Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify ES256K / ES256K-R Documentation #62

Closed
OR13 opened this issue Sep 16, 2019 · 4 comments
Closed

Clarify ES256K / ES256K-R Documentation #62

OR13 opened this issue Sep 16, 2019 · 4 comments
Labels
stale

Comments

@OR13
Copy link

OR13 commented Sep 16, 2019

Is your feature request related to a problem? Please describe.

ES256K is a draft:

ES256K-R is not well defined (outside of the documentation in this repo).

Describe the solution you'd like

We should define ES256K-R sufficient for alternative implementations in other languages.

We should clarify how ecrecover is used, and provide support for people who want to use ethereumAddresses with ES256K (fully document how to do this).

We should submit this documentation to ietf, and push for it to be added to JOSE, and be very clear about the status of our draft request (Not Supported, Pending Review, Accepted)... This will help developers avoid disappointment related to interoperability.

Describe alternatives you've considered

Supports ES256K, but nothing supports ethereum addresses like this library does. Thats why its so important we formalize what is happening here.

Additional context

There have been many threads related to this, I will try and add as many as I know here:
@OR13
Copy link
Author

OR13 commented Sep 16, 2019

I propose the following:

  1. We add support for ethereumAddress to DID Context (its not usable at all without doing this).
  2. We clarify what is custom crypto, and what is ietf draft or JOSE compliant
  3. We formalize a draft for ietf of ES256K-R, and work with the DIF to get it adopted.

@jonnycrunch
Copy link

same concern as w3c/did-extensions#79. At least I am familiar with ecrecover and have tooling that will work, but none of the readily available JWT libraries support it.

@OR13
Copy link
Author

OR13 commented Aug 28, 2020
edited
Loading

@jonnycrunch agreed, at this point, I would say that ES256K-R is a cryptographic golem ;)

I created https://github.com/decentralized-identity/EcdsaSecp256k1RecoverySignature2020 to try and teach DIF members how to create linked data suites, but I give up :)

I would suggest we add a warning, telling people to never use EcdsaSecp256k1RecoverySignature2020, or ES256K-R.

@jonnycrunch jonnycrunch mentioned this issue Sep 1, 2020
Closed
@stale
Copy link

stale bot commented Jun 2, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the stale label Jun 2, 2021
@stale stale bot closed this as completed Jun 16, 2021
@bumblefudge bumblefudge mentioned this issue Feb 28, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jonnycrunch @OR13