-
Notifications
You must be signed in to change notification settings - Fork 15
update crypto suites to require at least ECDSA w/ P-256 and SHA-256 #295
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation
…256 for verifying signed artificats
…y ecosystems; just additional ones
Co-authored-by: Jan Vereecken <ciao@janvereecken.com>
|
|
||
| The hash algorithm SHA-256 MUST be supported by all the entities to generate and validate the digests in the IETF SD-JWT VC and ISO mdoc. | ||
|
|
||
| Although support for the above algorithm is mandatory, an Issuer, Verifier, or Wallet MAY reject a particular hashing algorithm or the corresponding protected artifact if there are reasonable security, privacy, or policy concerns (e.g., suspected compromise or non-compliance). Such decisions are out of scope of the algorithm requirements but can be necessary in real-world deployments. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think these requirements should apply to Crypto Suites section too? reads like they apply only to Hash Algorithms section?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We have the same section in both places. I suggest to refactor the sections and structure on crypto suites/hashing algorithms once this PR got merged. I don't think the current structure is great. IMO, most of the requirements should go into the specific flows and/or credential formats sections instead of having dedicated crypto suite and hashing algorithm sections. We did the same thing for ECDH-ES with P-256 and A128GCM for instance.
This follow up PR would be fully editorial and can be done during the review period for this reason.
Co-authored-by: Jan Vereecken <ciao@janvereecken.com>
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
Co-authored-by: Oliver Terbu <oliver.terbu@mattr.global>
Uh oh!
There was an error while loading. Please reload this page.