https://www.rfc-editor.org/rfc/rfc8152 defines the "Recommended" registry
column as:
Recommended: Does the IETF have a consensus recommendation to use
the algorithm? The legal values are 'Yes', 'No', and
'Deprecated'.
That's not nearly as granular as the somewhat-corresponding "Implementation
Requirements" column for JOSE in https://www.rfc-editor.org/rfc/rfc7518.html:
JOSE Implementation Requirements:
The algorithm implementation requirements for JWS and JWE, which
must be one the words Required, Recommended, Optional, Deprecated,
or Prohibited. Optionally, the word can be followed by a "+" or
"-". The use of "+" indicates that the requirement strength is
likely to be increased in a future version of the specification.
The use of "-" indicates that the requirement strength is likely
to be decreased in a future version of the specification. Any
identifiers registered for non-authenticated encryption algorithms
or other algorithms that are otherwise unsuitable for direct use
as JWS or JWE algorithms must be registered as "Prohibited".
It's not my read of the COSE "No" value that you can't use the algorithm. It's
more that COSE isn't making a statement that everyone must implement it (which
would be a "Yes", as I understand it). "Deprecated" would be how COSE would
say that you can't use it.
-- Mike
From: Anders Rundgren <[email protected]>
Sent: Tuesday, May 7, 2024 12:58 PM
To: Michael Jones <[email protected]>
Cc: Karen ODonoghue <[email protected]>; jose <[email protected]>
Subject: Re: "Ed25519 not recommended" Re: [jose] WGLC for
draft-ietf-jose-fully-specified-algorithms
On Tue, May 7, 2024, 20:04 Michael Jones
<[email protected]<mailto:[email protected]>> wrote:
https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/
denotes support for the algorithms as Optional. And
https://www.iana.org/assignments/jose/jose.xhtml likewise denotes the
corresponding curves also as being Optional.
Where is the "not recommended" text that you're referring to, Anders?
Hi Mike,
Ed25519
Ed448
Under COSE
there is a subtitle "Recommend"
that has the value "No"
I may be stupid but I don't understand how to interpret this. I would like to
use these algorithms but apparently you should not.
Anders
-- Mike
From: Anders Rundgren
<[email protected]<mailto:[email protected]>>
Sent: Tuesday, May 7, 2024 12:47 AM
To: Michael Jones
<[email protected]<mailto:[email protected]>>
Cc: Karen ODonoghue <[email protected]<mailto:[email protected]>>; jose
<[email protected]<mailto:[email protected]>>
Subject: "Ed25519 not recommended" Re: [jose] WGLC for
draft-ietf-jose-fully-specified-algorithms
Could the authors please inform us mere mortals about the purpose of making
Ed25519 and Ed448 not recommended?
Anders
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
