have listed the different > > ideas/directions that were raised about the way to proceed on the > > integration of NUMS and 25519 curves, as discussed in bug > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 > > > > ** Two possible options to handle NUMS and 25519 curves > > integration OPTION 1 : - We can decide to have an extension for > > NUMS and already have an editor for it - We can decide to have an > > extension for curves 25519 and have a potential draft with an > > editor coming on 10th of august - We can decide to have that/those > > extension(s) mandatory in the future browser profile Or OPTION 2 : > > - We can decide ‘not to choose between extension and main spec’ but > > decide on the principle to develop the NUMS/curve 25519 > > descriptions and put it into the spec once it is tested and proven > > it is available > > > > ** Other requirements : - We have to stay synchronized with > > IETF/CFRG - TLS requirements, which may require new algorithms → > > this is in favor of delaying the decision, expecting IETF decision > > - Learning loop : We have to decide how to make our spec extensible > > → this is favor to make early choice and beta test extension > > addition > > > > I would like to have your views on the preferred path to progress, > > option 1 or option 2. If you have another option, feel free to > > suggest. > > > > Note that we have a call scheduled next Monday 11th of August to > > discuss that question, but early opinion are helping to make calls > > efficient. > > > > Regards, Virginie Chair of the web crypto WG > > > > > > [1] > > http://lists.w3.org/Archives/Public/public-webcrypto/2014Jul/0144.html > > > > (please ignore statement below) > > > > ________________________________ This message and any attachments > > are intended solely for the addressees and may contain confidential > > information. Any unauthorized use or disclosure, either whole or > > partial, is prohibited. E-mails are susceptible to alteration. Our > > company shall not be liable for the message if altered, changed or > > falsified. If you are not the intended recipient of this message, > > please delete it and notify the sender. Although all reasonable > > efforts have been made to keep this transmission free from viruses, > > the sender will not be liable for damages caused by a transmitted > > virus. > > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.11 (GNU/Linux) > Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ > > iQIcBAEBAgAGBQJT35T2AAoJEPgwUoSfMzqcCIQP/RDTCzUQZy+FlVjH8T0XAhLb > GxEXrYPYbOLgLCClZn4deCD5kOO6cQTHtPiy2Dbt7C96TN/cqsx/aDGYjaTVEF6Y > JfpLn6aFXYGpJY6eyKkjq9PCbcWcwBfAkX1fUA1folLD9RGfWuzc18rfDQJXxM0P > M4D42oyYArPmLc0M6e4p9Gnd6tpGDLw40oDPpRT2GGDx2Rv1+f5iD5aOkEK1bg0L > 982ndP2rVwqTeDquFR33BkktuHhgBlYXsLrawsCKXGMgzoX6Lm5Sz6DPYIF6JwJl > vZomOmhFl0HObvKzziEK73a0ErKUDjITExGT6DIw4x9E3r49IpZWOka1Qzyk0HZP > /0AYa14pOVpW/nG8er8dH/ndWbQGLyAVCCusGee2UAmnam75TwXl04G8D0etATmE > uQj4dqYL7dReCAV+H4po0/o0U442aTf4Uv9DtDz2iy4iGsgZokFsSmwwo4RG3B91 > 6Hmpz1Mgh+UtKCat/w7WGXlnKmcicIod8onXivCQ5yRwuZHh+EfBGJb3hLe4ppOM > oUWOzYQmuJj/iGJW8BenBmLmDXezrYSHtRQ61F0S1H2pCkyXn0BVq/WSJvwCKuQZ > sm7ru2f9BE+RpQj4borLioTDhLJiAbLtvBeNhv3ZPIvaz5eiprIgjAF24QM1yuVv > POqoeAp4a6VYizcbu0of > =RouZ > -----END PGP SIGNATURE----- > >
Received on Monday, 4 August 2014 15:53:09 UTC