On 2022-03-08 19:16, Ilari Liusvaara wrote: <snip>
And with regards to using one or different values of alg (differentiated by key), that is more complicated question. IIRC FIDO incorrectly assumes that alg values do not get reused, which causes problems with EdDSA which does reuse alg values (Ed25519 and Ed448 both use alg=-8 in COSE). On the other side, not reusing algorithm opens possibility for key-algorithm mismatches, which caused an infamous vulernabities in JOSE.
I believe most people (in retrospect) have rather come to the conclusion that polymorphic algorithms were a mistake. Anders
-Ilari _______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
_______________________________________________ COSE mailing list [email protected] https://www.ietf.org/mailman/listinfo/cose
