Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add normative guidance that Deterministic signatures SHOULD be used #28

Closed
msporny opened this issue Aug 18, 2023 · 2 comments
Closed

Add normative guidance that Deterministic signatures SHOULD be used #28

msporny opened this issue Aug 18, 2023 · 2 comments
Assignees
@Wind4Greg
Labels
before CR This issue needs to be processed before Candidate Recommendation pr exists security-needs-resolution Issue the security Group has raised and looks for a response on.

Comments

@msporny
Copy link
Member

msporny commented Aug 18, 2023

From the PING's review (w3cping/privacy-request#120):

Is there value in allowing non-deterministic signatures or should this spec just require the usage of RFC6979 as noted in section 4.2 of the security considerations section, but this seems like an opportunity for the spec to eliminate behavior that has been implemented incorrectly quite a few times and led to private key reveal issues.

... and follow up from PING:

We reviewed these points today during the PING call and there appeared to be consensus agreement to address these points with the exception that the non-deterministic signatures can be left as SHOULD.

/cc @kdenhartog
@msporny msporny self-assigned this Aug 18, 2023
@msporny msporny added the before CR This issue needs to be processed before Candidate Recommendation label Aug 18, 2023
@msporny msporny assigned Wind4Greg and unassigned msporny Aug 19, 2023
@msporny msporny added security-needs-resolution Issue the security Group has raised and looks for a response on. ready for pr This issue is ready for a Pull Request to be created to resolve it labels Aug 19, 2023
@w3cbot w3cbot mentioned this issue Aug 19, 2023
Open
@Wind4Greg Wind4Greg mentioned this issue Aug 21, 2023
Merged
@msporny msporny added pr exists and removed ready for pr This issue is ready for a Pull Request to be created to resolve it labels Aug 25, 2023
@msporny
Copy link
Member Author

msporny commented Aug 25, 2023

PR #34 has been raised to address this issue. This issue will be closed once PR #34 is merged.

@msporny
Copy link
Member Author

msporny commented Sep 2, 2023

PR #34 has been merged, closing.

@msporny msporny closed this as completed Sep 2, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Wind4Greg Wind4Greg

Labels
before CR This issue needs to be processed before Candidate Recommendation pr exists security-needs-resolution Issue the security Group has raised and looks for a response on.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@msporny @Wind4Greg