Hi Vladimir, I kinda got the same question from someone a couple days ago and could pinpoint a clear normative answer.
We have https://tools.ietf.org/html/rfc7520 that shows ECDH-ES with P-384 and P-256. In not having any normative text around these curves being allowed or P-521 being disallowed I always assumed all original three are fair use for ECDH-ES (and its composite KW variants). We also have https://tools.ietf.org/html/rfc8037 which specifically mentions X25519 and X448 OKP subtypes to be usable for ECDH-ES (and its composite KW variants). Then we have the JOSE registration of EC secp256k1 curve which specifically mentions that the curve is NOT released for ECDH in that document. So, EC P-256 EC P-384 EC P-521 OKP X25519 OKP X448 S pozdravem, *Filip Skokan* On Tue, 3 Nov 2020 at 22:40, Vladimir Dzhuvinov <[email protected]> wrote: > Today we received the question why the Nimbus JOSE+JWT lib supports the > EC curves it does for ECDH (P-256, P-384, P-512) and I couldn't find any > normative text or reference in the JWA spec to explain this. > > https://tools.ietf.org/html/rfc7518#section-4.6 > > > We also looked at the IANA registry for hints: > > https://www.iana.org/assignments/jose/jose.xhtml > > > Contrast this with the JWS ECDSA, where the curves to go with the ESxxx > algs are specced: > > https://tools.ietf.org/html/rfc7518#section-3.4 > > > Can someone help here? :) > > > Thanks, > > Vladimir > > -- > Vladimir Dzhuvinov > > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose >
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
