Thanks for that message - I don't think I understood the point before. Frankly speaking, I don't think anyone else beyond your team understands what's going on either. So is the solution (1) either-or (2) both-and. I don't think that is the same from one group in W3C to another. (I include OID4xxx in that list) let's just get everyone on PQC. https://thequantuminsider.com/2025/05/21/microsoft-brings-post-quantum-cryptography-to-windows-and-linux-in-early-access-rollout/
Peace ..tom jones On Thu, May 22, 2025 at 1:42 PM 'Daniel Huigens' via blink-dev < blink-dev@chromium.org> wrote: > Hi Tom, > > Bit late to the party, but I wanted to mention that even in the transition > to PQC, Ed25519 is still relevant, in hybrid/composite constructions; the > idea being that you sign and verify with both algorithms, so that an > attacker would need to break both of them. > For example, see draft-ietf-lamps-pq-composite-sigs > <https://www.ietf.org/archive/id/draft-ietf-lamps-pq-composite-sigs-04.html> > and draft-ietf-openpgp-pqc > <https://www.ietf.org/archive/id/draft-ietf-openpgp-pqc-09.html>, both of > which define constructions combining ML-DSA and Ed25519/Ed448. > To quote the former: > > This document defines combinations of ML-DSA [FIPS.204] in hybrid with > traditional algorithms (...) Ed25519, and Ed448. These combinations are > tailored to meet security best practices and regulatory requirements. > Composite ML-DSA is applicable in any application (...) where the operator > wants extra protection against breaks or catastrophic bugs in ML-DSA. > > Since crypto.subtle is a low-level API, we want to define both components > of such a construction, so that libraries can implement them however > they're combined. > (A draft for the ML-DSA part of that is at > https://twiss.github.io/webcrypto-modern-algos/pqc.html, but that's less > far along.) > > Best, > Daniel > > > > Op zaterdag 12 april 2025 om 20:46:04 UTC+2 schreef Tom Jones: > >> to be clear - ED25519 is much faster than the quantum-resistant >> alternatives, but that does not make it long term secure. >> To be more specific, we could see an announcement any day that someone >> has developed a quantum computer that will break it. >> Or it could be 5 more years - who knows. >> Google and Microsoft are two of the companies trying to break it. >> >> https://hedera.com/blog/are-ed25519-keys-quantum-resistant-exploring-the-future-of-cryptography >> >> Peace ..tom jones >> >> >> On Fri, Apr 11, 2025 at 3:34 AM Anna Weine <nkul...@mozilla.com> wrote: >> >>> @Tom do you have any link/article/post about the Ed25519 deprecation? >>> I've not heard about that so I'm very curious. >>> >>> Thanks, >>> A >>> >>> On Thursday, April 10, 2025 at 9:12:39 PM UTC+2 Tom Jones wrote: >>> >>>> I have been hearing other teams asking to use this "new" crypto in >>>> other standards, but i cannot for the life of me understand why any effort >>>> is being put into a crypto scheme that will surely be deprecated (at least >>>> by the NSA) by the end of this year. I didn't object to adding it here >>>> until others started to add it to new protocols - which is CLEARLY A BAD >>>> IDEA. >>>> >>>> ..tomj >>>> >>>> On Wednesday, April 9, 2025 at 8:17:38 AM UTC-7 Chris Harrelson wrote: >>>> >>>>> LGTM3 >>>>> >>>>> On Thu, Apr 3, 2025 at 1:51 AM Yoav Weiss (@Shopify) < >>>>> yoav...@chromium.org> wrote: >>>>> >>>>>> LGTM2 >>>>>> >>>>>> On Wed, Apr 2, 2025, 16:18 Daniel Bratell <brat...@gmail.com> wrote: >>>>>> >>>>>>> LGTM1 >>>>>>> >>>>>>> /Daniel >>>>>>> On 2025-03-31 11:42, Javier Fernandez wrote: >>>>>>> >>>>>>> Contact emails jfern...@igalia.com >>>>>>> >>>>>>> Explainer >>>>>>> https://github.com/WICG/webcrypto-secure-curves/blob/main/explainer.md >>>>>>> >>>>>>> Specification https://w3c.github.io/webcrypto/#ed25519 >>>>>>> >>>>>>> Design docs >>>>>>> >>>>>>> https://docs.google.com/document/d/1fDTUY3HVAXehi-eSfbi7nxh8ZPw4MpSKM8U1fMdqJlU/edit?usp=sharing >>>>>>> >>>>>>> Summary >>>>>>> >>>>>>> This feature adds support for Curve25519 algorithms in the Web >>>>>>> Cryptography API, namely the signature algorithm Ed25519 >>>>>>> >>>>>>> >>>>>>> Blink component Blink >>>>>>> <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%22> >>>>>>> >>>>>>> TAG review https://github.com/w3ctag/design-reviews/issues/466 >>>>>>> >>>>>>> TAG review status Issues addressed >>>>>>> >>>>>>> Risks >>>>>>> >>>>>>> >>>>>>> Interoperability and Compatibility >>>>>>> >>>>>>> WebCrypto API was specified to allow the addition of new >>>>>>> (normalized) crypto algorithms. When an algorithm is not yet supported >>>>>>> by a >>>>>>> browser, an exception of unrecognized algorithms would be thrown after >>>>>>> invoking related APIs. >>>>>>> >>>>>>> >>>>>>> *Gecko*: Shipped/Shipping ( >>>>>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1804788) >>>>>>> https://www.mozilla.org/en-US/firefox/130.0/releasenotes/ >>>>>>> >>>>>>> *WebKit*: Shipped/Shipping ( >>>>>>> https://bugs.webkit.org/show_bug.cgi?id=246145) >>>>>>> https://developer.apple.com/documentation/safari-technology-preview-release-notes/stp-release-178 >>>>>>> >>>>>>> *Web developers*: No signals >>>>>>> >>>>>>> *Other signals*: >>>>>>> >>>>>>> WebView application risks >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> Debuggability >>>>>>> >>>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>>> Mac, Linux, ChromeOS, Android, and Android WebView)? Yes >>>>>>> >>>>>>> Is this feature fully tested by web-platform-tests >>>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>>> ? Yes >>>>>>> >>>>>>> >>>>>>> https://wpt.fyi/results/WebCryptoAPI?label=experimental&label=master&aligned >>>>>>> >>>>>>> >>>>>>> Flag name on about://flags WebCryptoEd25519 >>>>>>> >>>>>>> Finch feature name None >>>>>>> >>>>>>> Non-finch justification >>>>>>> >>>>>>> The feature has been implemented behind WebCryptoEd25519 runtime >>>>>>> flag. >>>>>>> >>>>>>> >>>>>>> Requires code in //chrome? False >>>>>>> >>>>>>> Tracking bug >>>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=1370697 >>>>>>> >>>>>>> Availability expectation The feature is already available on the >>>>>>> Web Platform, and shipped enabled by default in Firefox and Safari. >>>>>>> >>>>>>> Adoption expectation This feature is considered a best practice for >>>>>>> web apps that need support of Ed25519 signing and X25519 key sharing. >>>>>>> Relying on external libraries (JS, WASM) is the alternative and implies >>>>>>> security risks. >>>>>>> >>>>>>> Estimated milestones >>>>>>> Shipping on desktop 137 >>>>>>> Shipping on Android 137 >>>>>>> Shipping on WebView 137 >>>>>>> Shipping on iOS 137 >>>>>>> >>>>>>> Anticipated spec changes >>>>>>> >>>>>>> small-order checks - >>>>>>> https://github.com/WICG/webcrypto-secure-curves/issues/27 >>>>>>> >>>>>>> randomized signatures - >>>>>>> https://github.com/WICG/webcrypto-secure-curves/issues/28 >>>>>>> >>>>>>> Link to entry on the Chrome Platform Status >>>>>>> https://chromestatus.com/feature/4913922408710144?gate=5015367861141504 >>>>>>> >>>>>>> Links to previous Intent discussions Intent to Prototype: >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/faf4f153-1d4c-915d-53d0-0968833cfe55%40igalia.com >>>>>>> >>>>>>> >>>>>>> This intent message was generated by Chrome Platform Status >>>>>>> <https://chromestatus.com/>. >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/dc12dc7c-1d3d-4b94-9507-2b7226b85622%40igalia.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>>> -- >>>>>>> You received this message because you are subscribed to the Google >>>>>>> Groups "blink-dev" group. >>>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>>> send an email to blink-dev+...@chromium.org. >>>>>>> To view this discussion visit >>>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com >>>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d2e25048-e41b-47dd-b442-c0c403bb4d1c%40gmail.com?utm_medium=email&utm_source=footer> >>>>>>> . >>>>>>> >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+...@chromium.org. >>>>>> >>>>> To view this discussion visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAOmohSL4%2BSfY2%2BwYKK_MFrK3GXTMeeq0xrOD3pxdsN5P1Oa_Aw%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bba3ebd5-5391-4113-a0e2-c3e18c560f60n%40chromium.org > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/bba3ebd5-5391-4113-a0e2-c3e18c560f60n%40chromium.org?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK2Cwb4UGCiH_8Ze%3DG3Y5eB%3Dxb%2ByzSTCxW82iPsmiMJSkcGd%2Bw%40mail.gmail.com.
