[Bug 25839] Curve25519 Named Curve

https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839

--- Comment #8 from Ryan Sleevi <sleevi@google.com> ---
(In reply to Greg Slepak from comment #7)
> As Matt pointed out in in Comment 0, there exists already large
> implementation support for Curve25519:
> http://ianix.com/pub/curve25519-deployment.html

I'm aware, but that's never been the consideration criteria. It's about what is
available to User Agents.

The WG was chartered with the premise of leveraging the *existing*
cryptographic capabilities in User Agents today - due to their TLS
implementations - before beginning efforts to add whatever algorithm is in
vogue at the time.

> 
> Given the curve's favorable performance and security features [1], it seems
> like it should be added purely on technical merit.
> 
> If the argument against its addition to the dictionary is that support for
> it doesn't exist in "NSS, CommonCrypto, and CNG", then we should ask *why*
> isn't it supported in those libraries, and how difficult would it be to add
> support?

And that's not a question for this WG. The fact remain that the support is not
present in UAs.

> 
> Given that many liberally licensed implementations of Curve25519 already
> exist (like libsodium [2]), I'm fairly certain the answer is: it is not at
> all difficult for these libraries to add support for it, and if they choose
> not to, it's likely for political reasons, not technical ones.
> 
> [1] http://cr.yp.to/ecdh/curve25519-20060209.pdf
> 
> [2] https://github.com/jedisct1/libsodium

Yes, there is more than technical discussion here (although Curve25519 remains
a highly charged technical discussion). The political issues are very much
applicable for User Agents, particularly those that need to be available to
users in a variety of countries and purposes.

While you can disagree with these, they are real issues that User Agent vendors
have to deal with. Things like export controls and FIPS 140-2 remain issues for
UAs and UA vendors.

Still, a reasonable path forward is to provide separate curves in a separate
specification, which can then look at adding things like Curve25519, Poly1305,
Salsa 20, or the BADA55 curves.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Saturday, 24 May 2014 18:07:49 UTC