- From: Daniel Burnett <danielcburnett@gmail.com>
- Date: Tue, 19 Jul 2016 10:10:12 -0400
- To: Timothy Holborn <timothy.holborn@gmail.com>
- Cc: Manu Sporny <msporny@digitalbazaar.com>, W3C Credentials Community Group <public-credentials@w3.org>, Dave Crocker <dcrocker@bbiw.net>, "=Drummond Reed" <drummond@respect.network>, Les Chasen <les@respect.network>, Joe Andrieu <joe@andrieu.net>, Web Payments CG <public-webpayments@w3.org>
- Message-ID: <CA+EnjbKdJCoL5NQFeCGenetTkqNNReNgcuMYNaq_mTQNhS9Jjw@mail.gmail.com>
Yep, crypto-nerds in the IETF are watching these developments as well. It would be more complete for me to say that the IETF is strongly recommending the default use of stronger algorithms where feasible and widely available (which today means the elliptic-curve algorithms with non-trivial key sizes and in the near future may mean post-quantum algorithms). At the moment in the VC work we are not making any recommendations regarding signature key strength, but we can at least show the use of stronger (but still common) algorithms in our examples. As recommendations change we can update accordingly. And now I will step aside and let the crypto-experts on our list respond if they wish -- I'm definitely *not* an expert. -- dan On Tue, Jul 19, 2016 at 9:54 AM, Timothy Holborn <timothy.holborn@gmail.com> wrote: > > > On Tue, 19 Jul 2016 at 23:24 Daniel Burnett <danielcburnett@gmail.com> > wrote: > >> By the way, you should also consider changing the example to use "ES256" >> rather than "RS256". The IETF is strongly encouraging use of EC-based >> algorithms whenever possible, particularly in examples that may get >> copy-pasted or otherwise used by novices as a template. >> >> https://en.wikipedia.org/wiki/Post-quantum_cryptography ?? > >> -- dan >> >> >> On Tue, Jul 19, 2016 at 8:33 AM, Daniel Burnett <danielcburnett@gmail.com >> > wrote: >> >>> Manu, you appear to have updated the data-model spec (example 4 in [1]) >>> with a new JWT. Can you please also provide the public key corresponding >>> to the private key you used to generate it? >>> >>> -- dan >>> >>> On Mon, Jul 18, 2016 at 4:38 PM, Manu Sporny <msporny@digitalbazaar.com> >>> wrote: >>> >>>> Hi all, >>>> >>>> We have a Verifiable Claims Task Force call tomorrow to work on next >>>> steps identified during the call last week. Namely, putting together an >>>> agenda for our first face-to-face meeting and identifying >>>> overlap/concerns between JOSE JWT and the work we're doing here. >>>> >>>> The meeting is open to the general public. There are no Intellectual >>>> Property Release requirements. The call will be recorded and minuted to >>>> ensure we're capturing everyone's concerns properly. >>>> >>>> If you want to add anything to or modify the proposed agenda below, >>>> please respond via the mailing list or make a note of it at the >>>> beginning of the call. If your organization would not like the call to >>>> be recorded, let me know and we'll disable the audio recording. >>>> >>>> ========== >>>> Tuesday, July 19th 2016 >>>> Time: 11am Boston >>>> Text Chat: http://tinyurl.com/w3c-vctf >>>> irc://irc.w3.org:6665/#vctf >>>> Voice: sip:vctf@96.89.14.196 >>>> tel:+1-540-961-4469;ext=6306 (extension 6306) >>>> Duration: 60 minutes >>>> Scribes: DanB, Nate, Brian, ShaneM, Longley, Gregg >>>> ========== >>>> >>>> Proposed Agenda >>>> --------------- >>>> >>>> 1. Review All Dissenting Opinions (now public)[1] >>>> 2. JOSE / JWT Clarification/Analysis[2] >>>> 3. VCWG Face-to-Face Agenda[3] >>>> 4. AOB? >>>> >>>> -- manu >>>> >>>> [1] >>>> https://docs.google.com/document/d/1uYDRcHs_EOpJzezJerKnKT4Grni1sFLX2nRp7zlq2BE/edit >>>> [2] >>>> http://opencreds.org/specs/source/claims-data-model/#expressing-entity-credentials-in-json >>>> [3] >>>> https://docs.google.com/document/d/1uYDRcHs_EOpJzezJerKnKT4Grni1sFLX2nRp7zlq2BE/edit >>>> >>>> -- >>>> Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) >>>> Founder/CEO - Digital Bazaar, Inc. >>>> blog: The Web Browser API Incubation Anti-Pattern >>>> http://manu.sporny.org/2016/browser-api-incubation-antipattern/ >>>> >>>> >>> >>
Received on Tuesday, 19 July 2016 14:10:45 UTC