- From: Harry Halpin <hhalpin@w3.org>
- Date: Sun, 11 Oct 2015 21:29:07 -0400
- To: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
WebCrypto Working Group, We still have two formal objections that we have to prove are properly resolved to progress out of Candidate Recommendation phase and algorithms in the spec have to show interoperable implementation to get out CR. So as part of our transition to we have is that some algorithms are going to removed, including some we might add back in shortly like RSA-PSS. However, as part of the effort we would like to take all algorithms that cannot demonstrate interoperability between two different browser teams from the Candidate Recommendation. Rather than have the text lost, as it is likely some of these will be added back to the spec (like RSA-PSS), I propose that we add this to a "Proposed Algorithms" document that will be published as a Working Group Note. It will have no normative status and in the Working Group Note we can outline the criteria we will use to add specifications to the Working Group. Is the WG OK with this? If so, we'll set up a quick github repo for the text of the algorithms that are removed shortly. There was lots of comments over the lack of support for "non-NIST" elliptic curve cryptography. We resolved to eventually inlcude in our Recommendation whatever elliptic curves were recommended by the IRTF CFRG [1]. Note that since then the CFRG has recommended Curve 25519 for DH and for signatures. So I would further add Trevor Perrin's text for Curve 25519 [2] support to this "Proposed Algorithms" Note as well if he has time to update it and the editors and WG can check his description. In general, then after we exit Rec-phase the Working Group will go into "maintenance mode" and work over the mailing list (possibly meet over telecons infrequently (likely once or twice a year) to check on implementations. If two browsers have interop over algorthms that are well-defined in the Proposed Algorithm note, then we can move them into the spec via the process for editing Recs, which is (at least by W3C standards) fairly lightweight and does not require going back to Working Draft, but just editing the Candidate Recommendation. I would like to propose a call for consensus on this proposal at our next meeting, and can discuss it on tomorrow's teleconference if there is any questions. cheers, harry [1] https://lists.w3.org/Archives/Public/public-webcrypto/2014Sep/0011.html [2] http://www.w3.org/2012/webcrypto/WebCryptoCurve25519/Curve25519-WebCrypto.html [3] http://www.w3.org/2014/Process-20140801/#revised-cr
Received on Monday, 12 October 2015 01:29:13 UTC