But that section (6.2.1.2) is about the EC parameters x and y in JWK. The comment was about the ECDSA signature values R & S in section 3.4 for JWS. I believe that Scott is correct in saying that it is currently ambiguous and could be clarified. I think that left zero padding is what was intended and what most of us have (eventually) inferred should be done. But it should probably be stated explicitly.
On Mon, Apr 7, 2014 at 3:57 PM, Mike Jones <[email protected]>wrote: > Thanks for the useful reviews, Scott and Burt. Replies are inline. > > -----Original Message----- > From: jose [mailto:[email protected]] On Behalf Of Hollenbeck, Scott > Sent: Friday, April 04, 2014 5:43 PM > To: [email protected] > Cc: Kaliski, Burt > Subject: [jose] WG Last Call Comments: > draft-ietf-jose-json-web-algorithms-25 > > Sec. 3.4: For ECDSA P-521 SHA-512, as noted, "R and S will be 521 bits > each, resulting in a 132-octet sequence." Unclear how R and S are to be > converted into respective 66-octet values (pad with 0 bits on the left > versus right). Should be consistent with practice in other specifications, > e.g., IEEE 1363. > > > > Per > http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-25#section-6.2.1.2, > this is specified by the SEC1 specification, which the "x" and "y" > definitions reference. (SEC1 specifies padding on the left in Section > 2.3.1 - "BitString-to-OctetString Conversion".) >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
