Closed ankurdotb closed 1 year ago
The VC Data Model does not require IANA registries for alg (and neither do the RFCs).
The registries are to recognize algorithms that people wanted interop on.
It is technically legal for you to make up a new string and start using it... but no off the shelf library will understand it... this is similar to how no libraries understand data integrity proof cryptosuites today... maybe they will in the future.
Context
In the specifications
The VC JWT specification states the
alg
property should be defined as the algorithm used. VC Data Model states similar things:Both of the specifications refer to RFC 7515 - JSON Web Signatures and RFC 7519 - JSON Web Tokens. Neither one of them mentions RFC 7518 - JSON Web Algorithms, which the JWT/JWS RFCs rely on.
In
did-jwt
libraryThe
did-jwt
library provides two Signer methods:ES256KSigner
andEdDSASigner
.ES256K
is a recognised JSON Web Algorithm. According to the RFC 7518 specification, however,EdDSA
is not a recognised/allowed property foralg
.Discussion
alg
property should only be set toalg
values referenced in RFC 7518?did-jwt
implementation, therefore, incorrect when using theEdDSASigner
because of its non-standard usage?alg
property and specifically, defer to RFC 7518?alg
in VC JWT? A lot of DID methods use Ed25519 keys.PS - I may have gotten something wrong in my interpretation of the RFCs and would be happy to be corrected if the above are false.