On Mon, Jan 08, 2024 at 10:28:01AM -0500, Simo Sorce wrote: > On Tue, 2024-01-02 at 14:13 -0500, Karen ODonoghue wrote: > > JOSE working group members, > > > > This email starts a two week call for adoption for: > > https://datatracker.ietf.org/doc/draft-jones-jose-fully-specified-algorithms/ > > > > As discussed at the November IETF meeting, with the approved expansion of > > the charter to include maintenance items, this document is now within > > scope. > > > > Please reply to this email with your comments on the adoption of this > > document as a starting point for the related JOSE work item. > > > > This call will end on Wednesday, 17 January 2024. > > > While this draft is theoretically useful I am NOT in favor of its > adoption for existing curves. > > The curve used is already implicit in the size of the signature, and > besides servers generally only have a specific key they use so there is > really no confusion, at worst you get an error during cryptographic > operations, something you must always be prepared to deal with as it > can always happen with untrusted input. > > Either way there is no practical ambiguity that really _needs_ to be > resolved.
Note that there is some confusion on what the actual issue is. The actual issue is not swapping of curves or algorithms, or that keys can not be "fully specified", but that some widely used applications assume that signature algorithm impiles key type. That of course breaks with Ed25519 and Ed448 in COSE/JOSE and ECDSA in COSE. EdDSA can be used with either Ed25519 or Ed448 keys, and ES* can be used with P-256/P-384/P-521 keys. With ECDSA, one could apply the hash algorithm convention, but this does not work with EdDSA because there is only one alg for two key types. What this draft defines is replacements for these that imply single key type. -Ilari _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
