Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Clarify the supported signature algorithms for certificates #280

Closed
sleevi opened this issue Apr 6, 2021 · 1 comment
Closed

Clarify the supported signature algorithms for certificates #280

sleevi opened this issue Apr 6, 2021 · 1 comment
Labels
F2F security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.

Comments

@sleevi
Copy link

sleevi commented Apr 6, 2021

Separate from #277, the support for signature algorithms currently states:

openscreenprotocol/index.bs

Lines 367 to 370 in 5488c7b

* Supporting the at least one of the following signature algorithms:
* secp256r1_sha256
* secp384r1_sha384
* secp521r1_sha512

However, this is not a defined X.509/PKIX signature algorithm. It's likely these names were derived from RFC 8446, Section 4.2.3's SignatureScheme registry, but those don't directly translate here.

Further, experience has shown that implementors who have attempted to implement ECDSA within certificates have, at times, incorrectly encoded the subjectPublicKeyInfo/signatureAlgorithm, through incorrect interpretation of the algorithm parameters, or through novel (problematic) attempts at representing the curve.

In more modern certificate profiles, an effort has been made to explicitly specify the encoded byte representation, namely:

  • secp256r1_sha256 = 301306072a8648ce3d020106082a8648ce3d030107 for the public key AlgorithmIdentifier, 300a06082a8648ce3d040302 for the signature AlgorithmIdentifier
  • secp384r1_sha384 = 301006072a8648ce3d020106052b81040022 for the public key AlgorithmIdentifier, 300a06082a8648ce3d040303 for the signature AlgorithmIdentifier
@samuelweiler samuelweiler added the security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response. label May 27, 2021
@w3cbot w3cbot mentioned this issue May 27, 2021
Open
@markafoltz markafoltz mentioned this issue Oct 27, 2021
Merged
markafoltz added a commit that referenced this issue Sep 7, 2022
@markafoltz
[Open Screen Protocol] Update certificate serial number.
89bc690 
This is a WIP patch for Issue #280.
@markafoltz markafoltz added the F2F label Sep 8, 2022
@markafoltz markafoltz mentioned this issue Sep 13, 2022
Open
@markafoltz
Copy link
Contributor

Closed by #288.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
F2F security-tracker Group bringing to attention of security, or tracked by the security Group but not needing response.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@sleevi @markafoltz @samuelweiler