Selected ECC curves are not secure

[obogobo]

https://safecurves.cr.yp.to/

It would be great to see Ed25519 support in ECDH/ECDSA operations!

[sideshowbarker]

FYI, I closed #219 as a duplicate of this issue. The issue description there was this:

Blockchain applications increasingly use the EdDSA signature scheme combined with SHA-512 and Curve25519 (Ed25519). This ticket is a support request to add the scheme and curve in the webcrypto spec.

[lucacasonato]

Want to express positive implementer interest for curve25519 from the Deno team. We have gotten some user feedback requesting it.

[RangerMauve]

This would be very useful for a lot of peer to peer systems that are coming out.

[twiss]

Just to repeat what I wrote in https://github.com/w3c/webcrypto/issues/280#issuecomment-918401739, I've reached out to the browser vendors regarding Curve25519 and Curve448, and have gotten enough positive signals to justify moving forward with this, so I'll put together a proposal, present it to the WICG, and hopefully then it can get implemented and merged into this spec eventually.

[twiss]

There is now a draft spec for Curve25519 and Curve448 in Web Crypto, here: https://twiss.github.io/webcrypto-secure-curves/.

There is also an explainer (based on a previous proposal by Qingsi Wang to include Curve25519 in WebCrypto).

I've posted to the WICG about it here.

@panva, @jasnell, @lucacasonato, @littledivy, and anyone else who's interested, it would be great if you could take a look at it, and let me know if you have any feedback, either there or here.

[panva]

@twiss had a quick look.

The are numerous occurrences of Let algorithm be a new EcKeyAlgorithm, shouldn't those be Let algorithm be a new KeyAlgorithm instead?

[twiss]

@panva Yep, you're right. Fixed, thanks!

[panva]

@twiss what are the next steps for https://twiss.github.io/webcrypto-secure-curves?

[twiss]

Hey @panva :wave: I've looked a bit more into the WICG process and it turns out they're transitioning from Discourse to GitHub. So I've created an issue for this proposal here: https://github.com/WICG/proposals/issues/46. Hopefully we'll get some more engagement from the browsers there :blush:

Then, the goal is to hopefully move the repo to the WICG GitHub org, and once it has seen some adoption, merge it into the main spec here.

[twiss]

Just posting another update here, or rather two: the draft has been moved to WICG/webcrypto-secure-curves, and the new charter of the Web Application Security Working Group has been adopted, which says that "the WG may adopt well-supported proposals from incubation for maintenance of the Web Cryptography API". I've posted to the WebAppSec mailing list here to hopefully get some feedback and/or get the draft to be "well-supported" :)