Hi,
Thank you all for reviewing the request.
I just wanted to inform that the PR to add the X25519 and Ed25519 into
the WebCrytpo specification has been merged already.
https://github.com/w3c/webcrypto/pull/362#issuecomment-2519927404
On 2/12/24 3:11, Domenic Denicola wrote:
Thanks for taking the time to answer all my questions. LGTM1.
Please continue working on getting the spec PR merged, although I
understand that's waiting on reviewers so is largely out of your control.
On Tue, Nov 26, 2024 at 6:12 PM Javier Fernandez
<jfernan...@igalia.com> wrote:
Hi.
Javier, can you speak to whether there's web platform test
coverage for the tricky issues that were discussed on the PR,
e.g. the three listed in your last comment?
First of all, the PR is to merge both X25519 and Ed25519
algorithms. This intent is just for the X25519, since the Ed25519
is still not ready and needs more spec work. We all think that
this work can be done as part of the new Web Cryptography spec draft.
The dertiveBits interop issue is the only one affecting the X25519
algorithm. There were already tests, but I have added a few more
as part of bug fixes on the different browsers (mostly Firefox and
Safari). I'm pretty sure we have good coverage on this issue already.
Let me use the email to clarify the other issues that were
identified as part of the PR discussion. Regarding the small-order
checks, I have added tests cases to cover the most important uses
of small-order points. We could add more if we want to be exhaustive.
Finally, the random EdDSA signatures is still not clear enough to
define tests, IMHO. We had some in the past, which were useful to
detect the interop issue with WebKit. However, since WebKit
considers this feature mandatory, we have removed the tests that
checked for a deterministic signature. The Secure Curves spec
doesn't explicitly states that the signatures must be
deterministic; it just refers to the RFC8032 paper where the
Ed25519 signing algorithm is specified. The CFRG has discussed
this issue and they are considering to take on a -bis document to
modify the Ed25519 algorithm, but we reached a consensus in the PR
that we can merge the current text, registering the issues about
small-order points and randomized signatures, and work on them as
part of the Web Crypto spec draft.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it,
send an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google
Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send
an email to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-0QYqhqQc%3D5orxdE4pYQiRFpOybOzn8AmZQ-wB-E85fQ%40mail.gmail.com
<https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-0QYqhqQc%3D5orxdE4pYQiRFpOybOzn8AmZQ-wB-E85fQ%40mail.gmail.com?utm_medium=email&utm_source=footer>.
--
You received this message because you are subscribed to the Google Groups
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to blink-dev+unsubscr...@chromium.org.
To view this discussion visit
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/803669d3-8f1d-4fcf-af35-1c81db1fcf38%40igalia.com.
