Re: PR for playground from Tony Arcieri on 2017-03-24 (public-webpayments-ig@w3.org from March 2017)

From: Tony Arcieri <bascule@gmail.com>
Date: Fri, 24 Mar 2017 15:11:05 -0700
To: Kim Hamilton <kimdhamilton@gmail.com>
Cc: "public-webpayments-ig@w3.org" <public-webpayments-ig@w3.org>
Message-ID: <CAHOTMVKh2662UyPgSuvSMiJNmp1FdDamZED_Z4RkS0+8A3=BBg@mail.gmail.com>

I'm sorry if this is a sidebar in this issue, but is there a particular
reason why you're using Koblitz signatures and, perhaps more concerning,
why you're using ECDSA?

The CFRG has selected Ed25519 (RFC 8032) as the next-generation high
security curve. If performance is the concern, more modern alternatives
like FourQ will exceed e.g. secp256k1's performance.

The only reason to choose secp256k1 (I assume?) today is compatibility with
Bitcoin. But that's less concerning than this: New protocols should NOT be
using ECDSA. ECDSA has repeatedly failed in practice, has many failure
modes modern signature schemes are not vulnerable to, and now that the
Schnorr patents have expired is completely obsolete.

-- 
Tony Arcieri

Received on Friday, 24 March 2017 22:11:58 UTC