The RFC type requested is Informational. The type of RFC is indicated on the
page header. This is an informational document that describes how different
types of elliptic curve representations can be interchanged so that they can
use the same underlying implementation without many changes. Hence the
requested RFC type is correct.
Technical Summary: The draft provides information on how Montgomery and
(twisted) Edwards curves can be represented in the short-Weierstrass format.
More specifically, it describes how points on Curve25519 and Edwards25519
specified in RFC7748 can be represented as points on a curve called Wei25519.
This allows the re-use of the same underlying cryptographic implementation for
supporting different curves.
Working Group Summary: Several security people in the working group explicitly
highlighted their interest in this draft. This included Tero Kivinen, Hannes
Tschofenig, and Carsten Bormann. Since this draft is crypto-heavy only a few
working group members were able to provide detailed reviews. Nikolas Rösener
has reviewed and implemented the draft. No objections were raised against this
draft at any stage in the working group.
Document Quality: There is one known open implementation of the draft which is
also noted in section 7. The document was sent to the Crypto Review Panel for
review through Alexey Melnikov. Stanislav Smyshlyaev reviewed the entire
document and the formulae. All the minor comments from Stanislav and his team
were addressed by the author.
The document shepherd is Mohit Sethi. The Area Director is Erik Kline.
The document shepherd reviewed the document. The document shepherd relies on
the review from the Crypto Review Panel for correctness of all the formulae
listed. The document could benefit from an additional round of review from the
Security directorate.
The author has confirmed that he is not aware of any IPR on this draft.
The WG considers that the problem addressed in the document is relevant,
especially for platforms where the amount of code is a concern. The WG as a
whole does understand the problem addressed in the draft, however only a few
individuals understand the details. No one has threatened any appeal or
indicated extreme discontent. No nits were found by the document shepherd. No
other automated checks were performed by the document shepherd.
The categorization of informative and normative references seems to be correct.
All normative references are to published ANSI, NIST, and IETF standards. No
downward normative references exist. The publication of this document will not
lead to change of status on any existing RFCs.
No new IANA registries are created. The document defines registers alternative
representations (Wei25519) in the corresponding COSE and JOSE registries. The
values requested require "Standards Action With Expert Review" however the
requested RFC type is Informational. However, Jim Schaad who is one of the
experts for the IANA registries has stated in a private email thread that the
IANA section of this draft looks correct.
Note (10th May 2021): The shepherd writeup did not capture which version of the
draft was reviewed by Stanislav Smyshlyaev (and his team) in the Crypto Forum
Review Panel. Version -04 of the document was last reviewed by the panel.
Note (10th May 2021): The draft was temporarily changed to standards track
because IANA registrations requested required "Standards Action With Expert
Review". The draft is now changed back to informational with the hope that the
IESG can make an exception since most crypto-heavy documents are published
traditionally published as informational.