Complete update to RSA Signature Suite spec

[kimdhamilton]

~@msporny I can help with this~ Narrator: she didn’t Let’s get a new volunteer or assign to someone Manu delegates

^ @ChristopherA

[ChristopherA]

Almost a year later — what is the status on this spec? If no progress or report, we will close this work item in 30 days.

[Cahl-Dee]

Factom Inc is willing to allocate resources to support this effort. This is critical for our implementation within Android mobile apps as the secure enclave on Android, known as Hardware-backed Keystore, does not support ED25519 which we typically use and therefore have chosen to go with RSA.

Supported key types ref.

Since this issue is within the CCG Github org, I believe the scope is with regard to the RSA section of the Linked Data Cryptographic Suite Registry. Is that correct?

I would like to confirm since on the call the DVCG GitHub org was brought to my attention and I'm seeing an RSA Signature Suite 2018 there. I'd go as far as to suggest that this issue cover the consolidation of the two.

[msporny]

Factom Inc is willing to allocate resources to support this effort.

Digital Bazaar is willing and happy to support Factom in this effort. We can answer any questions that you may have when updating this specification.

[ChristopherA]

@Cahl-Dee @msporny — can we get update on the status of this work item? Any ETA?

[msporny]

@Cahl-Dee has left Factom, and I'm slammed w/ DID WG and SDS WG work. I don't expect this stuff to move forward in at least the next 3 months.

[OR13]

Recommend archiving / marking as deprecated and pointing to https://github.com/w3c-ccg/lds-jws2020

[OR13]

I have added a readme / warning / archived:

https://github.com/w3c-ccg/lds-rsa2018

I suggest closing this issue.

[msporny]

Recommend archiving / marking as deprecated and pointing to https://github.com/w3c-ccg/lds-jws2020

If we're going to do this, I have deep concerns around how JWS2020 is planning on being used (to express private keys in DID Documents, too much variability, etc.). Just noting this as I've been avoiding having that discussion to date to let the suite get a bit further... but if we're at the point where we need to debate some of the security implications of lds-jws2020, we should put aside some telcon time to do it.

[OR13]

@msporny

If there is an active RSA only suite which we can point to that does not support the other JWK/JWS/JWE stuff, that would 100% be better to point to....its my understanding that there is not one.

Yes, we should have a call to sync on it... especially regarding support for JWE, which seems to be a clear driving force for alignment with JOSE in DIDComm and Encrypted Data Vaults...

I know at least these folks have some experience with this topic @troyronda @kdenhartog, @tplooker and @kimdhamilton @csuwildcat @selfissued

Maybe it would be wise for us to take some time to debate this on an upcoming CCG call?

[kimdhamilton]

Recommend closing this and open new issue to track Manu's concern.

[OR13]

Agree, issues should track work that we believe will happen, and focus on enabling community members to take that action.

This seems like a feature request for RSASignature2020... suite that uses RSA but not JOSE.

I'd rather see that as a separate issue.

[kimdhamilton]

Discussion will happen in a DID special topic call -- is it for legacy, etc? Next week. Outcome will be made public, and we can discuss here

[kimdhamilton]

8/11: any remaining thing we're tracking here? It's been 2 years. I'd like to close this.

[kimdhamilton]

per 8/11 discussion, we'll close this. Please create a new, more specific issue if any concerns above were not addressed.