On 23. Jun 2021, at 18:42, Mike Jones <[email protected]> wrote: > > I believe that we should create a policy requiring that all future algorithm > registrations should be non-polymorphic. Furthermore, I believe we should > consider defining and registering new non-polymorphic algorithm identifiers > so that use of the existing polymorphic algorithm identifiers can be avoided > and deprecated.
While I can’t see anything wrong with registering “ciphersuite” style algorithm identifiers like ES256k, there also is nothing wrong with “pure” algorithm identifiers. They just can’t be used with protocols that expect the full ciphersuite to be specified in one number. So I don’t see a reason to deprecate pure (parameter agnostic) algorithm identifiers, but we may want to complement them with a couple of ciphersuite identifiers each. It would be useful if the registry had more data about what a specific algorithm identifier actually is (e.g., if it can be used in WebAuthn). I think we’ll need to do a cleanup of the registry with respect to such descriptive columns, soon (compare the hash algorithms issue). Grüße, Carsten _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
