Usage of `EdDSA` algorithm

[ankurdotb]

Context

In the specifications

The VC JWT specification states the alg property should be defined as the algorithm used. VC Data Model states similar things:

alg MUST be set for digital signatures. If only the proof property is needed for the chosen signature method (that is, if there is no choice of algorithm within that method), the alg header MUST be set to none.

Both of the specifications refer to RFC 7515 - JSON Web Signatures and RFC 7519 - JSON Web Tokens. Neither one of them mentions RFC 7518 - JSON Web Algorithms, which the JWT/JWS RFCs rely on.

In did-jwt library

The did-jwt library provides two Signer methods: ES256KSigner and EdDSASigner.

ES256K is a recognised JSON Web Algorithm. According to the RFC 7518 specification, however, EdDSA is not a recognised/allowed property for alg.

Discussion

1. Is my interpretation correct, i.e., the alg property should only be set to alg values referenced in RFC 7518?
2. Is the did-jwt implementation, therefore, incorrect when using the EdDSASigner because of its non-standard usage?
3. Should the VC JWT specification elaborate on the alg property and specifically, defer to RFC 7518?
4. Despite RFC 7518, should we allow/disallow non-standard values for alg in VC JWT? A lot of DID methods use Ed25519 keys.

PS - I may have gotten something wrong in my interpretation of the RFCs and would be happy to be corrected if the above are false.

[OR13]

The VC Data Model does not require IANA registries for alg (and neither do the RFCs).

The registries are to recognize algorithms that people wanted interop on.

• https://www.iana.org/assignments/jwt/jwt.xhtml
• https://www.iana.org/assignments/jose/jose.xhtml

It is technically legal for you to make up a new string and start using it... but no off the shelf library will understand it... this is similar to how no libraries understand data integrity proof cryptosuites today... maybe they will in the future.