From edb3a4a26a0b0293a5c27b4f17c732578d066901 Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Wed, 21 Aug 2024 17:21:42 -0400
Subject: [PATCH 1/8] Create additional_cypto_cbor_libs.md

---
 rfcs/additional_cypto_cbor_libs.md | 34 ++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 rfcs/additional_cypto_cbor_libs.md

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
new file mode 100644
index 00000000..e3225033
--- /dev/null
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -0,0 +1,34 @@
+# RFC 208: additional crypto and CBOR libraries
+
+## Summary
+
+Several new web APIs require additional cryptography and CBOR libraries to
+properly test. These libraries are to support cryptography and the CBOR
+protocols not otherwise supported in JavaScript or Python, namely Ed25519,
+HPKE, and CBOR. There are open source libraries commonly available that
+implement these protocols and have compatible licenses. This RFC proposes
+adding such libraries to the tools/ directory so that web-platform-tests may
+exercise and verify proper compatible implementations of these new web APIs.
+
+## Details
+
+We're proposing adding these libraries (or some very similar ones) to the
+tools/ directory:
+
+An Ed25519 Python implementation:
+https://github.com/pyca/ed25519/blob/main/ed25519.py
+
+An HPKE JavaScript implementation:
+https://github.com/dajiaji/hpke-js
+
+A CBOR JavaScript implementation:
+https://github.com/paroga/cbor-js/blob/master/cbor.js
+
+## Risks
+
+Users of these libraries may need to update them from time to time if new
+functionality or fixes are required. This is likely not a big risk.
+
+The HPKE library proposed may require inclusion some other dependent
+libraries and uses deno to build into a single JavaScript file. Perhaps
+we can build it in ways similar to other web-platform-tests.

From 31edd1d68500cb5b1a6c58f5ee0203856bccce7a Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Thu, 22 Aug 2024 14:18:57 -0400
Subject: [PATCH 2/8] clarify note on transpiling

---
 rfcs/additional_cypto_cbor_libs.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index e3225033..d67e4628 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -29,6 +29,6 @@ https://github.com/paroga/cbor-js/blob/master/cbor.js
 Users of these libraries may need to update them from time to time if new
 functionality or fixes are required. This is likely not a big risk.
 
-The HPKE library proposed may require inclusion some other dependent
+The HPKE library proposed may require inclusion of some other dependent
 libraries and uses deno to build into a single JavaScript file. Perhaps
-we can build it in ways similar to other web-platform-tests.
+it's simplest to commit the single transpiled JavaScript file.

From e78ffacfa10dad8a6a3a396ad973001c0a43f6db Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Thu, 22 Aug 2024 15:17:31 -0400
Subject: [PATCH 3/8] add usage details

---
 rfcs/additional_cypto_cbor_libs.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index d67e4628..d96a77e0 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -18,12 +18,16 @@ tools/ directory:
 An Ed25519 Python implementation:
 https://github.com/pyca/ed25519/blob/main/ed25519.py
 
+The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.
+
 An HPKE JavaScript implementation:
 https://github.com/dajiaji/hpke-js
 
 A CBOR JavaScript implementation:
 https://github.com/paroga/cbor-js/blob/master/cbor.js
 
+The HPKE and CBOR libraries are used by test code to decrypt and decode data coming from JavaScript APIs to verify their contents, and used by test code to encode and encrypt response data.
+
 ## Risks
 
 Users of these libraries may need to update them from time to time if new

From cb6ff54903c09b1d581a1550b463bf98609becb5 Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Fri, 23 Aug 2024 14:56:54 -0400
Subject: [PATCH 4/8] add example APIs

---
 rfcs/additional_cypto_cbor_libs.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index d96a77e0..6c0bd41c 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -3,7 +3,10 @@
 ## Summary
 
 Several new web APIs require additional cryptography and CBOR libraries to
-properly test. These libraries are to support cryptography and the CBOR
+properly test, for example the Protected Audience Additional Bids feature [0]
+uses Ed25519 signatures, the Protected Audience Key-Value services [1] and
+Bidding and Auction services [2] use CBOR data encoding and HPKE encryption.
+These additional libraries are to support cryptography and the CBOR
 protocols not otherwise supported in JavaScript or Python, namely Ed25519,
 HPKE, and CBOR. There are open source libraries commonly available that
 implement these protocols and have compatible licenses. This RFC proposes
@@ -36,3 +39,7 @@ functionality or fixes are required. This is likely not a big risk.
 The HPKE library proposed may require inclusion of some other dependent
 libraries and uses deno to build into a single JavaScript file. Perhaps
 it's simplest to commit the single transpiled JavaScript file.
+
+[0] https://github.com/WICG/turtledove/blob/main/FLEDGE.md#623-additional-bid-keys 
+[1] https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md#query-api-version-2
+[2] https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md

From d236bb82eee9be7393feacadccee9f8875d32cc9 Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Tue, 27 Aug 2024 16:31:50 -0400
Subject: [PATCH 5/8] Update additional_cypto_cbor_libs.md

---
 rfcs/additional_cypto_cbor_libs.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index 6c0bd41c..7aa80936 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -21,7 +21,7 @@ tools/ directory:
 An Ed25519 Python implementation:
 https://github.com/pyca/ed25519/blob/main/ed25519.py
 
-The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.
+The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.  This library is CC0 licensed.
 
