Also note that ES256 in JOSE is not requested to be deprecated, the only requested deprecation for JOSE is EdDSA --> https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-07.html#section-4.1.2
JOSE: ES256 --> ECDSA using P-256 curve and SHA-256 COSE: ES256 (-7) --> ECDSA with *any curve* and SHA-256 (deprecated) COSE: ESP256 (-9) --> ECDSA using P-256 curve and SHA-256 (new, but matching behavior in JOSE) OS On Mon, Mar 10, 2025 at 1:02 PM Michael Jones <[email protected]> wrote: > Per the definition at > https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-07.html#name-defining-deprecated-and-pro, > “Deprecated” means: > > There is a preferred mechanism to achieve similar functionality to that > referenced by the identifier; this replacement functionality SHOULD be > utilized in new deployments in preference to the deprecated identifier, > unless there exist documented operational or regulatory requirements that > prevent migration away from the deprecated identifier. > > > > Thus, deployments that are already successfully using ES256 as-is can keep > doing so. Deprecating the algorithm doesn’t change that. > > > > (That’s different than “Prohibited”, which intervenes even in the case of > existing uses.) > > > > Thanks both, > > -- Mike > > > > -----Original Message----- > From: Derek Atkins <[email protected]> > Sent: Monday, March 10, 2025 9:58 AM > To: Sean Turner <[email protected]> > Cc: [email protected]; [email protected]; > [email protected]; [email protected] > Subject: [jose] Re: [IANA #1413495] expert review for > draft-ietf-jose-fully-specified-algorithms (cose) > > > > Just a heads-up that I'm sure there are lots of protocols using e.g. ES256. > > We should be careful about how we deprecate it. > > -derek > > > > On Mon, March 10, 2025 12:29 pm, Sean Turner wrote: > > > Hi! > > > > > > The following are approved, but the ones with stars below use > > > different numbers than requested (the requested values were assigned): > > > > > > Fully-Specified COSE Algorithm Registrations > > > > > > ESP256 -> -9 > > > ESP384 -> -48 > > > ESP512 -> -49 > > > ESB256 -> -265 * > > > ESB320 -> -266 * > > > ESB384 -> -267 * > > > ESB512 -> -268 * > > > Ed25519 -> -50 > > > Ed448 -> -51 > > > > > > The following deprecations are also approved: > > > > > > Deprecated Polymorphic COSE Algorithm Registrations > > > > > > ES256 > > > ES384 > > > ES512 > > > EdDSA > > > > > > IANA: Please note that a note for unassigned values should be updated > > > as > > > follows: > > > > > > OLD: > > > > > > Unassigned -256 to -48 > > > Unassigned -65528 to -261 > > > > > > NEW: > > > > > > Unassigned -256 to -52 > > > Unassigned -65528 to -269 > > > > > > spt > > > > > >> On Mar 4, 2025, at 4:10 PM, David Dong via RT > > >> <[email protected]> wrote: > > >> > > >> Dear Göran Selander, Derek Atkins, Sean Turner (cc: jose WG), > > >> > > >> Following up in this; as the designated experts for the COSE > > >> Algorithms registry, can you review the proposed registrations in > > >> draft-ietf-jose-fully-specified-algorithms-07 for us? Please see: > > >> > > >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdata > <https://data/> > > >> tracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2 > > >> F&data=05%7C02%7C%7C0e628bf222f3414c259408dd5ff4ddfb%7C84df9e7fe9f640 > > >> afb435aaaaaaaaaaaa%7C1%7C0%7C638772227490068524%7CUnknown%7CTWFpbGZsb > > >> 3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIj > > >> oiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=%2FHi5%2BkckVTd49C80UBU > > >> NBnbog9laAonlX4Wb991xNT8%3D&reserved=0 > > >> > > >> The due date is March 11. > > >> > > >> If this is OK, when the IESG approves the document for publication, > > >> we'll make the registration at: > > >> > > >> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > <https://www/>. > > >> iana.org%2Fassignments%2Fcose%2F&data=05%7C02%7C%7C0e628bf222f3414c25 > > >> 9408dd5ff4ddfb%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638772227 > > >> 490101511%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjA > > >> uMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7 > > >> C&sdata=MyJgfZK812caWtZo4FS%2Fjv79v0j%2BDIJ3c2uPFCyR%2FdY%3D&reserved > > >> =0 > > >> > > >> Unless you ask us to wait for the other reviewer, we’ll act on the > > >> first response we receive. > > >> > > >> With thanks, > > >> > > >> David Dong > > >> IANA Services Sr. Specialist > > >> > > >> On Tue Feb 25 18:06:47 2025, david.dong wrote: > > >>> Dear Göran Selander, Derek Atkins, Sean Turner (cc: jose WG), > > >>> > > >>> As the designated experts for the COSE Algorithms registry, can you > > >>> review the proposed registrations in > > >>> draft-ietf-jose-fully-specified- > > >>> algorithms-07 for us? Please see: > > >>> > > >>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdat > <https://dat/> > > >>> atracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-&data=05%7 > > >>> C02%7C%7C0e628bf222f3414c259408dd5ff4ddfb%7C84df9e7fe9f640afb435aaaa > > >>> aaaaaaaa%7C1%7C0%7C638772227490122115%7CUnknown%7CTWFpbGZsb3d8eyJFbX > > >>> B0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbC > > >>> IsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=E39nZmtjtaphQ31gbyJ4luhocAUJSV > > >>> FJxPW1PZUn00s%3D&reserved=0 > > >>> algorithms/ > > >>> > > >>> The due date is March 11. > > >>> > > >>> If this is OK, when the IESG approves the document for publication, > > >>> we'll make the registration at: > > >>> > > >>> https://na01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww > <https://www/> > > >>> .iana.org%2Fassignments%2Fcose%2F&data=05%7C02%7C%7C0e628bf222f3414c > > >>> 259408dd5ff4ddfb%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638772 > > >>> 227490140620%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiI > > >>> wLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C > > >>> %7C%7C&sdata=pXzEhmBDctfxfzPF5f3DZiqIUKyLPdpO3s0RXXLcpI0%3D&reserved > > >>> =0 > > >>> > > >>> Unless you ask us to wait for the other reviewer, we’ll act on the > > >>> first response we receive. > > >>> > > >>> With thanks, > > >>> > > >>> David Dong > > >>> IANA Services Sr. Specialist > > >> > > > > > > > > > > > > -- > > Derek Atkins 617-623-3745 > > [email protected] > https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.ihtfp.com%2F&data=05%7C02%7C%7C0e628bf222f3414c259408dd5ff4ddfb%7C84df9e7fe9f640afb435aaaaaaaaaaaa%7C1%7C0%7C638772227490159720%7CUnknown%7CTWFpbGZsb3d8eyJFbXB0eU1hcGkiOnRydWUsIlYiOiIwLjAuMDAwMCIsIlAiOiJXaW4zMiIsIkFOIjoiTWFpbCIsIldUIjoyfQ%3D%3D%7C0%7C%7C%7C&sdata=dGPoJhEZASBB8e%2Fogd2DdxoYngHNNXTm1XXVJrTvjDg%3D&reserved=0 > <http://www.ihtfp.com/> > > Computer and Internet Security Consultant > > > > _______________________________________________ > > jose mailing list -- [email protected] > > To unsubscribe send an email to [email protected] > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] >
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
