search

w3c / vc-di-ecdsa

Data Integrity specification for ECDSA using NIST-compliant curves
https://w3c.github.io/vc-di-ecdsa/
Other
9 stars 9 forks source link

[Editorial] Making the RCH hash function reference more explicit #69

Closed iherman closed 2 months ago

iherman commented 2 months ago

Forgive me if I will sound very picky...

§3. Algorithms contains this paragraph:

When the RDF Dataset Canonicalization Algorithm [RDF-CANON] is used with ECDSA algorithms, the cryptographic hashing function that is passed to the algorithm MUST be determined by the size of the associated public key. For P-256 keys, SHA-2 with 256 bits of output is utilized. For P-384 keys, SHA-2 with 384-bits of output is utilized.

(Emphasis is mine).

Which is o.k., the RDFC reference to SHA makes it indeed possible. What it says is:

The default hash algorithm used by RDFC-1.0, namely, SHA-256 [FIPS-180-4].

Implementations MUST support a parameter to define the hash algorithm, MUST support SHA-256 and SHA-384 [FIPS-180-4], and SHOULD support the ability to specify other hash algorithms.

So, if I use ecdsa with P-256, I do not "pass on" anything whatsoever, I use the default RDFC behavior. It is only when I use P-384 that I have to use the hash function parameter of RDFC (and the details on how I have to do that is implementation dependent).

Isn't it better to say something more "neutral", like

When the RDF Dataset Canonicalization Algorithm (RDFC-1.0) [RDF-CANON] is used with ECDSA algorithms, the cryptographic hashing function used by RDFC-1.0 MUST depend on the size of the associated public key. For P-256 keys, the SHA-2 with 256 bits of output MUST be utilized, which is the default. For P-384 keys, SHA-2 with 384-bits of output MUST be utilized.

TallTed commented 2 months ago

I support the suggested changes, with a few minor tweaks --

When the RDF Dataset Canonicalization Algorithm (RDFC-1.0) [RDF-CANON] is used with ECDSA algorithms, the choice of cryptographic hashing function used by RDFC-1.0 MUST be based on the size of the associated public key. For P-256 keys, SHA-2 with 256 bits of output (which is the RDFC-1.0 default) MUST be used. For P-384 keys, SHA-2 with 384-bits of output MUST be used.

It might be good to change the last bit to something like MUST be used, by taking xyz action that says how to not accept the default.

iherman commented 2 months ago

Ok @TallTed, I understand. Note however, that the xyz has to be intentionally vague, because it is implementation dependent.

PR follows, where the final formulation can be worked out.

iherman commented 2 months ago

@TallTed see #70.

This issue can be closed if and when #70 gets merged.

msporny commented 2 months ago

PR #70 has been merged, closing.