 An HPKE JavaScript implementation:
 https://github.com/dajiaji/hpke-js
@@ -29,7 +29,7 @@ https://github.com/dajiaji/hpke-js
 A CBOR JavaScript implementation:
 https://github.com/paroga/cbor-js/blob/master/cbor.js
 
-The HPKE and CBOR libraries are used by test code to decrypt and decode data coming from JavaScript APIs to verify their contents, and used by test code to encode and encrypt response data.
+The HPKE and CBOR libraries are used by test code to decrypt and decode data coming from JavaScript APIs to verify their contents, and used by test code to encode and encrypt response data.  These libraries and all of their included dependencies are MIT licensed.
 
 ## Risks
 

From 606ed05b68218e4a599f56683d9957190c44eb5b Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Wed, 28 Aug 2024 13:30:39 -0400
Subject: [PATCH 6/8] Update additional_cypto_cbor_libs.md

---
 rfcs/additional_cypto_cbor_libs.md | 18 +++++++++++-------
 1 file changed, 11 insertions(+), 7 deletions(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index 7aa80936..191bd0dd 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -10,22 +10,27 @@ These additional libraries are to support cryptography and the CBOR
 protocols not otherwise supported in JavaScript or Python, namely Ed25519,
 HPKE, and CBOR. There are open source libraries commonly available that
 implement these protocols and have compatible licenses. This RFC proposes
-adding such libraries to the tools/ directory so that web-platform-tests may
-exercise and verify proper compatible implementations of these new web APIs.
+adding such libraries to the tools/ directory (for the Python library) and
+to a <spec>/third_party/ directory [3] (for the JavaScript libraries) so
+that web-platform-tests may exercise and verify proper compatible
+implementations of these new web APIs.
 
 ## Details
 
-We're proposing adding these libraries (or some very similar ones) to the
-tools/ directory:
+We're proposing adding this library to the tools/ directory:
 
 An Ed25519 Python implementation:
 https://github.com/pyca/ed25519/blob/main/ed25519.py
 
 The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.  This library is CC0 licensed.
 
+We're proposing adding these libraries to a third_party/ subdirectory under our spec directory as per this advice [3]:
+
 An HPKE JavaScript implementation:
 https://github.com/dajiaji/hpke-js
 
+This library has some dependencies, so we're proposing building/transpiling into a single hpke.js file.
+
 A CBOR JavaScript implementation:
 https://github.com/paroga/cbor-js/blob/master/cbor.js
 
@@ -36,10 +41,9 @@ The HPKE and CBOR libraries are used by test code to decrypt and decode data com
 Users of these libraries may need to update them from time to time if new
 functionality or fixes are required. This is likely not a big risk.
 
-The HPKE library proposed may require inclusion of some other dependent
-libraries and uses deno to build into a single JavaScript file. Perhaps
-it's simplest to commit the single transpiled JavaScript file.
+The HPKE library, once built/transpiled into one JavaScript file, may be slightly harder to debug, but we'll disable minification when building.
 
 [0] https://github.com/WICG/turtledove/blob/main/FLEDGE.md#623-additional-bid-keys 
 [1] https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md#query-api-version-2
 [2] https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md
+[3] https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539

From 4c0957dfc825a27a33fcbfab057f97478df3d850 Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Thu, 29 Aug 2024 07:38:04 -0400
Subject: [PATCH 7/8] use markdown link instead of footnotes

---
 rfcs/additional_cypto_cbor_libs.md | 15 +++++----------
 1 file changed, 5 insertions(+), 10 deletions(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index 191bd0dd..5ec82608 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -3,15 +3,15 @@
 ## Summary
 
 Several new web APIs require additional cryptography and CBOR libraries to
-properly test, for example the Protected Audience Additional Bids feature [0]
-uses Ed25519 signatures, the Protected Audience Key-Value services [1] and
-Bidding and Auction services [2] use CBOR data encoding and HPKE encryption.
+properly test, for example the [Protected Audience Additional Bids feature](https://github.com/WICG/turtledove/blob/main/FLEDGE.md#623-additional-bid-keys )
+uses Ed25519 signatures, the [Protected Audience Key-Value services](https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md#query-api-version-2) and
+[Bidding and Auction services](https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md) use CBOR data encoding and HPKE encryption.
 These additional libraries are to support cryptography and the CBOR
 protocols not otherwise supported in JavaScript or Python, namely Ed25519,
 HPKE, and CBOR. There are open source libraries commonly available that
 implement these protocols and have compatible licenses. This RFC proposes
 adding such libraries to the tools/ directory (for the Python library) and
-to a <spec>/third_party/ directory [3] (for the JavaScript libraries) so
+to a [<spec>/third_party/ directory (for the JavaScript libraries)](https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539) so
 that web-platform-tests may exercise and verify proper compatible
 implementations of these new web APIs.
 
