On Tue, 2024-01-02 at 14:13 -0500, Karen ODonoghue wrote: > JOSE working group members, > > This email starts a two week call for adoption for: > https://datatracker.ietf.org/doc/draft-jones-jose-fully-specified-algorithms/ > > As discussed at the November IETF meeting, with the approved expansion of > the charter to include maintenance items, this document is now within > scope. > > Please reply to this email with your comments on the adoption of this > document as a starting point for the related JOSE work item. > > This call will end on Wednesday, 17 January 2024.
While this draft is theoretically useful I am NOT in favor of its adoption for existing curves. The curve used is already implicit in the size of the signature, and besides servers generally only have a specific key they use so there is really no confusion, at worst you get an error during cryptographic operations, something you must always be prepared to deal with as it can always happen with untrusted input. Either way there is no practical ambiguity that really _needs_ to be resolved. I could see how being less ambiguous would be a good idea for future algorithms. But for the present it is not. All implementations still need to support the defined algorithms, and the only result of adopting new names for the same algorithms is to introduce incompatibilities with existing implementations. Simo. -- Simo Sorce, DE @ RHEL Crypto Team, Red Hat, Inc _______________________________________________ jose mailing list jose@ietf.org https://www.ietf.org/mailman/listinfo/jose
