On 16 Sep 2020, at 13:30, Ilari Liusvaara <[email protected]> wrote:
> […]
>
>> 8037 was done by CFRG, so probably best to ask there.
>
> 8037 was done by JOSE. The CFRG part (generic specification of
> EdDSA2) was 8032.
Good to know, thanks.
>
>> I like this aspect of the spec. IMO “alg” as a header was a mistake.
>> By using a generic algorithm header, it forces implementors to
>> associate the specific details in metadata stored with the key, which
>> is much safer.
>
> Actually a few months ago I came up with idea of having a way to express
> "algorithm determined by the key" in JOSE/COSE.
>
> - There have been some serious security issues in JWS implementations
> that have been caused by using completely wrong algorithms.
> - In general, using the same key with multiple algorithms is not
> cryptographically safe. There can be algorithm pairs which interact
> badly (for instance, Ed25519 and the original Ed25519ph).
I wrote about this some time ago:
https://neilmadden.blog/2018/09/30/key-driven-cryptographic-agility/
<https://neilmadden.blog/2018/09/30/key-driven-cryptographic-agility/>
JWK already allows associating an algorithm with a key, so I have considered a
small draft to deprecate the “alg” header in JOSE entirely. With this WG being
disbanded however, there’s not a natural place to do that.
— Neil
_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose
