paseto-spec icon indicating copy to clipboard operation
paseto-spec copied to clipboard

Published 20 hours ago verified publisher icon paseto-standard

Deprecate `v3.public.`

Open conradludgate opened this issue 1 year ago • 2 comments

In https://github.com/paseto-standard/paseto-spec/blob/master/docs/Rationale-V3-V4.md there are numerous claims that Ed25519 should be preferred over P-384.

ECDSA is much more dangerous to implement than Ed25519

If you're concerned about NSA backdoors, don't use v3 (which only uses NIST-approved algorithms). Use v4 instead.

At the bottom, it states

If you want smaller tokens or better performance than P-384, make sure Ed25519 lands in FIPS 186-5 and use v4.public instead.

Ed25519 did land in FIPS 186-5 and therefore v4.public. features only NIST-approved algorithms. Since v3 exists only for NIST-dependant applications, it is now redundant.

conradludgate avatar Jul 25 '23 11:07 conradludgate

This deprecation would add complications when paired with PASERK, however.

conradludgate avatar Jul 25 '23 11:07 conradludgate

We aren't going to deprecate v3.public. until the CNSA permits Ed25519.

paragonie-security avatar Jul 28 '23 18:07 paragonie-security