Received: from sog-mx-3.v43.ch3.sourceforge.com ([172.29.43.193] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.76) (envelope-from ) id 1Xdxvj-000756-Ez for bitcoin-development@lists.sourceforge.net; Tue, 14 Oct 2014 08:58:07 +0000 Received-SPF: pass (sog-mx-3.v43.ch3.sourceforge.com: domain of gmail.com designates 209.85.217.175 as permitted sender) client-ip=209.85.217.175; envelope-from=melvincarvalho@gmail.com; helo=mail-lb0-f175.google.com; Received: from mail-lb0-f175.google.com ([209.85.217.175]) by sog-mx-3.v43.ch3.sourceforge.com with esmtps (TLSv1:RC4-SHA:128) (Exim 4.76) id 1Xdxvh-0002M6-Pd for bitcoin-development@lists.sourceforge.net; Tue, 14 Oct 2014 08:58:07 +0000 Received: by mail-lb0-f175.google.com with SMTP id u10so7880586lbd.34 for ; Tue, 14 Oct 2014 01:57:59 -0700 (PDT) MIME-Version: 1.0 X-Received: by 10.152.243.39 with SMTP id wv7mr3875846lac.48.1413277079045; Tue, 14 Oct 2014 01:57:59 -0700 (PDT) Received: by 10.112.63.202 with HTTP; Tue, 14 Oct 2014 01:57:58 -0700 (PDT) In-Reply-To: <543C097D.7060308@bluematt.me> References: <543C097D.7060308@bluematt.me> Date: Tue, 14 Oct 2014 10:57:58 +0200 Message-ID: From: Melvin Carvalho To: Matt Corallo Content-Type: multipart/alternative; boundary=001a113433c8440d9005055e3695 X-Spam-Score: -0.6 (/) X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain 0.0 FREEMAIL_FROM Sender email is commonly abused enduser mail provider (melvincarvalho[at]gmail.com) -0.0 SPF_PASS SPF: sender matches SPF record 1.0 HTML_MESSAGE BODY: HTML included in message -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature X-Headers-End: 1Xdxvh-0002M6-Pd Cc: Bitcoin Dev Subject: Re: [Bitcoin-development] Fwd: [Bug 24444] Named Curve Registry (adding secp256k1) X-BeenThere: bitcoin-development@lists.sourceforge.net X-Mailman-Version: 2.1.9 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 14 Oct 2014 08:58:07 -0000 --001a113433c8440d9005055e3695 Content-Type: text/plain; charset=UTF-8 FYI: "In order to progress towards exit to Last Call for the Web Crypto API, the chair suggests the following resolution for that bug. resolution : Bug CLOSED. This problem will be addressed by the extension bug 25618 https://www.w3.org/Bugs/Public/show_bug.cgi?id=25618. If none objects before the 20th of Oct @20:00 UTC, this resolution will be endorsed." On 13 October 2014 19:18, Matt Corallo wrote: > See-also: this related bug on Curve25519 and some MS Research curves > that generated far more discussion. > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 > > Matt > > On 10/13/14 10:01, Melvin Carvalho wrote: > > FYI: > > > > This is an issue I filed related to adding secp256k1 into Web Crypto API > > which will be implemented natively in (some) web browsers. > > > > If there is any feedback from crypto implementers, please feel free to > > add comments to this thread: > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=24444 > > > > ---------- Forwarded message ---------- > > From: ** > > > Date: 13 October 2014 09:18 > > Subject: [Bug 24444] Named Curve Registry (adding secp256k1) > > To: melvincarvalho@gmail.com > > > > > > https://www.w3.org/Bugs/Public/show_bug.cgi?id=24444 > > > > Myron Davis > changed: > > > > What |Removed |Added > > > ---------------------------------------------------------------------------- > > Status|RESOLVED |REOPENED > > CC| |myrond@gmail.com > > > > Resolution|NEEDSINFO |--- > > > > --- Comment #2 from Myron Davis > > --- > > Could this be looked at again? > > > > Last response was waiting for feedback from crypto implementors. > > > > Currently secp256k1 is supported in the following SSL/TLS libraries now > > Botan > > NSS > > openssl > > LibreSSL > > PolarSSL > > JSSE > > > > The three other curves are all all have parameters which do not define > > how they > > were generated. secp256k1 curve has some great advantages in faster > > signature > > verification and how the values were determined for the curve. (i.e. not > > random). > > > > http://www.ietf.org/rfc/rfc4492 > > > > The curve has had a lot of eyes on it with lots of hardware and software > > supporting this curve. > > > > With discovery of backdoor's in NIST's random number generator > > (https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html ) I > > would > > like to see a determined parameter curve instead of a "random" curve > option. > > > > Thanks > > > > -- > > You are receiving this mail because: > > You reported the bug. > > > > > > > > > ------------------------------------------------------------------------------ > > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > > http://p.sf.net/sfu/Zoho > > > > > > > > _______________________________________________ > > Bitcoin-development mailing list > > Bitcoin-development@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > > > > > ------------------------------------------------------------------------------ > Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer > Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports > Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://p.sf.net/sfu/Zoho > _______________________________________________ > Bitcoin-development mailing list > Bitcoin-development@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bitcoin-development > --001a113433c8440d9005055e3695 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
FYI:

