For those of you on this list who have been watching the progress of things relating to the W3C coordinated process for the WebCrypto API, you know that a lot of work and thought has gone into this and it is
an impressive collaboration.
But with the IETF CFRG (Crypto Forum Research Group) still being co-chaired by an agent of the NSA (n1), anything that passes through that organization must be questioned at this time. (In the unlikely event that the CFRG page is censored after this message is sent, I’ve included the names and e-mail addresses of the current co-chairs as part of this message as they currently appear on the CFRG’s site, where their names and e-mail addresses have been sitting in full public view for a very long time (n2)).
As some of you already know, people within the Crypto Forum Research Group have tried (so far unsuccessfully) since last year (n1, n2, n3) to remove the NSA Co-chair. It should not matter who the person is, but the issue is that having anyone who is in the employ of or affiliated with the NSA chair (or co-chair) a research group whose purpose it is to advise all IETF Working Groups, is highly problematic for reasons which now should be obvious to anyone reading this message.
But the WebCrypto API Doc process and, and indeed the legitimacy of the WebCrypto API itself, should be questioned and doubted, for the WebCrypto group has recently held off on including the widely-used curve25519 within NamedCurve dictionaries or as part of its extensibility and errata process, until the (NSA co-chaired) Crypto Forum Research Group gives W3C the go-ahead. For further information and confirmation on this, see (n6) below.
If you are concerned about this, check out the message thread discussing attempts to remove the NSA co-chair (n3) and consider posting to the CFRG list (n7) about it once you subscribe.
NSA affiliated persons need to be removed from groups that influence the direction of the entire web. I hope those who receive this message will organize to help make that happen.
(n2) From CFRG’s public webpage (n1) as of Oct. 20, 2014: “CFRG is chaired by Kevin Igoe (kmigoe at nsa.gov), Kenny Paterson (kenny.paterson at rhul.ac.uk) and Alexey Melnikov (alexey.melnikov at isode.com).”
(n6) https://www.w3.org/Bugs/Public/show_bug.cgi?id=25839 (see in particular: comments 11, 12, 48, and 59 through 63 on that page)