-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 23/01/15 21:50, ⌘ Matt Miller wrote: > Or maybe we seriously consider SPKI. Yes. It works. It's used elsewhere so offers better interop. All libraries support it so coding up the thumbprint stuff with that is trivial and far less error prone. It avoids any need for (even more) pointless debate about hash-input nitpicking. There's less spec text needed too. All useful asymmetric algs will have a well defined SPKI for the next decade because those are used in TLS and for the WebPKI which is not going away no matter how much you want it to go away. That is a pile of advantages. And, most important, there is zero advantage in pointlessly inventing a new variation. Frankly the supposed advantages offered so far: - - a line or two less code, (maybe, maybe not, unimportant in any case) - - "not asn.1" (nonsense, SPKI needs no generic asn.1 support, we've known for decades how to do without that, and your library constructs the octets from the key already) - - "it should be json" (more nonsense, it's a hash input and never sent or stored, nobody cares what format it has) ...are utterly unconvincing in any rational view. S. PS: As another data point, the W3C sub-resource integrity spec [1] uses ni URIs today. I've no idea if that's likely to last into a W3C REC or get deployed, but seems to me like not-reinventing in this space is one sensible thing those folks have (sensibly:-) done, given the utter lack of benefit from re-inventing. [1] http://www.w3.org/TR/SRI/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQEcBAEBAgAGBQJUwtVxAAoJEC88hzaAX42iiyAH/2IBfml30CcQzUiFyFO0zzZZ lCiaMy+Iy+ZmVtXNGGTQlA7xt+EK060TgG0Aj+vWOMJpxGabxniseJf6RnrSGL2D M3VL+Tcbx4EDbGTUAyjf8lQ+kAuAbj9xBY3VPG8r1qNrqh8chtRwRSU2O7+plBuJ qSx+A+8KORzMPhpan+XlcTjnDoSClBnI7+Ajt4T9LozVN4Z0Pl4S2Nnrr8lbgyiH g8T+u1GTvcT542kL/+Q9g+rUyzVJNE/F+VwvraueTUdkCu+hxhWIUwFZnek27gSk g4NDwmouzS/0hr3hkM2eqrGyfjpmvTL/VnrfjhKeIKkpBDL2Fvt0hNUlLlhReIU= =cnGe -----END PGP SIGNATURE----- _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
