LGTM2 On Sun, Dec 1, 2024 at 9:11 PM Domenic Denicola <dome...@chromium.org> wrote:
> Thanks for taking the time to answer all my questions. LGTM1. > > Please continue working on getting the spec PR merged, although I > understand that's waiting on reviewers so is largely out of your control. > > On Tue, Nov 26, 2024 at 6:12 PM Javier Fernandez <jfernan...@igalia.com> > wrote: > >> Hi. >> >> >> Javier, can you speak to whether there's web platform test coverage for >> the tricky issues that were discussed on the PR, e.g. the three listed in >> your last comment? >> >> >> >> First of all, the PR is to merge both X25519 and Ed25519 algorithms. This >> intent is just for the X25519, since the Ed25519 is still not ready and >> needs more spec work. We all think that this work can be done as part of >> the new Web Cryptography spec draft. >> >> The dertiveBits interop issue is the only one affecting the X25519 >> algorithm. There were already tests, but I have added a few more as part of >> bug fixes on the different browsers (mostly Firefox and Safari). I'm pretty >> sure we have good coverage on this issue already. >> >> Let me use the email to clarify the other issues that were identified as >> part of the PR discussion. Regarding the small-order checks, I have added >> tests cases to cover the most important uses of small-order points. We >> could add more if we want to be exhaustive. >> >> Finally, the random EdDSA signatures is still not clear enough to define >> tests, IMHO. We had some in the past, which were useful to detect the >> interop issue with WebKit. However, since WebKit considers this feature >> mandatory, we have removed the tests that checked for a deterministic >> signature. The Secure Curves spec doesn't explicitly states that the >> signatures must be deterministic; it just refers to the RFC8032 paper >> where the Ed25519 signing algorithm is specified. The CFRG has discussed >> this issue and they are considering to take on a -bis document to modify >> the Ed25519 algorithm, but we reached a consensus in the PR that we can >> merge the current text, registering the issues about small-order points and >> randomized signatures, and work on them as part of the Web Crypto spec >> draft. >> >> >> >> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/335cdfd2-11f3-49ac-8bf4-3ed5ad9bab03%40igalia.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-0QYqhqQc%3D5orxdE4pYQiRFpOybOzn8AmZQ-wB-E85fQ%40mail.gmail.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAM0wra-0QYqhqQc%3D5orxdE4pYQiRFpOybOzn8AmZQ-wB-E85fQ%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY8XWxJOVhq%3DVirPxOk1aH7Oe3ci-eD9O%2BLr409MyoKhqQ%40mail.gmail.com.
