Re: [COSE] COSE Algorithms Register Thoughts

Sun, 15 Nov 2020 16:10:53 -0800 

Hi John:
I uploaded a new version of the lwig curve draft [1], changing the intended status to "standards track". I hope this helps. 

Best regards, Rene


Ref: [1] 
https://datatracker.ietf.org/doc/html/draft-ietf-lwig-curve-representations-14



PS: The data tracker still shows this as informational, but I presume 
changing the intended status there requires an action by a gate keeper 
(working group chair, or similar).


On 2020-11-14 2:47 p.m., John Mattsson wrote:

Hi,


- Looking through the COSE Algorithms registry, I find that there are three 
different models for ECC signatures:

1. ES256 = ECDSA + SHA-256
    ES384 = ECDSA + SHA-384
    ES512 = ECDSA + SHA-512
    Curve specified elsewhere.

2. EdDSA = EdDSA
    Curve specified elsewhere
    Hash algortithm determined by curve.

3. ES256K = ECDSA + SHA-256 + secp256k1
    Curve and hash algorithm included.

Is there any reason why ES256K was specified like this? My understanding is 
that 1. and 2. follow PKIX but not 3. My understanding is that that ECDSA + 
SHA-256 + secp256k1 in PKIX would be specified in the same way as ECDSA + 
SHA-256 + secp256r1

id-ecPublicKey + secp256k1
ecdsa-with-SHA256


- The COSE registries allow registration labels with a 1, 2, or 3 byte CBOR 
encoding. The registry differentiates between 2 and 3 byte encodings, but the 
registry does not differentiate between 1 and 2 byte encodings. Integers in the 
range [-24,23] have a one byte encoding.

A lot of a algorithms not suitable for constrained IoT such as HMAC 512/512, 
A256GCM, A256KW, direct+HKDF-SHA-512, etc. have been given 1 byte identifiers. 
These should maybe have been saved for algorithms that constrained IoT will 
likely use.

ECDSA25519 is targeting constrained IoT and should probably be given a 1 byte 
label, which is can't get unless the draft is changed to standards track.


Cheers,
John

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose



--
email: [email protected] | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 287-3867

_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose






















					Reply via email to