search

w3c / vc-di-ecdsa

Data Integrity specification for ECDSA using NIST-compliant curves
https://w3c.github.io/vc-di-ecdsa/
Other
9 stars 9 forks source link

Remove `proofValue` MUST be a detached ECDSA normative statement #15

Closed JSAssassin closed 11 months ago

JSAssassin commented 11 months ago

https://github.com/w3c/vc-di-ecdsa/blob/main/index.html#L409-L410

TallTed commented 11 months ago

I think this is what you're referring to --

          <p>
The `proofValue` property of the proof MUST be a detached ECDSA
produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using
the base58-btc base encoding.
          </p>

Are you asking that this entire paragraph be deleted? Can you provide a reason for this?

JSAssassin commented 11 months ago

@TallTed, not the entire paragraph but the statement "The proofValue property of the proof MUST be a detached ECDSA produced according to [[FIPS-186-5]]". @msporny suggested raising this issue since he thinks that the statement is probably unnecessary.

TallTed commented 11 months ago

@JSAssassin — So are you suggesting that the paragraph should be reduced to the following, by deleting the entire "statement" you've quoted?

          <p>
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
          </p>

Or the following, which removes only the phrase, a detached ECDSA produced according to [[FIPS-186-5]], which appears to be the salient portion of that quoted "statement"?

          <p>
The `proofValue` property of the proof MUST be
encoded according to [[MULTIBASE]] using the base58-btc base encoding.
          </p>
JSAssassin commented 11 months ago

@TallTed Sorry for the confusion. The second option is what I am suggesting. The phrase a detached ECDSA produced according to [[FIPS-186-5]] can be removed, leaving the paragraph with the text: TheproofValueproperty of the proof MUST be encoded according to [[MULTIBASE]] using the base58-btc base encoding.

dlongley commented 11 months ago

Perhaps the statement should just remove "detached":

The proofValue property of the proof MUST be an ECDSA signature produced according to [[FIPS-186-5]], encoded according to [[MULTIBASE]] using the base58-btc base encoding.

This may also be insufficient since FIPS-186-5 just says to output the r and s components. What we really want to say (if we want to be extra clear), is that the IEEE P1363 format is used for the signature and then it is encoded using the multibase base58-btc base encoding. We can perhaps reuse some language or references mentioned in this MDN docs article around producing an ECDSA signature using Web Crypto, which uses the same (and most commonly used) format as we do here:

https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/sign#ecdsa

We could also leave this to tests to confirm if that's more appropriate. Here's all the Web Crypto spec has to say: https://www.w3.org/TR/WebCryptoAPI/#ecdsa-description

As another example, the http signatures talks about the concatenation of r and s here: https://www.ietf.org/archive/id/draft-ietf-httpbis-message-signatures-17.html#section-3.3.4

The signature algorithm returns two integer values, r and s. These are both encoded as big-endian unsigned integers, zero-padded to 32-octets each. These encoded values are concatenated into a single 64-octet array consisting of the encoded value of r followed by the encoded value of s.

msporny commented 11 months ago

PR #18 has been merged to address this issue. Closing.