The Community Cryptography Specification Project (C2SP) is a project that facilitates the maintenance of cryptography specifications using software development methodologies. In other words, C2SP applies the successful processes of open source software development and maintenance to specification documents.
- C2SP decisions are not based on consensus. Instead, each spec is developed by its maintainers, who are responsible for reviewing and accepting changes, just like open source projects. This enables rapid, focused, and opinionated development. Since C2SP produces specifications, not standards, technical disagreements can be ultimately be resolved by forking.
- C2SP specs are updateable, and follow semantic versioning. Most specifications are expected to start at v0.x.x while in “draft” stage, then stay at v1.x.x for as long as they maintain backwards compatibility, ideally forever. Drafts are expected to bump the minor version on breaking changes.
- C2SP documents are developed as Markdown files on GitHub, and can include ancillary files such as test vectors and non-production reference implementations.
A small team of stewards maintains the overall project, enforces the C2SP Code of Conduct, assigns new specifications to proposed maintainers, and may intervene in case of maintainer conflict or to replace lapsed maintainers, but they are otherwise not involved in the development of individual specs (in their steward capacity).
Versions are tracked as git tags of the form <spec-name>/vX.Y.Z like
age/v1.2.3.
Specifications should be linked using their c2sp.org short-links.
https://c2sp.org/<spec-name> and https://c2sp.org/<spec-name>@<version> are
supported. (The former currently redirects to the specification in the main
branch, this may change in the future to the latest tagged version of the spec.)
GitHub URLs should not be considered stable.
All C2SP specifications are licensed under CC BY 4.0. All code and data in this repository is licensed under the BSD 1-Clause License (LICENSE-BSD-1-CLAUSE).
| Name | Description | |
|---|---|---|
c2sp.org/age |
File encryption format | Maintainers |
c2sp.org/age-plugin |
The age plugin stdio protocol | Maintainers |
c2sp.org/chacha8rand |
Fast cryptographic random number generator | Maintainers |
c2sp.org/https-bastion |
Bastion (reverse proxy) protocol for exposing HTTPS services | Maintainers |
c2sp.org/jq255 |
Prime order groups, key exchange, and signatures | Maintainers |
c2sp.org/signed-note |
Cleartext signed messages | Maintainers |
c2sp.org/static-ct-api |
Static asset-based Certificate Transparency logs | Maintainers |
c2sp.org/tlog-checkpoint |
Interoperable transparency log signed tree heads | Maintainers |
c2sp.org/tlog-cosignature |
Witness cosignatures for transparency log checkpoints | Maintainers |
c2sp.org/tlog-tiles |
Static asset-based transparency log | Maintainers |
c2sp.org/tlog-witness |
HTTP protocol to obtain transparency log witness cosignatures | Maintainers |
c2sp.org/vrf-r255 |
Simplified ristretto255-based ECVRF ciphersuite | Maintainers |
c2sp.org/XAES-256-GCM |
Extended-nonce AEAD from NIST-approved components | Maintainers |
The C2SP organization hosts three other testing-focused projects:
-
Wycheproof, a large library of tests for cryptographic libraries against known attacks.
-
CCTV, the Community Cryptography Test Vectors, a repository of reusable test vectors.
-
x509-limbo, a suite of tests for X.509 certificate path validation.