Conditional Normative Specifications table items

[iherman]

The current charter includes a table, in §2.2, labeled as "Conditional Normative Specifications". This includes a table listing four items:

1. PGP Cryptosuite
2. BBS+ Cryptosuite
3. Verifiable Credential Protection Using JWPs
4. Koblitz ECDSA Recovery Cryptosuite

I have removed item (2) because it is part of the normative deliverables list now. However

• Isn't it correct that item (4) should also be removed because that is our ECDSA spec?
• Does the Jose-Cose spec cover item (3) and, therefore, should also be removed, or is it something different?

@msporny @brentzundel

[msporny]

Isn't it correct that item (4) should also be removed because that is our ECDSA spec?

No, Koblitz (secp256k1) isn't the same as (secp256r1). The former does not have FIPS approved cryptography modules for it (IIRC), while the latter does and is supported by many nation states in their cryptographic modules programs.

Does the Jose-Cose spec cover item (3) and, therefore, should also be removed, or is it something different?

No, bringing JWP in scope for JOSE-COSE would prevent it from going to REC at any point in the near future. Even having SD-JWT in there is a stretch to have done at IETF by September/November timeframe.

[brentzundel]

I agree with Manu.

[iherman]

Ok. So I did the right thing keeping these. Closing the issue...