Thanks for taking the time to answer all my questions. LGTM1. Please continue working on getting the spec PR merged, although I understand that's waiting on reviewers so is largely out of your control.
On Tue, Nov 26, 2024 at 6:12 PM Javier Fernandez <jfernan...@igalia.com> wrote: > Hi. > > > Javier, can you speak to whether there's web platform test coverage for > the tricky issues that were discussed on the PR, e.g. the three listed in > your last comment? > > > > First of all, the PR is to merge both X25519 and Ed25519 algorithms. This > intent is just for the X25519, since the Ed25519 is still not ready and > needs more spec work. We all think that this work can be done as part of > the new Web Cryptography spec draft. > > The dertiveBits interop issue is the only one affecting the X25519 > algorithm. There were already tests, but I have added a few more as part of > bug fixes on the different browsers (mostly Firefox and Safari). I'm pretty > sure we have good coverage on this issue already. > > Let me use the email to clarify the other issues that were identified as > part of the PR discussion. Regarding the small-order checks, I have added > tests cases to cover the most important uses of small-order points. We > could add more if we want to be exhaustive. > > Finally, the random EdDSA signatures is still not clear enough to define > tests, IMHO. We had some in the past, which were useful to detect the > interop issue with WebKit. However, since WebKit considers this feature > mandatory, we have removed the tests that checked for a deterministic > signature. The Secure Curves spec doesn't explicitly states that the > signatures must be deterministic; it just refers to the RFC8032 paper > where the Ed25519 signing algorithm is specified. The CFRG has discussed > this issue and they are considering to take on a -bis document to modify > the Ed25519 algorithm, but we reached a consensus in the PR that we can > merge the current text, registering the issues about small-order points and > randomized signatures, and work on them as part of the Web Crypto spec > draft. > > > > > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-0QYqhqQc%3D5orxdE4pYQiRFpOybOzn8AmZQ-wB-E85fQ%40mail.gmail.com.
