I support adoption > > 8 jan. 2024 kl. 16:05 skrev Manu Sporny <[email protected]>: > > On Mon, Jan 8, 2024 at 9:52 AM Orie Steele <[email protected]> wrote: >> >> We got some good responses from the TLS list on the interpretation of their >> suites, please review them: >> >> https://mailarchive.ietf.org/arch/msg/tls/LXBUvjMdhEpgIEC1CEzTuDKZNwY/ > > Yes, that summarizes exactly what the JOSE group was warned about many > years ago wrt. the polymorphic approach. > > The experiences with TLS 1.2 and 1.3 further underscores the reasons > that the Data Integrity work at the W3C has decided to NOT go down the > "polymorphic" algorithm path. > > The problem with the "fully specified" specification is that it's > attempting to slap a bandaid on the problem which is only going to > make the problem worse. Banning polymorphic algorithm identifiers > would be the way to go, but as I said, the JOSE group made the > decision to go down the polymorphic algorithm identifier route long > ago and supporting both polymorphic and fully-specified will just make > everything more complicated for JOSE developers and lead to > interoperability failures. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > https://www.digitalbazaar.com/ > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
