On Mon, Jan 15, 2024 at 08:46:52AM -0600, Orie Steele wrote: > The draft representation seems not correct.
It is not correct. (And the base64url encoding in COSE is completely unnecressary.) > The original key just had public and private components. > > IIRC the reason for the change was to avoid extra text / custom encoding of > the points. The entire point of OKP is to deal with (not fully specified) cryptographic algorithms that have built-in public-key/private-key encoding to octet strings. If you have something else, it needs another use another kty. > Imo, new signature algorithms should have very simple keys: > > One value for public, one value for private, no confusing parameters > (crv,n,x,d). I think for new signature algorithms: - The signature algorithm should be pure. - The key should fully specify all parameterization. - The public keys should be octet strings. - The private keys should be octet strings. ... Which is exactly the kind of thing the key type for ML-DSA/SLH-DSA seems to be optimized for. Explicit generic mechanisms outside alg should be added to COSE/JOSE to address the shortcomings of pure algorithms in handling large messages. > If you need crv and y, use EC/EC2 not OKP. Unfortunately, in this case, EC/EC2 would not work. The problem is that EC/EC2 assume public key is elliptic curve point over prime field. BLS "G1" keys are like that, so EC/EC2 would work fine for those. Unfortunately, it also has "G2" keys, which are not points over prime field, and thus can not be represented as EC/EC2. > It could even have the same kty, as ML-DSA and SLH-DSA, if there is no crv, > and the public key is a single value. That would not work. The problem is intended usecase of BLS keys. These are speciality things with special properties at cost of security/performance. It would be waste to use these for basic signing. And once one leaves basic signing, it is no longer feasible to specify all parmetrization in the key. But the key type for ML-DSA/SLH-DSA fundamentally assumes parametrization to be fully specified. -Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
