Re: Transition to PR: New "Proposed Algorithm" note for algorithms without interop (and Curve 25519 from CFRG) from Ryan Sleevi on 2015-10-12 (public-webcrypto@w3.org from October 2015)

From: Ryan Sleevi <sleevi@google.com>
Date: Mon, 12 Oct 2015 08:52:29 -0700
To: Harry Halpin <hhalpin@w3.org>
Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
Message-ID: <CACvaWvbm8ZAgaUXsNSLdFkTqiAhouO8wP92YfwfLpc_DbqMcKg@mail.gmail.com>

On Sun, Oct 11, 2015 at 6:29 PM, Harry Halpin <hhalpin@w3.org> wrote:

> WebCrypto Working Group,
>
> We still have two formal objections that we have to prove are properly
> resolved to progress out of Candidate Recommendation phase and
> algorithms in the spec have to show interoperable implementation to get
> out CR.
>
> So as part of our transition to we have is that some algorithms are
> going to removed, including some we might add back in shortly like
> RSA-PSS. However, as part of the effort we would like to take all
> algorithms that cannot demonstrate interoperability between two
> different browser teams from the Candidate Recommendation. Rather than
> have the text lost, as it is likely some of these will be added back to
> the spec (like RSA-PSS), I propose that we add this to a "Proposed
> Algorithms" document that will be published as a Working Group Note. It
> will have no normative status and in the Working Group Note we can
> outline the criteria we will use to add specifications to the Working
> Group. Is the WG OK with this?
>

It is unclear the value of this, other than perhaps some process working
flow?


> There was lots of comments over the lack of support for "non-NIST"
> elliptic curve cryptography. We resolved to eventually inlcude in our
> Recommendation whatever elliptic curves were recommended by the IRTF
> CFRG [1]. Note that since then the CFRG has recommended Curve 25519 for
> DH and for signatures. So  I would further add Trevor Perrin's text for
> Curve 25519 [2]  support to this "Proposed Algorithms" Note as well if
> he has time to update it and the editors and WG can check his description.
>

I do not, and the CFRG's recommendation is still without final consensus on
spec that would be necessary before finalizing such text.

A Proposed Note suffers from the same issues of CR/PR, namely, that it's
perceived as frozen in time (even though the web never freezes), so given
that we know it's not in a place to be frozen, it's unclear how to
reconcile that.


> I would like to propose a call for consensus on this proposal at our
> next meeting, and can discuss it on tomorrow's teleconference if there
> is any questions.
>

Our workmode is that we reach consensus on the mailing lists, as has been
repeatedly established :)

Received on Monday, 12 October 2015 15:52:59 UTC