On Thu, May 31, 2018 at 5:09 PM Eric Rescorla <e...@rtfm.com> wrote: > > > On Thu, May 31, 2018 at 2:03 PM, Richard Barnes <r...@ipv.sx> wrote: > >> >> >> On Wed, May 30, 2018 at 5:41 PM Stephen Farrell < >> stephen.farr...@cs.tcd.ie> wrote: >> >>> >>> Hi Russ, >>> >>> On 30/05/18 22:31, Russ Housley wrote: >>> > It seems to me that ACME is being used to support certificate >>> > enrollment for many different applications, so the same approach >>> > seems appropriate. >>> I agree with your description of the past:-) >>> >>> I don't agree with not specifying MTI algs though. >>> >>> My main reasons are that I think having MTI algorithms for >>> acme may lead to better interop and less proliferation of >>> algorithms/suites and less broken/non-tested code. (I >>> forget what I thought about this years ago, but I may have >>> changed opinion - it was reasonable for PKIX to not specify >>> MTI algs a decade or two ago, but that that is no longer a >>> good plan, as we now do really use all this stuff.) >>> >>> That said, I don't feel too strongly about it - in practice >>> I reckon all acme clients will in any case want to implement >>> and be able to use whatever works with LE, at least for the >>> next while, and so this won't be a practical problem either >>> way. >>> >> >> I am also not that sanguine about this topic, but I lean in the opposite >> direction. The list of JWS algorithms [1] is not that long, and not >> growing quickly. And there's no Ed25519. So if we were to pick one or >> more MTIs out of this list, we would basically be locking in to ECDSA or >> RSA-PSS. >> >> As far as MTnotI: The SHA-1-based algorithms are already marked >> "Prohibited". I guess you could ban RSA with PKCS#1v1..5, but that seems >> fairly low-value. >> >> Basically, it seems like the burden of those who want MUSTs here to make >> a proposal for what the MUSTs would be. >> > > I made that proposal in a separate message: ECDSA w/ P-256 MUST, EdDSA > X25519 SHOULD. >
Sorry, missed that in the thread switch. I could live with that. I was incorrect when I said Ed25519 doesn't exist for JWS; I had missed the "EdDSA" value defined in RFC 8037. --Richard > > -Ekr > > >> --Richard >> >> [1] >> https://www.iana.org/assignments/jose/jose.xhtml#web-signature-encryption-algorithms >> >> _______________________________________________ >> Acme mailing list >> Acme@ietf.org >> https://www.ietf.org/mailman/listinfo/acme >> >> >
_______________________________________________ Acme mailing list Acme@ietf.org https://www.ietf.org/mailman/listinfo/acme