On Tue, Nov 12, 2013 at 12:34 PM, Lloyd Hilaiel <
lhil...@mozilla.com> wrote:
> Goal: we should determine if there are any small high value tweaks we can make to data formats, especially those that give us future flexibility to make changes, or make it significantly easier to work with the formats.
On the assumption we're talking about the Persona formats here, CC'ing
dev-identity...
I have an initial write-up of data format changes here:
https://github.com/djc/id-specs/blob/prod/browserid/json-formats.md
It seems like the biggest issue is the use of the DS128 signature
algorithm in identity assertions. I presume these were used for the
per-user property stuff that DSA can do (well, I looked it up on
Wikipedia a little), but this algorithm is not supported in current
JWS. I'm not sure exactly why DSA was chosen here, what the current
status of its security is, or why it's not supported in JWS. If we're
still okay with it, we could consider asking the JOSE guys to include
it, submitting it to their registry. Otherwise, we'd have to move to
RSA or ECDSA (with only the NIST curves explicitly supported in
current drafts).
At the same time, using current JWS with an unsupported algorithm
would IMO be a good upgrade over the current state.
I'm also happy to look into getting jwcrypto/browserid to accept these
new formats, and normalize based on the differences listed in the
document.
Cheers,
Dirkjan