On Wed, Dec 01, 2021 at 02:16:10PM -0500, Rene Struik wrote: > > Please note, however, have no impact on the specification of ECDSA and > the iana cose codepoints for the invocations with SHAKE* functionality.
I think there is a question about whether all of NISTs publications (including examples) are internally consistent. It is perhaps conceivable that NIST would choose to make the published examples (and implementations that used them as test vectors) the "correct" version and change the ECDSA (or SHA-3/SHAKE) specification to resolve such an inconsistency, so I am relucant to agree to a "no impact" determination. (Note that due to illness and a busy schedule I am not caught up on all the relevant mail, so maybe I missed some important previous traffic on this topic.) > To be frank: your comment is just about an (in your mind) one-line > glitch in two informational examples I included as courtesy to readers > to illustrate a specification. I do not think that the scope of Ilari's concerns is limited to just this "one-line glitch". I am hearing the sentiment that NIST has set things up with a significant risk of a harmful "gotcha" for implementations, and that by specifying codepoints for ECDSA with SHAKE* we are enabling that "gotcha" and thereby incurring an ethical responsibility to include a prominent disclaimer about the "gotcha" and how to avoid it. This is not limited to the examples and we incur the responsibility just by specifying the combination of ECDSA and SHAKE*, independently of whether we provide examples of such functionality. -Ben _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
