-
Notifications
You must be signed in to change notification settings - Fork 97
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add Security Consideration to avoid key reuse #1284
Comments
We should also reference this paper in the guidance: https://eprint.iacr.org/2021/509 |
Hrm, turns out that we do provide this guidance in the ECDSA Cryptosuite, so perhaps we should move that guidance to the main Data Integrity spec: https://www.w3.org/TR/2023/WD-vc-di-ecdsa-20230817/#key-management |
I added that section, based on NIST and general recommendations. It is very general. So moving it to Data Integrity sounds good and avoids repetition in EdDSA, and future specs. |
I'd even suggest pushing up to the vc-data-model spec. While this issue is more commonly encountered in data-integrity formats from did:key it's an issue that re-applies across the entire space. |
Agreed, this belongs in the vc-data-model as a general consideration regarding key re-use in any securing mechanism. |
PR #1323 has been merged, closing. |
From the PING's review (w3cping/privacy-request#120):
/cc @kdenhartog
The text was updated successfully, but these errors were encountered: