-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 As a (hopefully final) note to this particular issue, please note the resolution at:
https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839#c64 The NSA co-chair is resigning, and it appears the Working Groups are moving ahead without the involvement of that co-chair, for example: (see comments 61 and 62 at) https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618#c61 Cheers, - -Odinn odinn wrote: > For those of you on this list who have been watching the progress > of things relating to the W3C coordinated process for the WebCrypto > API, you know that a lot of work and thought has gone into this and > it is an impressive collaboration. > > But with the IETF CFRG (Crypto Forum Research Group) still being > co-chaired by an agent of the NSA (n1), anything that passes > through that organization must be questioned at this time. (In the > unlikely event that the CFRG page is censored after this message is > sent, I've included the names and e-mail addresses of the current > co-chairs as part of this message as they currently appear on the > CFRG's site, where their names and e-mail addresses have been > sitting in full public view for a very long time (n2)). > > As some of you already know, people within the Crypto Forum > Research Group have tried (so far unsuccessfully) since last year > (n1, n2, n3) to remove the NSA Co-chair. It should not matter who > the person is, but the issue is that having anyone who is in the > employ of or affiliated with the NSA chair (or co-chair) a research > group whose purpose it is to advise all IETF Working Groups, is > highly problematic for reasons which now should be obvious to > anyone reading this message. > > Currently the WebCrypto API is approaching its last call ~ it's in > a process of being finalized. For those who are not sure what the > WebCrypto API is, it's one of those things that is designed to > basically help make ordinary webpages that you see work, and > includes the definition of cryptographic primitives that make your > internet go. That's a terrible description actually, but if you > want a better or more comprehensive description of WebCrypto API in > plain English, consider reading poulpita's blog (n4). It's also > described at a W3C page as a "JavaScript API for performing basic > cryptographic operations in web applications, such as hashing, > signature generation and verification, and encryption and > decryption. Additionally, it describes an API for applications to > generate and/or manage the keying material necessary to perform > these operations. Uses for this API range from user or service > authentication, document or code signing, and the confidentiality > and integrity of communications." (n5) > > But the WebCrypto API Doc process and, and indeed the legitimacy > of the WebCrypto API itself, should be questioned and doubted, for > the WebCrypto group has recently held off on including the > widely-used curve25519 within NamedCurve dictionaries or as part of > its extensibility and errata process, until the (NSA co-chaired) > Crypto Forum Research Group gives W3C the go-ahead. For further > information and confirmation on this, see (n6) below. > > If you are concerned about this, check out the message thread > discussing attempts to remove the NSA co-chair (n3) and consider > posting to the CFRG list (n7) about it once you subscribe. > > NSA affiliated persons need to be removed from groups that > influence the direction of the entire web. I hope those who receive > this message will organize to help make that happen. > > (n1) https://irtf.org/cfrg (n2) From CFRG's public webpage (n1) as > of Oct. 20, 2014: "CFRG is chaired by Kevin Igoe ([email protected]), > Kenny Paterson ([email protected]) and Alexey Melnikov > ([email protected])." (n3) > http://www.ietf.org/mail-archive/web/cfrg/current/msg03554.html > (n4) http://poulpita.com/2014/08/28/w3c-web-crypto-whats-next/ (n5) > https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html > > (n6) https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 (see in > particular: comments 11, 12, 48, and 59 through 63 on that page) > (n7) https://irtf.org/mailman/listinfo/cfrg > - -- http://abis.io ~ "a protocol concept to enable decentralization and expansion of a giving economy, and a new social good" https://keybase.io/odinn -----BEGIN PGP SIGNATURE----- iQEcBAEBCgAGBQJUSUlfAAoJEGxwq/inSG8CXBoH/jKUuteQ7/C74ujLvBwDU7E4 1tzrpkob/3QU1YnGkL8if1hzqdOBbSeqqfE6WNxEspFsUy0qqcrAynX7LyhxAA/4 aUZtmHOXEz3uYK3aWSAsA8FFSBYbRnnjEykINwFmnvG9owVWCohVyIzkmIkt4Ur4 0d8oHmRc+2GwW4qZUArm+N0UzedhVIRhoSG9llI61bnAQOq8+IF89B6Gq7pMgWZ1 vZO4F2iLqzyi6FxCUbI6GnSfGojIqyKTJPRz1Y686aini43if1a5+sakoBY1ss0Z BgrLHItCO+f7088kJqNSr7jPB0BQGAUB0fBsnMlhUzDzhHIGotNP3/0ssv+qo9M= =6FWE -----END PGP SIGNATURE-----
