[Bug 27816] New: IANA considerations review for definition of algorithms from bugzilla@jessica.w3.org on 2015-01-12 (public-webcrypto@w3.org from January 2015)

From: <bugzilla@jessica.w3.org>
Date: Mon, 12 Jan 2015 21:10:20 +0000
To: public-webcrypto@w3.org
Message-ID: <bug-27816-7213@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=27816

            Bug ID: 27816
           Summary: IANA considerations review for definition of
                    algorithms
           Product: Web Cryptography
           Version: unspecified
          Hardware: PC
                OS: Windows NT
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Web Cryptography API Document
          Assignee: sleevi@google.com
          Reporter: ietf@augustcellars.com
                CC: public-webcrypto@w3.org

Please consider this to be a possible IANA considerations review.  It is not
completely clear that this is what I would say at the time the document shows
up.  But it does indicate my current thinking and a discussion will likely help
in forming final opinions.

This set of registrations is problematic due a change that has occurred since
this path was initially embarked on.

The IESG made a request for algorithm analysis be added as part of the process
of registering a new algorithm so that the designated experts would have a set
of usable documents to determine what the security levels of algorithms are. 
It was assumed that this was not necessary for the initial registrations as the
working group had the chance to discuss this to death during the process.  This
means that there is an additional requirement

  Algorithm Analysis Documents(s):
      References to publication(s) in well-known cryptographic
      conferences, by national standards bodies, or by other
      authoritative sources analyzing the cryptographic soundness of the
      algorithm to be registered.  The designated experts may require
      convincing evidence of the cryptographic soundness of a new
      algorithm to be provided with the registration request unless the
      algorithm is being registered as Deprecated or Prohibited.  Having
      gone through working group and IETF review, the initial
      registrations made by this document are exempt from the need to
      provide this information.

It is not clear to me that this is satisfiable for a number of algorithms that
registration is being requested for in this case.  (It is also not clear that
this field needs to be filled out unless it is requested by the DE so the fact
that it is currently absent is not an apriori failure.)

It is very possible that after some discussions a resolution Won't fix is
reasonable.

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Monday, 12 January 2015 21:10:22 UTC