(1) This document is set for Standards Track. Given the current push toward
adopting the CFRG algorithms, this has the potential to become the preferred
JWS/JWE algorithm set. There have been several browser vendors who have
expressed a desire to place these algorithms in the W3C WebCrypto spec.
(2) The IESG approval announcement includes a Document Announcement
Write-Up. Please provide such a Document Announcement Write-Up. Recent
examples can be found in the "Action" announcements for approved
documents. The approval announcement contains the following sections:
Technical Summary
This document defines how to use Diffie-Hellman algorithms "X25519" and
"X448" as well as signature algorithms "Ed25519" and "Ed448" from IRTF CFRG
elliptic curves work in JOSE. An explicit decision was made not to include
the pre-hash versions of the Edwards Signature algorithms.
Working Group Summary
The document was completely uncontroversial in the WG.
Document Quality
The WG produced sufficient review of the document. While it is not believe
that there are any issues of the document given the shortness and simplicity
more review would have been useful. The core cryptographic security is
considered to be solid, and has had more than sufficient review from the CFRG.
Personnel
Jim Schaad is the Document Shepherd. Kathleen Moriarty is the Responsible
Area Director.
(3) I have done multiple reviews on the document, checked the document against
the nits list and, hopefully, will have an implementation that can be used to
check the examples before the IESG processing is finished.
(4) A present there have been no reviews of the document other than mine in
WGLC. I consider this to be an issue.
(5) I do not see any need for a broader review. The author is also working on
the CFRG documents and thus can be expected to get usage questions correct.
This is a description of how to use the algorithm and not the algorithm itself.
It will inherit the security analysis of the JWS and JWE documents as there
are not significantly different properties for these algorithms.
(6) I have no concerns about the document that need to be highlighted.
(7) Ilari has confirmed that all appropriate IPR disclosures have been filed.
(8) No IPR disclosures exist.
(9) Consensus to adopt the group was a small set of individuals, but that is
all that is left to be active in the group.
(10) Nobody has expressed any problems with the document.
(11) Nits and Checklist have been reviewed. The only issues are the two
downrefs called out below.
(12) No formal review is required for the document.
(13) All references have been defined between normative and informative and the
assignments look reasonable.
(14) There is currently a dependency on draft irtf-cfrg-eddsa, but that
document is going through final approval process and expected to complete.
(15) The document has two downward normative references:
RFC7748 - Is the algorithm definition for ECDH keys. It is normal to down
reference algorithm documents. draft-ietf-cfrg-eddsa - Is the algorithm
definition for EdDSA. It is normal to down reference algorithm documents
(16) This document is new and modifies no existing documents. The JOSE
algorithm registries are updated which indirectly updates the set of core JOSE
documents.
(17) I have gone through the document as shepherd to validate the IANA
consideration registrations. They appear to be correct and I expect no problem
also validating them as the DE for the registry.
(18) This document does not define any new IANA registries.
(19) The document contains no formal language sections.