Discussion somewhat germane to this WG as well. Grüße, Carsten
> Begin forwarded message: > > From: Carsten Bormann <[email protected]> > Subject: Re: [jose] Do we have actual normative text which curves are allowed > / standard for ECDH-ES in JOSE? > Date: 2020-11-04 at 09:57:28 CET > To: Filip Skokan <[email protected]> > Cc: Vladimir Dzhuvinov <[email protected]>, "Hamad, Samer K" > <[email protected]>, "Voss, Ray" <[email protected]>, > "[email protected]" <[email protected]> > Message-Id: <[email protected]> > > The JSON Web Key Elliptic Curve registry just lists the curves: > > https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve > > In COSE we have a registry "COSE Elliptic Curves”: > > https://www.iana.org/assignments/cose/cose.xhtml#elliptic-curves > > This actually has a column “description” that contains some more information > about where these curves are supposed to be used. > > Grüße, Carsten > > > >> On 2020-11-03, at 22:50, Filip Skokan <[email protected]> wrote: >> >> Hi Vladimir, >> >> I kinda got the same question from someone a couple days ago and could >> pinpoint a clear normative answer. >> >> We have https://tools.ietf.org/html/rfc7520 that shows ECDH-ES with P-384 >> and P-256. In not having any normative text around these curves being >> allowed or P-521 being disallowed I always assumed all original three are >> fair use for ECDH-ES (and its composite KW variants). >> >> We also have https://tools.ietf.org/html/rfc8037 which specifically mentions >> X25519 and X448 OKP subtypes to be usable for ECDH-ES (and its composite KW >> variants). >> >> Then we have the JOSE registration of EC secp256k1 curve which specifically >> mentions that the curve is NOT released for ECDH in that document. >> >> So, >> >> EC P-256 >> EC P-384 >> EC P-521 >> OKP X25519 >> OKP X448 >> >> S pozdravem, >> Filip Skokan >> >> >> On Tue, 3 Nov 2020 at 22:40, Vladimir Dzhuvinov <[email protected]> >> wrote: >> Today we received the question why the Nimbus JOSE+JWT lib supports the >> EC curves it does for ECDH (P-256, P-384, P-512) and I couldn't find any >> normative text or reference in the JWA spec to explain this. >> >> https://tools.ietf.org/html/rfc7518#section-4.6 >> >> >> We also looked at the IANA registry for hints: >> >> https://www.iana.org/assignments/jose/jose.xhtml >> >> >> Contrast this with the JWS ECDSA, where the curves to go with the ESxxx >> algs are specced: >> >> https://tools.ietf.org/html/rfc7518#section-3.4 >> >> >> Can someone help here? :) >> >> >> Thanks, >> >> Vladimir >> >> -- >> Vladimir Dzhuvinov >> >> >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >> _______________________________________________ >> jose mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
