- From: Orie Steele <orie@transmute.industries>
- Date: Tue, 24 May 2022 09:40:36 -0500
- To: Manu Sporny <msporny@digitalbazaar.com>
- Cc: W3C Credentials CG <public-credentials@w3.org>
- Message-ID: <CAN8C-_JyPQ7y8LSmUKqcQY28MGZj286uXqKwNJFgJiHJ8ZoPzg@mail.gmail.com>
Yes, I stumbled on that as well. This is my favorite part: > NIST P-256 is the go-to curve to use with ECDSA in the modern era. Unlike Ed25519, P-256 uses a prime-order group, and is an approved algorithm to use in FIPS-validated modules. And then later, when you realize that hardware support Ed25519 and Secp256k1 sucks... and that P-256 is everywhere because its listed as recommended here: https://www.iana.org/assignments/jose/jose.xhtml#web-key-elliptic-curve Anyone know how many days it's been since W3C resolved the DID Core formal objection? OS On Tue, May 24, 2022 at 8:19 AM Manu Sporny <msporny@digitalbazaar.com> wrote: > I found this blog post useful for the upcoming VC2WG cryptosuite work: > > Guidance for Choosing an Elliptic Curve Signature Algorithm in 2022 > > > https://soatok.blog/2022/05/19/guidance-for-choosing-an-elliptic-curve-signature-algorithm-in-2022/ > > It suggests updates to the SafeCurves website: > > https://safecurves.cr.yp.to/ > > ... and does a fairly good job of boiling down the choices and > misinterpretations in the space. > > Bonus points because it also included a link to this undiscovered gem: > > https://www.howmanydayssinceajwtalgnonevuln.com/ > > Worth a read for those of us that are thinking about good cryptosuite > choices > for VCs in 2022. > > -- manu > > -- > Manu Sporny - https://www.linkedin.com/in/manusporny/ > Founder/CEO - Digital Bazaar, Inc. > News: Digital Bazaar Announces New Case Studies (2021) > https://www.digitalbazaar.com/ > > > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
Received on Tuesday, 24 May 2022 14:41:01 UTC