RE: Changes required to add the NUMS curves to Web Cryptography API from GALINDO Virginie on 2014-07-12 (public-webcrypto@w3.org from July 2014)

From: GALINDO Virginie <Virginie.Galindo@gemalto.com>
Date: Sat, 12 Jul 2014 20:01:49 +0000
To: Brian LaMacchia <bal@microsoft.com>, "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <540E99C53248CE468F6F7702588ABA2AC365D669@A1GTOEMBXV002.gto.a3c.atos.net>

Brian,
Thanks for this contribution. The WG participants have now up to the 28th of July to ask question and clarification about your contribution. We will make decision about what to do with that text on our WG conference call on the 28th of July.
Regards,
Virginie

-----Original Message-----
From: Brian LaMacchia [mailto:bal@microsoft.com]
Sent: samedi 12 juillet 2014 01:28
To: public-webcrypto@w3.org
Subject: Changes required to add the NUMS curves to Web Cryptography API

Dear fellow members of the W3C Web Cryptography WG,

Per the notice from the chair in Comment #39 of Bug #25839 (concerning the additional of new elliptic curves to the Web Cryptography standard), attached to this message are the changes to the main text of the spec necessary to add support for the NUMS curves for ECDSA and ECDH operations.  Per Ryan's request, I have provided textual additions based on the latest Editor's Draft (dated 16 June, 2014).  Changes are necessary to the ECDSA, ECDH and References sections.

Additionally, and as I note at the beginning of my list of changes, the W3C Web Cryptography API currently normatively references two ANSI specifications -- X9.62 and X9.62 -- for ECDSA and ECDH.  Neither ANSI specification is freely available.  Instead of referencing non-free specifications, it would be better to reference freely-available ECC specifications like RFC 6090 and FIPS 186-3.  As X9.62 and X9.63 are not freely available, I did not cross-check any of the references to either of those specs for extensibility (or lack thereof).

The list of required changes also highlights the places in the specification where extension of ECDSA and ECDH to other curves is currently blocked by the text.  Hopefully this itemized list will help with the resolution of Bug #25618 (concerning a formal way to extend the specification).

Finally, I would also call the WG's attention to the two Internet-Drafts that the NUMS group has recently submitted to the IETF and IRTF:

http://tools.ietf.org/id/draft-black-numscurves-01.txt, Elliptic Curve Cryptography (ECC) Nothing Up My Sleeve (NUMS) Curves and Curve Generation.  B. Black, J. Bos, C.Costello, P. Longa, M. Naerhig.

http://tools.ietf.org/id/draft-black-tls-numscurves-00.txt, Nothing Up My Sleeve (NUMS) Curves for Ephemeral Key Exchange in Transport Layer Security (TLS).  B. Black, T. Acar, M. Ray.

The NUMS group will be presenting both drafts at IETF-90 in Toronto.

Please let me know if you have any questions about any of the proposed changes,

                                        --bal

________________________________
 This message and any attachments are intended solely for the addressees and may contain confidential information. Any unauthorized use or disclosure, either whole or partial, is prohibited.
E-mails are susceptible to alteration. Our company shall not be liable for the message if altered, changed or falsified. If you are not the intended recipient of this message, please delete it and notify the sender.
Although all reasonable efforts have been made to keep this transmission free from viruses, the sender will not be liable for damages caused by a transmitted virus.

Received on Saturday, 12 July 2014 20:03:25 UTC