#491: SM series algorithms in Web Cryptography

Visit on Github.

Opened Mar 31, 2020

Hello TAG!

I'm requesting a TAG review of adding support for SM series algorithms in WebCrypto.

Now the SM series algorithms have been accepted by ISO/IEC and widely used in many industries and fields. That's why we propose to add support for SM series algorithms in WebCrypto, just like RSA, SHA , AES , etc. The relevant information about this feature is listed below :

Extended information:

We'd prefer the TAG provide feedback as open issues in our GitHub repo for each point of feedback.

Discussions

Comment by @dbaron Mar 31, 2020 (See Github)

Would you be able to fill out the parts of our current issue template that you omitted?

Comment by @hober Apr 8, 2020 (See Github)

To expand on @dbaron's question, in order to do a review of this work we need to understand its provenance and how you expect it to / hope it will progress along the standards track.

Provenance

  • What is your organizational affiliation, @smx-gotoweb?
  • What organization or project is driving the design?
  • Who is funding this work?

Progression along the standards track

  • What is the group in which the incubation/design work on this is being done (or is intended to be done in the future)?
  • What is the group in which standardization of this work is intended to be done?

On this last question, and though the Web Cryptography Working Group is closed, my understanding is that "discussion around current and future work for the Web Crypto API should be happening on the <a href="mailto:public-web-security@w3.org">public-web-security@w3.org</a> mailing list" (according to the email announcing the WG's closure).

Comment by @xfq Apr 9, 2020 (See Github)

Related issue in the webcrypto repo: https://github.com/w3c/webcrypto/issues/231

Comment by @smx-gotoweb Apr 13, 2020 (See Github)

Thanks for the feedback!

Comment by @smx-gotoweb Apr 13, 2020 (See Github)

Hello TAG!

I'm requesting a TAG review of adding support for SM series algorithms in WebCrypto.

Now the SM series algorithms have been accepted by ISO/IEC and widely used in many industries and fields. That's why we propose to add support for SM series algorithms in WebCrypto, just like RSA, SHA , AES , etc. The relevant information about this feature is listed below :

Further details:

  • I have reviewed the TAG's API Design Principles
  • The group where the incubation/design work on this is being done (or is intended to be done in the future): unknown
  • The group where standardization of this work is intended to be done ("unknown" if not known): unknown
  • Existing major pieces of multi-stakeholder review or discussion of this design: N/A
  • Major unresolved issues with or opposition to this design: N/A
  • This work is being funded by: N/A

We'd prefer the TAG provide feedback as open issues in our GitHub repo for each point of feedback.

Comment by @smx-gotoweb Apr 24, 2020 (See Github)

This is Shane from browser team of 360. We have implemented the SM series algorithms in 360 browsers since 2017, the latest version is based on Chromium 78. We implemented the SM support mainly in boringssl module. QQ Browser, which is another China browser , claim that hey support the proposal and plan to implement on their futhure product.

Discussed Apr 27, 2020 (See Github)

Tess: This is a request to add a specific set of algorithms to the WebCrypto API... we asked them to fill out the missing bits of our issue template, and their answer left a lot of fields N/A or unknown.

... We got a response 4 days ago, from the person who filed the request, explaining that they are from the 360 browser. They mentioned the QQ browser also support the proposal.

... In the past the Web Cryptography WG have been reluctant to add this type of algorithm. If that WG still existed, they would be the right people to make this call, but they don't.

David: There has been some discussion about chartering a new Web Crypto WG; still uncertain about whether that will go ahead.

Tess: Is there something we can cite about best practices? It would be nice to be able to point to some kind of industry consensus.

(brief discussion of whether there's any IETF stuff written down)

David: In general, the consensus seems to be that we want fewer cryptography algorithm options, with a high bar for inclusion.

Tess: Let's come back to this in two weeks.

Discussed May 11, 2020 (See Github)

... discussion of web crypto...

When the web crypto group closed, they said to send future reqeuests to the public-web-security mailing list. We are hence going to close this issue and refer the requestor to that mailing list.

Discussed May 11, 2020 (See Github)

Tess: This doesn't seem to have a viable venue, given that the Web Crypto WG doesn't exist any more. These specs aren't being maintained, so it's unclear how this change would make it into the spec. Would be nice to get a sense from them that they see a way forward.

David: The WebCrypto group was disbanded because they finished their spec. Probably around 2017.

Tess: [standard complaint re: disbanding groups which define APIs that need to be maintained]

... Already raised the issue about venue in April. Not sure what to do with this.

... We're not the right people to help with process/governance issues, per our charter.

Tess: Let's take this one to plenary.

Comment by @hober May 13, 2020 (See Github)

Hi @smx-gotoweb,

We took a look at this in our teleconference this week.

Though the Web Cryptography Working Group is closed, according to the email announcing the WG's closure) "discussion around current and future work for the Web Crypto API should be happening on the public-web-security@w3.org mailing list." It doesn't look like you've yet taken this proposal to that mailing list for review by Web Crypto API experts. We strongly encourage you to do so.

If, after you've done so and had a chance to update your proposal based on the feedback you receive there, you'd like to come back to us for review, we'd be happy to take another look.