Add ecdsa-sha2-nistp256 to specification #498
Conversation
| @@ -491,9 +496,9 @@ Version: **1.0 (Draft)** | |||
| used to sign documents. The type determines the interpretation of | |||
| KEYVAL. | |||
There was a problem hiding this comment.
How does the type determine the interpretation of KEYVAL? Type here implies ecdsa/rsa/ed25519, not public/private. Is public/private meant?
| } | ||
|
|
||
| where PUBLIC is in PEM format and a string. | ||
|
|
There was a problem hiding this comment.
I don't see anywhere in the spec where private key formats are explained. Perhaps you should add a note after these examples or something, saying that for a private key, keyval will also contain "private": PRIVATE.
There was a problem hiding this comment.
We previously included a "private" attribute in KEYVAL, but later decided to remove it altogether from metadata. Since public metadata is never expected to contain a private key, people argued that the "private" attribute shouldn't exist.
Although the repository tool stores private keys in KEYVAL for convenience, it is not required by the specification. Taking into account that adopters don't have to worry about producing metadata with a "private" element, should we bother explaining it in the specification?
Fixes issue #:
#355
Description of the changes being introduced by the pull request:
Add ECDSA (ecdsa-sha2-nistp256) to specification, as requested in issue #355. ECDSA has been
implemented in secure-systems-lab/securesystemslib#18.
Please verify and check that the pull request fulfills the following
requirements: