Re: [jose] CFRG ECC in JOSE - thumbprint

Wed, 18 Nov 2015 00:49:56 -0800 

On 2015-11-18 01:27, Mike Jones wrote:

I would strongly argue for using "crv" and "x" to characterize these algorithms.

> Developers will be unpleasantly surprised if we don't and more than likely 
unnecessarily confused as well.

I agree.  In the case "crv" isn't a curve it would still at least be an 
algorithm.



I'm on the fence about whether to use "kty":"EC" or a new key type value,

> such as "EC1" (Elliptic Curve with one coordinate).  I'll note that "EC"
> is already designed to allow curves whose representations use
> "x" but not "y", so there's strictly speaking no need for a new key type.
> But I understand the argument that since "x" isn't represented in SEC1
> format for these curves, that a different "kty" value may be appropriate.


IMO, the fact that quite a bunch of popular cryptographic libraries build on
"hardcoded" EC and RSA key-types, motivate a *new name*.  It seems that
JWK parsing would be more straightforward as well.

The actual name is fairly unimportant but "EC1" doesn't sound too bad :-)
It fits the algorithms/curves currently on the table, doesn't it?

Anders


                                -- Mike

-----Original Message-----
From: jose [mailto:[email protected]] On Behalf Of Ilari Liusvaara
Sent: Saturday, November 14, 2015 10:35 AM
To: Anders Rundgren
Cc: [email protected]
Subject: Re: [jose] CFRG ECC in JOSE - thumbprint

On Sat, Nov 14, 2015 at 04:43:27PM +0100, Anders Rundgren wrote:

Hi Ilari,

If these curves are generally recognized as "Edwards" (?) I would
personally prefer that "kty" refer to something Edward-ish like "ED"
although this is (of course) entirely unimportant.


These things are not Edwards curves. These things are abstract public-key 
algorithms.

If you truly had Edwards curve over prime field[1], there would be no problem presenting 
it in standard "EC" notation, as these things have well-defined curve and both 
x and y coordinates that are in Z_p.


And yes, I did consider reusing "crv" and "x", but decided that looks pretty odd (there 
is no guarantee that these things are in any way based on elliptic curves, nor that even if they are, 
"x" is actually x coordinate of the curve.


[1] But this fails for Edwards curves over prime squared fields, since each 
co-ordinate has two subcomponents (AFAIK, higher powers give weak-for-ECC 
fields).



-Ilari

_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose



_______________________________________________
jose mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/jose

Reply via email to