Messages in this thread seem to be getting lost somewhere and I don't think it's just me as they don't seem to show up in the archives <https://mailarchive.ietf.org/arch/browse/jose/> either. But I tried to send something yesterday with the observation that the "no" in question here in the "COSE Recommended" column in the table in Sec 2.2 is inconsistent with the values in the COSE algorithm registration requests in Sec 3.2 that have a "yes". Furthermore I'll observe that the current registry <https://www.iana.org/assignments/cose/cose.xhtml#algorithms> has a recommended value of "yes" for -8/EdDSA and it would seem a bit odd to have "no" as recommended for -50/Ed25519 and -51/Ed448 which this draft is effectively trying to position as replacements for -8/EdDSA.
<https://mailarchive.ietf.org/arch/browse/jose/> On Tue, May 7, 2024 at 8:57 PM Anders Rundgren < [email protected]> wrote: > l is > > On Tue, May 7, 2024, 22:11 Michael Jones <[email protected]> > wrote: > >> https://www.rfc-editor.org/rfc/rfc8152 defines the “Recommended” >> registry column as: >> >> >> >> Recommended: Does the IETF have a consensus recommendation to use >> >> the algorithm? The legal values are 'Yes', 'No', and >> >> 'Deprecated'. >> >> >> >> That’s not nearly as granular as the somewhat-corresponding >> “Implementation Requirements” column for JOSE in >> https://www.rfc-editor.org/rfc/rfc7518.html: >> >> >> >> JOSE Implementation Requirements: >> >> The algorithm implementation requirements for JWS and JWE, which >> >> must be one the words Required, Recommended, Optional, Deprecated, >> >> or Prohibited. Optionally, the word can be followed by a "+" or >> >> "-". The use of "+" indicates that the requirement strength is >> >> likely to be increased in a future version of the specification. >> >> The use of "-" indicates that the requirement strength is likely >> >> to be decreased in a future version of the specification. Any >> >> identifiers registered for non-authenticated encryption algorithms >> >> or other algorithms that are otherwise unsuitable for direct use >> >> as JWS or JWE algorithms must be registered as "Prohibited". >> >> >> >> It’s not my read of the COSE “No” value that you can’t use the >> algorithm. It’s more that COSE isn’t making a statement that everyone must >> implement it (which would be a “Yes”, as I understand it). “Deprecated” >> would be how COSE would say that you can’t use it. >> > > Thanx Mike! From a tool vendor perspective this is pretty much identical > to "optional". That is, anything that isn't forbidden, (effectively) must > be supported. Not a deal-breaker but I would have preferred that JOSE and > COSE had the same level of support for fully specified algorithms. > > Anders > >> >> >> -- Mike >> >> >> >> *From:* Anders Rundgren <[email protected]> >> *Sent:* Tuesday, May 7, 2024 12:58 PM >> *To:* Michael Jones <[email protected]> >> *Cc:* Karen ODonoghue <[email protected]>; jose <[email protected]> >> *Subject:* Re: "Ed25519 not recommended" Re: [jose] WGLC for >> draft-ietf-jose-fully-specified-algorithms >> >> >> >> >> >> On Tue, May 7, 2024, 20:04 Michael Jones <[email protected]> >> wrote: >> >> >> https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ >> denotes support for the algorithms as Optional. And >> https://www.iana.org/assignments/jose/jose.xhtml likewise denotes the >> corresponding curves also as being Optional. >> >> >> >> Where is the “not recommended” text that you’re referring to, Anders? >> >> Hi Mike, >> >> >> >> Ed25519 >> >> Ed448 >> >> Under COSE >> >> there is a subtitle "Recommend" >> >> that has the value "No" >> >> >> >> I may be stupid but I don't understand how to interpret this. I would >> like to use these algorithms but apparently you should not. >> >> >> >> Anders >> >> >> >> >> >> >> >> >> >> -- Mike >> >> >> >> *From:* Anders Rundgren <[email protected]> >> *Sent:* Tuesday, May 7, 2024 12:47 AM >> *To:* Michael Jones <[email protected]> >> *Cc:* Karen ODonoghue <[email protected]>; jose <[email protected]> >> *Subject:* "Ed25519 not recommended" Re: [jose] WGLC for >> draft-ietf-jose-fully-specified-algorithms >> >> Could the authors please inform us mere mortals about the purpose of >> making Ed25519 and Ed448 not recommended? >> >> >> >> Anders >> >> _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] > -- _CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you._
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
