support new RFC 8037 algs

Comments (27)

1. 

   Uri Blumenthal

   Yes, that would be nice. Thanks for considering it.

   • 2016-08-28T03:19:57+00:00
2. 

   Brian Campbell reporter

   • changed title to support new RFC 8037 algs
   • edited description

   updated title/description to reflect newly available RFC 8037

   • 2017-01-25T12:20:31+00:00
3. 

   Brian Campbell reporter

   BC seems to be looking at it http://www.ietf.org/mail-archive/web/jose/current/msg05650.html per Anders and more http://www.ietf.org/mail-archive/web/jose/current/msg05651.html

   • 2017-06-27T15:16:25+00:00
4. 

   Brian Campbell

   https://github.com/google/tink maybe

   • 2017-12-13T16:26:43+00:00
5. 

   Uri Blumenthal

   Not sure. As the main issue seems to be not how to implement X25519 etc. in Java, but how to "marry" those with JSON crypto. The main difficulty IMHO is serialization/deserialization of JSON plaintext.

   And AFAIK, BouncyCastle now supports the above algorithms.

   What's your opinion?

   • 2017-12-13T16:49:50+00:00
6. 

   Brian Campbell reporter

   I'm not really sure, to be honest, I've just been adding the occasional comment as a note to maybe look at later as I run across things. This issue is kinda a placeholder for now (as I'm sure you've noticed). I'm not in a position to do any real work on this at this time. I'm hopeful that the RFC makes that 'marrying' reasonably doable. But that's just hope at this point.

   • 2017-12-13T17:42:59+00:00
7. 

   Brian Campbell reporter

   Matt's https://github.com/linuxwolf/jose-cookbook/tree/master/curve25519 "contains the signature example from CFRG ECDH and signatures in JOSE as well as some examples which are not in the document." (was moved to https://github.com/ietf-jose/cookbook/blob/master/curve25519/ecdh-es.json )

   • 2018-02-16T14:45:41+00:00
8. 

   Brian Campbell reporter

   https://twitter.com/seanjmullan/status/993483816546263041 maybe relevant for Java 11

   • 2018-05-07T22:23:05+00:00
9. 

   Brian Campbell reporter

   JEP 339: Edwards-Curve Digital Signature Algorithm (EdDSA) https://openjdk.java.net/jeps/339

   • 2019-12-05T17:17:48+00:00
10. 

    Uri Blumenthal

    Nice!

    • 2019-12-05T20:27:10+00:00
11. 

    Sergey Beryozkin

    Hi Brian, @Brian Campbell Supporting EdDSA would be even more interesting now that ECDSA has caused more problems. https://bugs.openjdk.java.net/browse/JDK-8199231 has been resolved for Java 15, so it should work for supported Java 17/18.

    Thanks, Sergey

    • 2022-04-26T13:30:42+00:00
12. 

    Uri Blumenthal

    EdDSA has its own problems and weaknesses. One should be careful choosing one over the other.

    • 2022-04-28T14:52:32+00:00
13. 

    Sergey Beryozkin

    Doesn’t it apply to any JWA algorithm ?

    • 2022-04-28T14:59:27+00:00
14. 

    Uri Blumenthal

    Rhetoric questions do not deserve an answer. My point was - it won’t be prudent to just move from ECDSA to EdDSA. And, regardless, presence of bugs in implementation of any algorithm is likely - it makes no sense to harp on a bug in one (albeit widespread) implementation.

    • 2022-04-28T15:05:25+00:00
15. 

    Sergey Beryozkin

    @Uri Blumenthal I’ve asked Brian to consider supporting EdDSA, so I've no idea what you are trying to prove with your elaborate comments

    ‌

    • 2022-04-28T15:10:40+00:00
16. 

    Sergey Beryozkin

    This issue is dedicated to supporting an algorithm such as EdDSA and I’d like to have our users the extra options. While I did refer to a recent EcDSA issue I did not come here to start a discussions about pros and cons of various algorithms

    • 2022-04-28T15:20:38+00:00
17. 

    Uri Blumenthal

    I’m trying to point that supporting EdDSA has been of interest since 2016, and it hasn’t become “more interesting now” because of ECDSA bug that got fixed.

    • 2022-04-28T15:21:49+00:00
18. 

    Sergey Beryozkin

    Fair enough, appreciate your input, thank you, and apologies. I propose though that in scope of this issue we focus on EdDSA.

    • 2022-04-28T15:27:00+00:00
19. 

    Uri Blumenthal

    I thought we all were in full agreement that adding EdDSA support to this JOSE implementation is a good thing. More importantly, Brian seems to support it.

    • 2022-04-28T15:27:02+00:00
20. 

    Sergey Beryozkin

    I thought we all were in full agreement that adding EdDSA support to this JOSE implementation is a good thing. More importantly, Brian seems to support it.

    +1. Hope you appreciate why the EcDSA vs EdDSA discussion is an orthogonal issue. I admit I made a mistake by referring to EcDSA.

    ‌

    • 2022-04-28T15:31:20+00:00
21. 

    Uri Blumenthal

    OK, sure. We wait for Brian to step in?

    • 2022-04-28T15:34:25+00:00
22. 

    Brian Campbell reporter

    fwi and fwiw working on this in this branch https://bitbucket.org/b_c/jose4j/commits/branch/ed

    • 2022-09-30T22:45:22+00:00
23. 

    Brian Campbell reporter

    • changed status to resolved

    done with f42a568

    • 2022-10-05T19:37:36+00:00
24. 

    Brian Campbell reporter

    • changed status to closed

    v0.9.0 has been released with support for RFC 8037

    • 2022-10-05T19:55:04+00:00
25. 

    Sergey Beryozkin

    Good news, thanks Brian

    • 2022-10-06T08:16:38+00:00
26. 

    Sergey Beryozkin

    Hi @Brian Campbell , just FYI, thought I’d share

    https://github.com/smallrye/smallrye-jwt/pull/662/files

    (https://twitter.com/sberyozkin/status/1606438501330948098)

    Your help is appreciated, cheers.

    • 2022-12-24T00:05:30+00:00
27. 

    Brian Campbell

    Thanks Sergey, appreciate hearing that.

    ‌

    • 2022-12-24T00:29:16+00:00
28. Log in to comment