Closed JSAssassin closed 11 months ago
I think this is what you're referring to --
<p>
The `proofValue` property of the proof MUST be a detached ECDSA
produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using
the base58-btc base encoding.
</p>
Are you asking that this entire paragraph be deleted? Can you provide a reason for this?
@TallTed, not the entire paragraph but the statement "The proofValue property of the proof MUST be a detached ECDSA produced according to [[FIPS-186-5]]". @msporny suggested raising this issue since he thinks that the statement is probably unnecessary.
@JSAssassin — So are you suggesting that the paragraph should be reduced to the following, by deleting the entire "statement" you've quoted?
<p>
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
</p>
Or the following, which removes only the phrase, a detached ECDSA produced according to [[FIPS-186-5]]
, which appears to be the salient portion of that quoted "statement"?
<p>
The `proofValue` property of the proof MUST be
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
</p>
@TallTed Sorry for the confusion. The second option is what I am suggesting. The phrase a detached ECDSA produced according to [[FIPS-186-5]]
can be removed, leaving the paragraph with the text:
The
proofValueproperty of the proof MUST be encoded according to [[MULTIBASE]] using the base58-btc base encoding.
Perhaps the statement should just remove "detached":
The
proofValue
property of the proof MUST be an ECDSA signature produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using the base58-btc base encoding.
This may also be insufficient since FIPS-186-5 just says to output the r
and s
components. What we really want to say (if we want to be extra clear), is that the IEEE P1363 format is used for the signature and then it is encoded using the multibase base58-btc base encoding. We can perhaps reuse some language or references mentioned in this MDN docs article around producing an ECDSA signature using Web Crypto, which uses the same (and most commonly used) format as we do here:
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa
We could also leave this to tests to confirm if that's more appropriate. Here's all the Web Crypto spec has to say: https://www.w3.org/TR/WebCryptoAPI/#ecdsa-description
As another example, the http signatures talks about the concatenation of r
and s
here:
https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html#section-3.3.4
The signature algorithm returns two integer values,
r
ands
. These are both encoded as big-endian unsigned integers, zero-padded to 32-octets each. These encoded values are concatenated into a single 64-octet array consisting of the encoded value ofr
followed by the encoded value ofs
.
PR #18 has been merged to address this issue. Closing.
https://github.com/w3c/vc-di-ecdsa/blob/main/index.html#L409-L410