Crypto agility is necessary because security of crypto algorithms and key sizes change over time. So supporting multiple crypto algorithms is required for a standard that doesn't want to become obsolete within a few years. It's not a case of flexibility but of necessity. Also, availability of different crypto algorithms varies widely between platforms, so being able to support multiple algorithms is a must to ensure wide adoption -- porting a new crypto algorithm to a platform is a very large effort.
OTOH: - Base64URL encoding is quite trivial to add to a platform that doesn't have it - Base64URL encoding is not likely to be deprecated in the foreseeable future On Tue, Sep 4, 2012 at 2:10 PM, Jim Schaad <[email protected]> wrote: > I hope that you have a better response than this. If what you say is true > then we should eliminate a large number of the cryptographic algorithms > that > have been proposed as they provide multiple ways of doing things. > > Do you really believe that the difference in the receiving software is > going > to be that different based on if base64 or base64URL encoding is used on a > binary value? > > Jim > > > > -----Original Message----- > > From: Mike Jones [mailto:[email protected]] > > Sent: Tuesday, September 04, 2012 1:46 PM > > To: Jim Schaad; [email protected] > > Subject: RE: [jose] Use of Base64 encoding > > > > Having multiple ways to do something never helps improve interop > > > > -----Original Message----- > > From: [email protected] [mailto:[email protected]] On Behalf Of > > Jim Schaad > > Sent: Tuesday, September 04, 2012 1:38 PM > > To: [email protected] > > Subject: [jose] Use of Base64 encoding > > > > <personal> > > > > I was struck by the questions of which base64 encoder should be used in > the > > different documents that the working group employed and I started going > > through the different locations in the document to see where and how much > > it mattered if the base64 or base64URL encoder was used. This message > > represents my conclusions and leads to some questions > > > > 1. The simple dot encoding of the objects does require it as it will > possibly be > > sent as part of a URL 2. If you are going to be in a space constrained > > environment then you MIGHT want it as it will shrink the result, however > > doing a solution that deals with binary data more generally would be a > better > > solution. > > 3. Joe might have an argument that only doing things one way is simpler, > > however that argument can apply in both directions > > > > The rest of the time I don't think it matters which of the encoding > formats is > > used. If you are looking at the SHA-1 hash of a certificate, does it > matter if > > you use base64 or base64URL, not except for the minor size increase. The > > padding characters themselves are protected from the URL by the outside > > base64URL encoding. > > > > Except for the case of the dot encoding step, I think that the use of > base64 > > URL can be dropped from a MUST to a SHOULD with the justifications being > > explained. It was stated at the F2F that the difference in the decoders > is > > minimal so there is no reason not to allow there and this would allow > > different people to make different decisions on this issue. > > > > Jim > > > > > > _______________________________________________ > > jose mailing list > > [email protected] > > https://www.ietf.org/mailman/listinfo/jose > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose > -- --Breno
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
