This PR addresses issue https://github.com/w3c/vc-di-ecdsa/issues/28. To require that the deterministic ECDSA algorithm SHOULD be used. Previously we just had that the ECDSA algorithm MUST be used without explicitly pointing out the security advantages of the deterministic variant.
In the security considerations section has been slightly extended to offer a reason why, in some situations, one might not want to use the deterministic variant. This section already explains why in most cases one should use the deterministic variant.
Note that the security considerations section already points out that verification of signatures is the same for both variants.
This PR addresses issue https://github.com/w3c/vc-di-ecdsa/issues/28. To require that the deterministic ECDSA algorithm SHOULD be used. Previously we just had that the ECDSA algorithm MUST be used without explicitly pointing out the security advantages of the deterministic variant.
In the security considerations section has been slightly extended to offer a reason why, in some situations, one might not want to use the deterministic variant. This section already explains why in most cases one should use the deterministic variant.
Note that the security considerations section already points out that verification of signatures is the same for both variants.
Preview | Diff