- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 22 Mar 2013 10:31:29 -0400
- To: Web Payments <public-webpayments@w3.org>
On 03/22/2013 09:04 AM, Melvin Carvalho wrote: > I've noticed that both payswarm and webid seem to be RSA public key > oriented. PaySwarm is PKI oriented, not particularly tied to RSA. It is true that the current implementation uses RSA w/ SHA256, but that can be swapped out at any point (as long as both the sender and receiver can agree on a different encryption mechanism). The spec is the document that states which encryption/cipher schemes must be supported. At the moment it's RSA-SHA256 and AES-128-CBC. > I've put in a patch to the webid ontology so that we can model both > DSA and RSA keys I've always thought that directly expressing the key parameters was a weakness of WebID. We lobbied in the early days to just use PEM notation. While the WebID/RSA model is more explicit, it makes implementers have to do more work than is necessary. It also unnecessarily ties WebID to a particular crypto implementation. > Is this already built in to web keys via the PEM notation, or is it > something that might be added? You're right. ECDSA can already be implemented in Web Keys because we use PEM notation. PEM keys are also easier to copy/transport because they're opaque blobs of information that can be copy/pasted. For example, if I asked you to copy the key on this page to some other page: https://dev.payswarm.com/i/manu/keys/4 ... you don't need to know anything about cryptography to understand where you should probably start copying, and where you should stop. Couple that with just about every popular crypto library supporting PEM/ASN.1 for key input/output and there is really no compelling reason to encode the parameters at a finer granularity in a web page. Short answer: Yes, PaySwarm and Web Keys can support ECDSA (and can support any future PEM-based format without requiring a change to the Web Keys or PaySwarm specs). Note: There are a number of active patents around ECDSA, which is why we steered clear of it. -- manu -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) President/CEO - Digital Bazaar, Inc. blog: Aaron Swartz, PaySwarm, and Academic Journals http://manu.sporny.org/2013/payswarm-journals/
Received on Friday, 22 March 2013 14:31:57 UTC