Open emanjon opened 1 year ago
I still support this idea : )
How hard would it be to add this?
Seems we need to register an "alg" and define the structure of the signature.
Similar to https://www.rfc-editor.org/rfc/rfc8812.html#name-ecdsa-signature-with-secp25
@emanjon any proposals for the "alg" name?
... "BLS12" ?
Assuming it is possible, I can generate some test vectors from https://github.com/paulmillr/noble-bls12-381
@tplooker, should we discuss this at IETF 119?
As discussed at IETF 116 there are several reasons to also register a signature algorithm. BLS signatures do not have to be used with aggregations. They can also be used as a replacement for ordinary ECDSA signatures. The benefit with a BLS12-381 signatures are that they are 48 bytes instead of the 64 bytes for ECDSA and EdDSA. This would be a nice addition to COSE.
Other people agreed and stated that registering a signature should be done just to make the document complete and useful in it self.
One use case for 48 bytes BLS12-381 signatures is Group OSCORE. With 48 bytes signatures you could in quite many cases get away with sending one frame less which is a big win.