"In order to progress towards exit to Las= t Call for the Web Crypto API, the
chair suggests the following resolution for that bug.

resolution : Bug CLOSED. This problem will be addressed by the extension bu= g
25618 https://www.w3.org/Bugs/Public/show_bug.cgi?id=3D25618.=

If none objects before the 20th of Oct @20:00 UTC, this resolution will be<= br> endorsed."

On 13 October 2014 19:18, Matt Corallo <bitcoin-list@bluematt.m= e> wrote:
See-also: this re= lated bug on Curve25519 and some MS Research curves
that generated far more discussion.

https://www.w3.org/Bugs/Public/show_bug.cgi?id=3D25839

Matt

On 10/13/14 10:01, Melvin Carvalho wrote:
> FYI:
>
> This is an issue I filed related to adding secp256k1 into Web Crypto A= PI
> which will be implemented natively in (some) web browsers.
>
> If there is any feedback from crypto implementers, please feel free to=
> add comments to this thread:
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=3D24444 >
> ---------- Forwarded message ----------
> From: ** <bugzilla@jessica.w3.org <mailto:bugzilla@jessica.w3.org>>
> Date: 13 October 2014 09:18
> Subject: [Bug 24444] Named Curve Registry (adding secp256k1)
> To: melvincarvalho@gmail.com <mailto:melvincarvalho@gmail.com>
>
>
> https://www.w3.org/Bugs/Public/show_bug.cgi?id=3D24444 >
> Myron Davis <myrond@gmai= l.com <mailto:myrond@gmail.com>> changed:
>
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 What=C2=A0 =C2=A0 |Removed=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|A= dded
> ----------------------------------------------------------------------= ------
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Status|RESOLVED=C2=A0 = =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 |REOPENED >=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 CC|=C2= =A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 = =C2=A0 =C2=A0 =C2=A0 |myrond@gmail.com<= /a>
> <mailto:myrond@gmail.com= >
>=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 Resolution|NEEDSINF= O=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0|---<= br> >
> --- Comment #2 from Myron Davis <myrond@gmail.com
> <mailto:myrond@gmail.com= >> ---
> Could this be looked at again?
>
> Last response was waiting for feedback from crypto implementors.
>
> Currently secp256k1 is supported in the following SSL/TLS libraries no= w
> Botan
> NSS
> openssl
> LibreSSL
> PolarSSL
> JSSE
>
> The three other curves are all all have parameters which do not define=
> how they
> were generated.=C2=A0 secp256k1 curve has some great advantages in fas= ter
> signature
> verification and how the values were determined for the curve.=C2=A0 (= i.e. not
> random).
>
> http://w= ww.ietf.org/rfc/rfc4492
>
> The curve has had a lot of eyes on it with lots of hardware and softwa= re
> supporting this curve.
>
> With discovery of backdoor's in NIST's random number generator=
> (https://www.schneier.com/blog/archives/2007/11= /the_strange_sto.html ) I
> would
> like to see a determined parameter curve instead of a "random&quo= t; curve option.
>
> Thanks
>
> --
> You are receiving this mail because:
> You reported the bug.
>
>
>
> ----------------------------------------------------------= --------------------
> Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
> Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Repor= ts
> Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper > Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer > http://p.sf.net= /sfu/Zoho
>
>
>
> _______________________________________________
> Bitcoin-development mailing list
> Bitcoin-d= evelopment@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/bitco= in-development
>

---------------------------------------------------------------------------= ---
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://p.sf.net/sfu/= Zoho
_______________________________________________
Bitcoin-development mailing list
Bitcoin-develo= pment@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/bitcoin-de= velopment

--001a113433c8440d9005055e3695--