[COSE] Feedback on draft-ietf-cose-webauthn-algorithms-00
Matt Palmer <mpalmer@hezmatt.org> Fri, 24 May 2019 08:10 UTC
Return-Path: <mpalmer@hezmatt.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10BA61200D5 for <cose@ietfa.amsl.com>; Fri, 24 May 2019 01:10:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HzDlPr0-IwWN for <cose@ietfa.amsl.com>; Fri, 24 May 2019 01:09:57 -0700 (PDT)
Received: from mail.hezmatt.org (erdhenne.tobermorytech.com [178.63.85.14]) by ietfa.amsl.com (Postfix) with ESMTP id B36281200B7 for <cose@ietf.org>; Fri, 24 May 2019 01:09:57 -0700 (PDT)
Received: from mistress.home.hezmatt.org (2001-44b8-510e-8600-5c0c-75fc-ff42-0a4a.static.ipv6.internode.on.net [IPv6:2001:44b8:510e:8600:5c0c:75fc:ff42:a4a]) by mail.hezmatt.org (Postfix) with ESMTPSA id A36A316D839 for <cose@ietf.org>; Fri, 24 May 2019 08:09:55 +0000 (UTC)
Received: by mistress.home.hezmatt.org (Postfix, from userid 1000) id 66139B694C; Fri, 24 May 2019 18:09:47 +1000 (AEST)
Date: Fri, 24 May 2019 18:09:47 +1000
From: Matt Palmer <mpalmer@hezmatt.org>
To: cose@ietf.org
Message-ID: <20190524080947.3i2dwqmtpt4kk2ty@hezmatt.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
User-Agent: NeoMutt/20170113 (1.7.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/ggW700xoPm79E_hODE5R1AuXDv0>
Subject: [COSE] Feedback on draft-ietf-cose-webauthn-algorithms-00
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 24 May 2019 08:10:00 -0000
I'm looking to implement support for sec256k1 in a JWS library. The specifications for the NIST curves in RFC7518 are all of the form "ECDSA using <curve> and <hash alg>", which makes it very obvious what's going on. However, the definitions in this draft don't make mention of the hash algorithm to be used. My vague understanding is that the hash algorithm used for ECDSA should be equal in size with the curve used, so my assumption is that these signatures are using SHA-256, however I think it would be extremely useful if that were made explicit in the specification, to prevent any possible confusion. Thanks, - Matt