Closed iherman closed 2 months ago
I support the suggested changes, with a few minor tweaks --
When the RDF Dataset Canonicalization Algorithm (RDFC-1.0) [RDF-CANON] is used with ECDSA algorithms, the choice of cryptographic hashing function used by RDFC-1.0 MUST be based on the size of the associated public key. For P-256 keys, SHA-2 with 256 bits of output (which is the RDFC-1.0 default) MUST be used. For P-384 keys, SHA-2 with 384-bits of output MUST be used.
It might be good to change the last bit to something like MUST be used, by taking xyz action
that says how to not accept the default.
Ok @TallTed, I understand. Note however, that the xyz
has to be intentionally vague, because it is implementation dependent.
PR follows, where the final formulation can be worked out.
@TallTed see #70.
This issue can be closed if and when #70 gets merged.
PR #70 has been merged, closing.
Forgive me if I will sound very picky...
§3. Algorithms contains this paragraph:
(Emphasis is mine).
Which is o.k., the RDFC reference to SHA makes it indeed possible. What it says is:
So, if I use ecdsa with P-256, I do not "pass on" anything whatsoever, I use the default RDFC behavior. It is only when I use P-384 that I have to use the hash function parameter of RDFC (and the details on how I have to do that is implementation dependent).
Isn't it better to say something more "neutral", like