Anyone will be able to register algorithm identifiers in the algorithms
registry, with the only requirement being that a document is written that
specifies the algorithm behavior. So you could define DS128, etc. and register
them if you choose.
Mainly because I'm interested, can you give the working group some background
on why you decided to use DSA?
-- Mike
-----Original Message-----
From: [email protected] [mailto:[email protected]] On Behalf Of Dirkjan
Ochtman
Sent: Tuesday, November 12, 2013 5:07 AM
To: [email protected]
Subject: [jose] JWS algorithms: DSA, non-NIST curves
Hi there,
In Persona/BrowserID, we're currently using DSA signatures (using a "DS128"
value for "alg"). Would it be possible to get this into the current JWS/JWA
drafts? We're currently looking at upgrading our formats to current JOSE draft,
see here:
https://github.com/djc/id-specs/blob/prod/browserid/json-formats.md
Relatedly, I was wondering if there's been discussion on including any non-NIST
curves in JWA. With recent developments, it appears that the NIST curves may be
a little suspect.
http://www.theguardian.com/world/2013/sep/05/nsa-how-to-remain-secure-surveillance
http://cr.yp.to/talks/2013.05.31/slides-dan+tanja-20130531-4x3.pdf
Instead, some of Bernstein et al.'s SafeCurves could be added:
http://safecurves.cr.yp.to/
In particular, algorithms based on the 25519 curve already seems to be in
fairly widespread use.
Cheers,
Dirkjan
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
