- From: Eric Roman <ericroman@google.com>
- Date: Mon, 14 Sep 2015 14:04:28 -0700
- To: Harry Halpin <hhalpin@w3.org>
- Cc: "public-webcrypto@w3.org" <public-webcrypto@w3.org>
- Message-ID: <CAFswn4kU8vkyWn4rY3UPqmCx9QqXoPG3bsifWptDoJuWXtNO7w@mail.gmail.com>
On Mon, Sep 14, 2015 at 12:59 PM, Harry Halpin <hhalpin@w3.org> wrote: > An update from IETF/CFRG, as per discussion with Stephen Farrell, we do > have a draft security guidelines document. Once the algorithms in the > spec are settled, we can ship to CFRG and ask to be an informational > note [1]. W3C will take responsibility with INRIA for editing the note, > and will synchronize it to the ENISA report given the ENISA report has > wide review [2], but its coverage is different than the WebCrypto API > and it may not be updated quick enough. This should resolve the > objection from Rich Salz from Akamai. > > In terms of 'non-NIST' EC curves, note that the CFRG has reached > consensus on Curve 25519 (as earlier spec'ed by Trevor Perrin) and Curve > 448 for curves [1]. There is currently a vote on signatures open till > Sept 24th. However, I will also note that Mozilla is the only one > implementing (it seems) ECDSA and ECDH. Chrome implements ECDSA and ECDH too. See my previous email for the caveat about Chrome Linux algorithm support prior to 46. > Thus, the recommendation from > IETF is not to link our work directly in terms of any timeline to their > work, but simply as we in the WebCrypto WG agreed earlier 1) if there is > agreeement and 2) sufficient implementation then to move to add other > elliptic curves. > > cheers, > harry > > > [1] > > http://www.w3.org/2012/webcrypto/draft-irtf-cfrg-webcrypto-algorithms-00.txt > [2] > > https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/algorithms-key-size-and-parameters-report-2014 > [3] http://datatracker.ietf.org/doc/draft-irtf-cfrg-curves/ > > > >
Received on Monday, 14 September 2015 21:04:57 UTC