@@ -24,7 +24,7 @@ https://github.com/pyca/ed25519/blob/main/ed25519.py
 
 The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.  This library is CC0 licensed.
 
-We're proposing adding these libraries to a third_party/ subdirectory under our spec directory as per this advice [3]:
+We're proposing adding these libraries to a third_party/ subdirectory under our spec directory as per [this advice](https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539):
 
 An HPKE JavaScript implementation:
 https://github.com/dajiaji/hpke-js
@@ -42,8 +42,3 @@ Users of these libraries may need to update them from time to time if new
 functionality or fixes are required. This is likely not a big risk.
 
 The HPKE library, once built/transpiled into one JavaScript file, may be slightly harder to debug, but we'll disable minification when building.
-
-[0] https://github.com/WICG/turtledove/blob/main/FLEDGE.md#623-additional-bid-keys 
-[1] https://github.com/WICG/turtledove/blob/main/FLEDGE_Key_Value_Server_API.md#query-api-version-2
-[2] https://github.com/WICG/turtledove/blob/main/FLEDGE_browser_bidding_and_auction_API.md
-[3] https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539

From c3d0435b6fb261ead786d443817a13a5beeb4aca Mon Sep 17 00:00:00 2001
From: Paul Jensen <JensenPaul@users.noreply.github.com>
Date: Wed, 30 Oct 2024 08:30:02 -0400
Subject: [PATCH 8/8] We also need Python HPKE & CBOR libraries

wptserve needs to be able to decrypt and decode requests, and then encode and encrypt responses.
---
 rfcs/additional_cypto_cbor_libs.md | 37 +++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 8 deletions(-)

diff --git a/rfcs/additional_cypto_cbor_libs.md b/rfcs/additional_cypto_cbor_libs.md
index 5ec82608..c2894745 100644
--- a/rfcs/additional_cypto_cbor_libs.md
+++ b/rfcs/additional_cypto_cbor_libs.md
@@ -17,25 +17,46 @@ implementations of these new web APIs.
 
 ## Details
 
-We're proposing adding this library to the tools/ directory:
+### We're proposing adding these Python libraries to the tools/ directory:
 
-An Ed25519 Python implementation:
+These are all self-contained (no dependencies) pure-python libraries.
+
+##### An Ed25519 Python implementation:
 https://github.com/pyca/ed25519/blob/main/ed25519.py
 
-The Ed25519 library is intended to be used by test code running on wptserve that may receive an Ed25519 private key and message to sign that message, or a public key and signature to verify that signature.  This library is CC0 licensed.
+This Ed25519 library is intended to be used by test code running on wptserve
+that may receive an Ed25519 private key and message to sign that message, or
+a public key and signature to verify that signature.  This library is CC0 licensed.
+
+##### An HPKE Python implementation:
+https://github.com/dajiaji/pyhpke
+
+This HPKE library is intended to be used by test code running on wptserve
+that may receive an HPKE encrypted message and have to decrypt it and encrypt
+a response.  This library is MIT licensed.
+
+##### A CBOR Python implementation:
+https://github.com/agronholm/cbor2
 
-We're proposing adding these libraries to a third_party/ subdirectory under our spec directory as per [this advice](https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539):
+This CBOR library is intended to be used by test code running on wptserve that
+may receive an CBOR encoded message and have to decode it and encode a response.
+This library is MIT licensed.
 
-An HPKE JavaScript implementation:
+### We're proposing adding these JavaScript libraries to a third_party/ subdirectory under our spec directory as per [this advice](https://github.com/web-platform-tests/rfcs/issues/46#issuecomment-587707539):
+
+These HPKE and CBOR libraries are used by test code to decrypt and decode data
+coming from JavaScript APIs to verify their contents, and used by test code to
+encode and encrypt response data.  These libraries and all of their included
+dependencies are MIT licensed.
+
+##### An HPKE JavaScript implementation:
 https://github.com/dajiaji/hpke-js
 
 This library has some dependencies, so we're proposing building/transpiling into a single hpke.js file.
 
-A CBOR JavaScript implementation:
+##### A CBOR JavaScript implementation:
 https://github.com/paroga/cbor-js/blob/master/cbor.js
 
-The HPKE and CBOR libraries are used by test code to decrypt and decode data coming from JavaScript APIs to verify their contents, and used by test code to encode and encrypt response data.  These libraries and all of their included dependencies are MIT licensed.
-
 ## Risks
 
 Users of these libraries may need to update them from time to time if new