[Bug 25839] Curve25519 Named Curve from bugzilla@jessica.w3.org on 2014-06-12 (public-webcrypto@w3.org from June 2014)

From: <bugzilla@jessica.w3.org>
Date: Thu, 12 Jun 2014 21:15:57 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-25839-7213-5K0pRhiBHm@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

--- Comment #29 from Greg Slepak <hi@okturtles.com> ---
(In reply to Ryan Sleevi from comment #26)
> (In reply to Harry Halpin from comment #24)
> >  [snip]
> > In order to be fair, I suggest that Matt, Greg, or other people that want
> > this curve please provide sample text that fulfills this:
> > 
> > http://www.w3.org/TR/2014/WD-WebCryptoAPI-20140325/#defining-an-algorithm
> >  [snip]
> Harry,
> 
> None of what you said conflicts with what I've said, except in on key,
> critical point.
> 
> This document is in the process of being finished. We have had a WGLC. We
> should NOT be adding to it at this time, especially without strong support
> from implementers AS WELL AS users.
> 
> Nothing prevents Curve25519 from being pursued as a separate document. We
> have made the same comments regarding other algorithms - SEED and GOST. The
> WG can then review such a document and decide whether or not to adopt it as
> REC track, and let that proceed through.
> 
> Continuing to argue for its inclusion in the spec only delays CR - after
> all, a significant change like adding Curve25519 (which again, despite there
> being implementations, lacks a good spec). Please note that Curve25519 is
> itself a curve that is NOT compatible with ECDSA NOR is negotiation the same
> as with ECDH (thus making it 'useless' from the perspective of the two APIs
> that *take* NamedCurve parameters).
> 
> These are all reasons why it's best addressed as a separate spec, that
> focuses just on the operations usable with it, and working through naming
> issues (eg: Do you use Ed25519 with ECDSA? Do you call the sign/verify some
> other thing?) is fruitful. But not today. Certainly not 8+ weeks ago when we
> went for WGLC.

OK, thank you Harry and Ryan for your comments about this.

Harry: thanks for the suggestion and the link. I will not be able to do this,
but maybe Matt (or someone else) could?

Ryan: What do you mean by separate spec? I've asked you this before but you
did not reply. A separate version of this spec, or a completely different
spec called "WebCryptoAPI (Secure Curve Version)"?

Also, what do you mean by "delays CR" (what is CR)? And regardless of whatever
CR means, why are you more concerned with delays than you are with the security
of the curves in the spec?

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Thursday, 12 June 2014 21:15:59 UTC