Thanks all for the quick reviews and feedback!
There appears to be overwhelming support to rename the algs ES25519 to Ed25519 and ES448 to Ed448. (Yes, I was wondering whether having alg and curve names be the same was a good thing to do, but I don't see any actual problem with it.) I'll plan to do that. To Brian's comment "I'd always understood the "S" in the initial set of JWS alg values to be shorthand for the SHA part of the algorithm", in my mind the "S" in "RS256", "ES256", etc. stood for "Signature" (RSA Signature with SHA-256, Elliptic Curve Signature with SHA-256, etc.) but that was never put into writing, and it's not clear that it matters. With respect to suggestions to register hash functions, there's a few relevant thoughts: * JOSE doesn't directly use hash function identifiers. * There's already the IANA "Named Information Hash Algorithm" registry https://www.iana.org/assignments/named-information/named-information.xhtml#hash-alg . I'm reluctant to create a competing registry of string names for hash functions. * I agree that it could be useful to register additional hash functions in the IANA "COSE Algorithms" registry https://www.iana.org/assignments/cose/cose.xhtml#algorithms and the "Named Information Hash Algorithm" registry, if we know of applications that would use them. * I would rather that hash function registrations happen in a different specification than this one. I'm a firm believer in specs that do one thing well. They're easier to understand and use and progress more quickly. That said, I'd be glad to contribute to a proposed RFC to register additional hash functions both places, should there be interest in doing so. Best wishes, -- Mike -----Original Message----- From: jose <[email protected]> On Behalf Of Ilari Liusvaara Sent: Wednesday, August 30, 2023 11:02 AM To: [email protected] Subject: Re: [jose] Fully-Specified Algorithms for JOSE and COSE On Wed, Aug 30, 2023 at 12:49:01PM -0500, Orie Steele wrote: > Perhaps it is worth adding S256, S384 and S512 to the JOSE Algorithms > Registry as part of further clarifying these conventions? As a sidenote, such things would be useful for manifests / indirect signing. Which will be useful for post-quantum signatures. I need to finish draft on adding indirect signing to COSE (still need to add some examples), and it does use the hash algorithm codepoints (again, it is more elegant in COSE than in JOSE). And another sidenote, maybe SHAKE256, SHA384 and SHA512 should be added to COSE algorithms registry (it does have SHA512/256, but who supports that?). -Ilari _______________________________________________ jose mailing list [email protected]<mailto:[email protected]> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ietf.org%2Fmailman%2Flistinfo%2Fjose&data=05%7C01%7C%7C3eee0457e5764b0b94bc08dba98337ee%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638290153282523456%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=OdFASendbNVxS27LY9ll8UPBui3MsvqOI4p4rStpZQs%3D&reserved=0<https://www.ietf.org/mailman/listinfo/jose>
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
