Re: [W3C Web Crypto WG] CfC : Call for Consensus on the integration of curve25519 in WG deliverables (please vote until the 26th of August) from Mark Watson on 2014-08-12 (public-webcrypto@w3.org from August 2014)

From: Mark Watson <watsonm@netflix.com>
Date: Tue, 12 Aug 2014 09:03:04 -0700
To: Richard Barnes <rlb@ipv.sx>
Cc: Ryan Sleevi <sleevi@google.com>, GALINDO Virginie <Virginie.Galindo@gemalto.com>, Wendy Seltzer <wseltzer@w3.org>, "hhalpin@w3.org" <hhalpin@w3.org>, "webcrypto@trevp.net" <webcrypto@trevp.net>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CAEnTvdBoDkCof-6dvJ=3rreenEY-w60oYw=6FgmV+NDJS8LZ2Q@mail.gmail.com>

As per my comment on the NUMS curves, what we *can* do in the absence of
consensus of which curves to adopt when / how is to do the technical work
in separate Editor's Draft specifications. This would prove out the
extensibility of the main specification and allow us to move quickly into
formal process if / when there is consensus on which curves to adopt.

...Mark


On Tue, Aug 12, 2014 at 8:51 AM, Richard Barnes <rlb@ipv.sx> wrote:

> I don't disagree with you on the merits.  There is running code for
> Curve25519.  In the spirit of limiting curve proliferation, though, I would
> prefer that we keep the focus on the CFRG-selected curves (assuming the
> process works).  That could very well result in renewed focus on Curve25519
> a little later.
>
> My main point is just that this is a really bad time to be deciding on
> which curves to support.  There's already one such fight going on in CFRG.
> Let's let that play out before we make our decisions.
>
> --Richard
>
>
> On Tue, Aug 12, 2014 at 11:43 AM, Ryan Sleevi <sleevi@google.com> wrote:
>
>> Richard,
>>
>> It seems that, independent of CFRG/TLSes decision, Trevor's point about a
>> non-trivial amount of code using Curve25519 still stands. This is
>> fundamentally different than NUMS, on many layers. It seems useful to
>> expose, even if TLs (one particular WG) or CFRG (making recommendations for
>> new protocols/EC alternatives) goes elsewhere.
>>
>> But a +1 to the proposal.
>> On Aug 12, 2014 8:38 AM, "Richard Barnes" <rlb@ipv.sx> wrote:
>>
>>> -1
>>>
>>> Strong -1.  We should not be balloting on specific curves right now,
>>> either NUMS or Curve25519.  We should agree on the principle that we will
>>> support the next generation curves that CFRG and TLS agree on, and work to
>>> support that once it's decided.
>>>
>>>
>>> On Tue, Aug 12, 2014 at 9:22 AM, GALINDO Virginie <
>>> Virginie.Galindo@gemalto.com> wrote:
>>>
>>>>  Dear all,
>>>>
>>>>
>>>>
>>>> I would like to call for consensus on the way we will move forward with
>>>> the contribution provided by Trevor Perrin describing Curve25519 operation
>>>> [1]. We discussed several options and I would like to submit the following
>>>> resolution to your vote.
>>>>
>>>>
>>>>
>>>> *Proposed resolution : the WG agrees on the principle that Curve25519
>>>> will be added to Web Crypto WG deliverables as an extension to the Web
>>>> Crypto API specification. An extension being here a separate specification
>>>> having its own Recommendation Track.*
>>>>
>>>>
>>>>
>>>> Deadline : votes have to be expressed expected until 26th of August
>>>> 23:59 UTC
>>>>
>>>> Guideline for voting : reply to all to this mail, indicating, +1 if you
>>>> agree with the resolution, -1 means if you object, 0 if you can live with
>>>> it. While silence means implicit endorsement of the resolution, explicit
>>>> expression of vote is encouraged, to help the chair measuring the
>>>> enthusiasm of the WG participants.
>>>>
>>>>
>>>>
>>>> Note the following additional information :
>>>>
>>>> -          This extension will be used as a beta test for the
>>>> extensibility mechanism that we need to address as raised in bug 25618
>>>>
>>>> -          The proposed editor is Trevor, as long as Trevor agrees to
>>>> maintain the document
>>>>
>>>> -          This resolution does not imply that the draft submitted by
>>>> Trevor is endorsed in its current state, as the WG did not have a chance to
>>>> discuss the content. The discussion about that content can be conducted
>>>> over the mailing list, or during a dedicated call, where we will invite
>>>> Trevor.
>>>>
>>>>
>>>>
>>>> Have a great week !
>>>>
>>>> Virginie
>>>>
>>>> Chair of the Web Crypto WG
>>>>
>>>>
>>>>
>>>> [1]
>>>> http://lists.w3.org/Archives/Public/public-webcrypto/2014Aug/0064.html
>>>>
>>>>
>>>>  ------------------------------
>>>> This message and any attachments are intended solely for the addressees
>>>> and may contain confidential information. Any unauthorized use or
>>>> disclosure, either whole or partial, is prohibited.
>>>> E-mails are susceptible to alteration. Our company shall not be liable
>>>> for the message if altered, changed or falsified. If you are not the
>>>> intended recipient of this message, please delete it and notify the sender.
>>>> Although all reasonable efforts have been made to keep this
>>>> transmission free from viruses, the sender will not be liable for damages
>>>> caused by a transmitted virus.
>>>>
>>>
>>>
>

Received on Tuesday, 12 August 2014 16:03:38 UTC