- From: <bugzilla@jessica.w3.org>
- Date: Thu, 26 Jun 2014 19:59:22 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 --- Comment #42 from virginie.galindo@gemalto.com --- (In reply to Brian LaMacchia from comment #41) > (In reply to virginie.galindo from comment #39) > Hello Virginie, > > I will commit to providing text for at least the MSR curves, but we > (Microsoft) disagree with your suggestion that the bug be resolved via > extension specifications. Our consensus opinion is that it would be much > better if we try to resolve this bug with changes to the main text. As has > been pointed out previously, the current text in the draft implies that in > order to implement ECDSA and ECDH, one must implement all of the NIST Prime > curves, and the text in sections 18.8 and 18.9 must be modified to permit > anything other than the NIST curves to be used. So main text edits are > required to resolve this bug in any way other than “won’t fix”. > > Given all algorithms are optional, we think that we should put all of these > non-NIST curves into the main text and then choose one of the two following > positions: > > 1) All curves are optional to implement, including the NIST curves > 2) NIST P-256 and NIST P-384 are mandatory-to-implement if you implement > ECDSA and/or ECDH, and everything else is optional. (I would not argue for > P-521 to be mandatory as it’s just not used in practice anywhere.) > > If we following this procedure, then additional curves may be added to the > list of named curves and we will just have to change the NIST curve-only > text. We can add Curve25519, the MSR curves and even the Brainpool curves > (as I pointed out in my original bug comment) as a group to accommodate the > various requests that have been received. We think that’s the best way > forward. > > Assuming you agree with this revised proposal, I’ll commit to being point > person for the MSR curves and collaborating with Matt and Henri on a > combined set of edits to permit non-NIST curves to be used in Web Crypto. > > Thanks, > > --bal Brian, the suggestion to resolve that bug, designed by the team made of chair, editors and W3C staff, was the result of a balance between having all chances to progress on the integration of the algorithms description, and not delaying the Web Crypto API progress to exit Last Call. If you feel more comfortable with writing changes to the main specification, I can not prevent you to do so. Note that as this change to the main specification will be a substantial change. As such it will have to be submitted to WG decision. So here is the plan : - all contributions related to 3 new algorithm descriptions are expected by the 11th of July (whatever is the format) - the WG will have a conference call on Monday 21st of July @20 UTC, our usual time. This will allow WG participants to read your contributions and asks questions, makes comments in bugzilla or public mailing list. - During this call on 21st of July, the WG will be asked to formally vote, to either integrate your contribution in the main specification, as received on the 11th of July (with the option of going back or not to another Last Call round), or split it into separate specifications which will aim to have its own lifecycle to become a recommendation (aka following W3C process in the Web Crypto WG). As chair, I would like this Web Crypto API to move forward, that is why I am maintaining strict deadline in the decision making (aka 11th of July text provided, 21st of July vote based on the 11th of July text). Regards Virginie Chair of the Web Crypto WG -- You are receiving this mail because: You are on the CC list for the bug.
Received on Thursday, 26 June 2014 19:59:24 UTC