- From: <bugzilla@jessica.w3.org>
- Date: Sat, 24 May 2014 18:41:01 +0000
- To: public-webcrypto@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 --- Comment #13 from Ryan Sleevi <sleevi@google.com> --- (In reply to Greg Slepak from comment #11) > Sorry, just realized I had another question: > > (In reply to Ryan Sleevi from comment #8) > > Yes, there is more than technical discussion here (although Curve25519 > > remains a highly charged technical discussion). The political issues are > > very much applicable for User Agents, particularly those that need to be > > available to users in a variety of countries and purposes. > > > > While you can disagree with these, they are real issues that User Agent > > vendors have to deal with. Things like export controls and FIPS 140-2 remain > > issues for UAs and UA vendors. > > Could you elaborate on these issues? > > Without researching them myself, it sounds like: "We don't want to recommend > Curve25519 because it's secure." > > Is that an accurate rephrasing? Is the job then of this working group to > recommend insecure ciphers? Please research them yourself before you begin leaping to conclusions and suggest ill-will to maliciousness on behalf of this WG. There are a variety of algorithms that have concerns. For example, OCB, even if well-understood, has a set of non-technical concerns. A number of implementations ship work that only works one disregards the set of considerations (whether they be disregarding patent, jurisdictional, or export control law) that UAs must adhere to. I think it's more important to remember that *none* of the algorithms in this specification are any statements regarding UA's behaviours. They are merely specifications about *how* the algorithm would behave, if implemented. The sampling of the algorithms was based primarily on what is widely available within UAs today, so that they can instead focus on technical discussion, without having to engage in these broader issues at this time. For those that wish to engage in these debates, it would be helpful to approach as separate proposals, so that the specifications can proceed at independent paces. -- You are receiving this mail because: You are on the CC list for the bug.
Received on Saturday, 24 May 2014 18:41:02 UTC