Re: RSA/DSA Public Keys and Payments from Melvin Carvalho on 2013-03-22 (public-webpayments@w3.org from March 2013)

From: Melvin Carvalho <melvincarvalho@gmail.com>
Date: Fri, 22 Mar 2013 15:41:12 +0100
To: Manu Sporny <msporny@digitalbazaar.com>
Cc: Web Payments <public-webpayments@w3.org>
Message-ID: <CAKaEYh+gW25o_B0=-wSGM9MC3p0ydd=4sBnuAEMuWTuLE7XDhw@mail.gmail.com>

On 22 March 2013 15:31, Manu Sporny <msporny@digitalbazaar.com> wrote:

> On 03/22/2013 09:04 AM, Melvin Carvalho wrote:
> > I've noticed that both payswarm and webid seem to be RSA public key
> > oriented.
>
> PaySwarm is PKI oriented, not particularly tied to RSA. It is true that
> the current implementation uses RSA w/ SHA256, but that can be swapped
> out at any point (as long as both the sender and receiver can agree on a
> different encryption mechanism). The spec is the document that states
> which encryption/cipher schemes must be supported. At the moment it's
> RSA-SHA256 and AES-128-CBC.
>

Great!


>
> > I've put in a patch to the webid ontology so that we can model both
> > DSA and RSA keys
>
> I've always thought that directly expressing the key parameters was a
> weakness of WebID. We lobbied in the early days to just use PEM
> notation. While the WebID/RSA model is more explicit, it makes
> implementers have to do more work than is necessary. It also
> unnecessarily ties WebID to a particular crypto implementation.
>

I can see both sides of this.  PEM is developer friendly to an extent, tho
the modulus/exponent are mathematically (and semantically) slightly purer
to some.  With DSA we've used the ( x/y, g, p, n ) notation.  WebID is not
tied to anything in particular, it's just that DSA was missing from the
ontology, so that's now being added.


>
> > Is this already built in to web keys via the PEM notation, or is it
> > something that might be added?
>
> You're right. ECDSA can already be implemented in Web Keys because we
> use PEM notation. PEM keys are also easier to copy/transport because
> they're opaque blobs of information that can be copy/pasted. For
> example, if I asked you to copy the key on this page to some other page:
>
> https://dev.payswarm.com/i/manu/keys/4
>
> ... you don't need to know anything about cryptography to understand
> where you should probably start copying, and where you should stop.
> Couple that with just about every popular crypto library supporting
> PEM/ASN.1 for key input/output and there is really no compelling reason
> to encode the parameters at a finer granularity in a web page.
>

Ah, that's good


>
> Short answer: Yes, PaySwarm and Web Keys can support ECDSA (and can
> support any future PEM-based format without requiring a change to the
> Web Keys or PaySwarm specs).
>
> Note: There are a number of active patents around ECDSA, which is why we
> steered clear of it.
>

IANAL, I believe there are some claims on EC implementations (rather than
the mathematics).

ECDSA is fundamental to the bitcoin and ripple communities, and to the best
of my knowledge, the expert consensus is that they are considered safe.

One note about DSA is that it's designed to sign rather than encrypt (tho
there's workarounds), RSA is designed to do both.



>
> -- manu
>
> --
> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
> President/CEO - Digital Bazaar, Inc.
> blog: Aaron Swartz, PaySwarm, and Academic Journals
> http://manu.sporny.org/2013/payswarm-journals/
>
>

Received on Friday, 22 March 2013 14:41:41 UTC