Re: Ed25519 Signature 2018

On 05/07/2018 02:38 PM, Vaneev Bogdan wrote:
>> Vaneev, do you really want to use SHA-3 given the above? If so,
>> you can still proceed, but given that Iroha also supports SHA-2,
>> and that there are people that doubt SHA-3's advantages over SHA-2,
>> why don't you just use the SHA-2 version and not create a split in
>> the signature suite?
> 
> Yes, I will use ED25519+SHA3 anyway.

That's unfortunate -- you're raising the implementation and
interoperability burden for all of us by doing so. Can you please
explain your reasoning for doing so?

You can go ahead either way, as the crypto suites are designed to also
prevent cabals of security/implementer folks from blocking implementers
from making progress.

> I am thinking about Ed25519SHA3Signature2018 name for the cipher 
> suite.

If you are going to go down this path, which I hope you won't, I suggest
you do "Ed25519Sha3Signature2018". Keep in mind that you also need to
specify the URL in the JSON-LD context you'll be using, so something
like this would do for now:

https://soramitsu.co.jp/vocabs/security#Ed25519Sha3Signature2018

The spec you're creating would need to go through community review if
you want to get Ed25519Sha3Signature2018 into the
https://w3id.org/security vocabulary... and I expect that will result in
the same sort of push back you're seeing here.

That said, you don't have to go through community review and you can put
this spec together of your own accord, on your website. That's one of
the good things about LD Signature Suites... you can make progress even
if others disagree with what you are doing. :)

-- manu

-- 
Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny)
Founder/CEO - Digital Bazaar, Inc.
blog: Veres One Decentralized Identifier Blockchain Launches
https://tinyurl.com/veres-one-launches

Received on Monday, 7 May 2018 19:01:45 UTC