On 12 Dec 2013, at 8:44 am, Manu Sporny <[email protected]> wrote:
> The Web Payments group believes that new digital signature and > encryption schemes will have to be updated every 5-7 years. It is > better to delay the decision to switch to another primary > algorithm as long as as possible (and as long as it is safe to do > so). Delaying the cryptographic algorithm decision ensures that > the group will be able to make a more educated decision than > attempting to predict which cryptographic algorithms may be the > successors to currently deployed algorithms. I'd rather have algorithm agility in the spec and a separate profile for a particular use case (which can, say, require only one algorithm being mandatory to implement) than baking the algorithm in the spec. And PEM-inside-JSON just seems a bit ugly to me -- I don't really buy the implementation complexity argument when there are already plenty of libraries that will do the heavy lifting for you. Just my 2c. -- Luke _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
