Transition to PR: New "Proposed Algorithm" note for algorithms without interop (and Curve 25519 from CFRG) from Harry Halpin on 2015-10-12 (public-webcrypto@w3.org from October 2015)

From: Harry Halpin <hhalpin@w3.org>
Date: Sun, 11 Oct 2015 21:29:07 -0400
To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <561B0CE3.3080101@w3.org>

WebCrypto Working Group,

We still have two formal objections that we have to prove are properly
resolved to progress out of Candidate Recommendation phase and
algorithms in the spec have to show interoperable implementation to get
out CR.

So as part of our transition to we have is that some algorithms are
going to removed, including some we might add back in shortly like
RSA-PSS. However, as part of the effort we would like to take all
algorithms that cannot demonstrate interoperability between two
different browser teams from the Candidate Recommendation. Rather than
have the text lost, as it is likely some of these will be added back to
the spec (like RSA-PSS), I propose that we add this to a "Proposed
Algorithms" document that will be published as a Working Group Note. It
will have no normative status and in the Working Group Note we can
outline the criteria we will use to add specifications to the Working
Group. Is the WG OK with this?

If so, we'll set up a quick github repo for the text of the algorithms
that are removed shortly.

There was lots of comments over the lack of support for "non-NIST"
elliptic curve cryptography. We resolved to eventually inlcude in our
Recommendation whatever elliptic curves were recommended by the IRTF
CFRG [1]. Note that since then the CFRG has recommended Curve 25519 for
DH and for signatures. So  I would further add Trevor Perrin's text for
Curve 25519 [2]  support to this "Proposed Algorithms" Note as well if
he has time to update it and the editors and WG can check his description.

In general, then after we exit Rec-phase the Working Group will go into
"maintenance mode" and work over the mailing list (possibly meet over
telecons infrequently (likely once or twice a year) to check on
implementations. If two browsers have interop over algorthms that are
well-defined in the Proposed Algorithm note, then we can move them into
the spec via the process for editing Recs, which is (at least by W3C
standards) fairly lightweight and does not require going back to Working
Draft, but just editing the Candidate Recommendation.

I would like to propose a call for consensus on this proposal at our
next meeting, and can discuss it on tomorrow's teleconference if there
is any questions.

     cheers,
         harry

[1] https://lists.w3.org/Archives/Public/public-webcrypto/2014Sep/0011.html
[2]
http://www.w3.org/2012/webcrypto/WebCryptoCurve25519/Curve25519-WebCrypto.html
[3] http://www.w3.org/2014/Process-20140801/#revised-cr

Received on Monday, 12 October 2015 01:29:13 UTC