Re: [6lo] [Lake] SEC-DIR review of AP-ND:
Rene Struik <rstruik.ext@gmail.com> Mon, 03 February 2020 20:47 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D52AA120C62; Mon, 3 Feb 2020 12:47:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JOZo5rYCYGnL; Mon, 3 Feb 2020 12:47:01 -0800 (PST)
Received: from mail-qk1-x742.google.com (mail-qk1-x742.google.com [IPv6:2607:f8b0:4864:20::742]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7D863120C8E; Mon, 3 Feb 2020 12:47:01 -0800 (PST)
Received: by mail-qk1-x742.google.com with SMTP id q15so15712250qki.2; Mon, 03 Feb 2020 12:47:01 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:cc:references:from:message-id:date:user-agent :mime-version:in-reply-to:content-language; bh=cUclT/QdX1bY7hBYtj/KtcLE4N+6ZjJ7vJ1dqTMY+10=; b=eBYe/ZT52SYc8gq15f4kc9hFydlPSgpJsZ3dRHYQGfROOJ/ZoVnPIGNVncXQr3H8yv zqSvcuEejTLalnjEuRXloZcqZOm/FD2Ib7pIk7oIgY2S8iSPa9LP1sbvr5MMrsCdjaij 4WKjnc5M6Udzg2vDAsZTsXOtzr8I7eXnH/zqw1b5YNZycrfyblTlJEb0Y/tCwhpMwfCU rEv7fawZcWbwSQjn8eJgk6tDZzqf8dCXM938lZmSN2xCSWf5KUG/tQsWWgp03OXIEWZA AKlFlC5AJ32TXuQrZtQQcSOhNBDxc+7llQKlOgbyio1+ASEI7Dl6hG2FqOmfpoEhr4ux Qfjg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language; bh=cUclT/QdX1bY7hBYtj/KtcLE4N+6ZjJ7vJ1dqTMY+10=; b=MbNwa/HPZc3XwH0RakyAXAHaJz0a+sF+0+h+4ti+0kCcIi0DA9RamOu7HpedlrhFK7 FX7U8tOqR/CAVMCmf37/AF3eUr2TYKroh946lqSmHalCRaf+k6Z1oYVWKhhSVSKKnGgv xuajupM6FzM6KDzVEW5MW3QXzlwfGIWCQP5yGT0Y6dlLlNvoG0Za15RbRIwXlOAdvhgM DVrJk1geY86WbwOMho4IAQIdDNcUdEExyWa/GiEh3mY3SljdMpO/6nhFLB+92J9KEHNV t9FaqVGuCQtJopZcPoiu/15vCBdOqYGzQskjBirZWXEtZqNA7R+DY/P4867zceMnmfdS eKiA==
X-Gm-Message-State: APjAAAVEMaELx5E6Pfdle/q1UikO0QPeUpt/BrCA+x1ty0D9jXhsRHiP VeEtgR2IOMO3+Sy5vPzhgpk=
X-Google-Smtp-Source: APXvYqxjFC4/qpwUEAXsBkAWi0aMrHj/KXYO3tXsLdgG7W3nS28L08jf5+qAnJ8V6HacRNwlPP57VA==
X-Received: by 2002:a37:9e12:: with SMTP id h18mr24525460qke.420.1580762820648; Mon, 03 Feb 2020 12:47:00 -0800 (PST)
Received: from ?IPv6:2607:fea8:6a0:1a5a:7952:605f:9dd5:fa3f? ([2607:fea8:6a0:1a5a:7952:605f:9dd5:fa3f]) by smtp.gmail.com with ESMTPSA id a22sm10423883qtd.48.2020.02.03.12.46.59 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Mon, 03 Feb 2020 12:46:59 -0800 (PST)
To: Jim Schaad <ietf@augustcellars.com>, "'Pascal Thubert (pthubert)'" <pthubert@cisco.com>, draft-ietf-6lo-ap-nd@ietf.org
Cc: 6lo-chairs@ietf.org, "'Shwetha Bhandari (shwethab)'" <shwethab@cisco.com>, 'The IESG' <iesg@ietf.org>, 6lo@ietf.org, 'Benjamin Kaduk' <kaduk@mit.edu>
References: <MN2PR11MB3565A885E27E86C53205825BD8000@MN2PR11MB3565.namprd11.prod.outlook.com> <020301d5dabe$01c24d10$0546e730$@augustcellars.com>
From: Rene Struik <rstruik.ext@gmail.com>
Message-ID: <d020a2b2-0fd6-b95d-dc1f-f16c143ab126@gmail.com>
Date: Mon, 03 Feb 2020 15:46:56 -0500
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:68.0) Gecko/20100101 Thunderbird/68.4.2
MIME-Version: 1.0
In-Reply-To: <020301d5dabe$01c24d10$0546e730$@augustcellars.com>
Content-Type: multipart/alternative; boundary="------------884640F59479E209E781F36B"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/GQ0GNDBXkjJGrb3c0-z41lFIYvI>
Subject: Re: [6lo] [Lake] SEC-DIR review of AP-ND:
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 20:47:04 -0000
Hi Jim: Just weighing-in on this: see below. Best regards, Rene On 2/3/2020 1:16 PM, Jim Schaad wrote: > > What is following is personal opinion (although I will admit to being > one of the DEs on these registries): > > 1. I don’t think that you are going to be able to start doing > compressed points easily in JOSE. It is a design philosophy that > people really wanted at the time. There was extensive discussions > about getting compressed points as well as how to expressed the > point format. > RS>> I would be curious what this design philosophy was: if there is a record of this, that would be great. It would be particularly interesting to understand the reasoning as to why for Montgomery curves and twisted Edwards curves compression is a must, while for short Weierstrass curves this is forbidden... This is not just so with JOSE, it is also in RFC 8152 (OKP vs. EC2 distinction). It seems to be pretty random. <<RS > > 1. In my opinion, table 2 should not be referencing the Curve25519 in > the last column. From my point of view when curves are expressed > as using different coordinate systems then you need to be > expressing these as different curves. An algorithm negotiation > currently only needs to include the curve and not additionally > include the point format. This needs to be maintained. I > therefore believe that a new curve code point should be registered > here. That is the only registration that I believe needs to be > done in the JOSE registries. > RS>> Please note that the different crypto types in Table 2 refer to complete specifications of signature schemes, including point representation, bit/byte ordering, etc. Please note that curves expressed in different coordinate systems are not really different: only their representations are (unfortunately, this confusion is caused by heavy marketing by some people in the past). The different representations, not just of curve points, but also LSB/MSB and lsb/msb ordering conventions, are already captured in Table 2. Since different bit/byte ordering, even with the same curve, makes a difference, representation conventions are the guiding metric, not just different curve models. <<RS > 1. > > Note, I find section 7.5 to be missing a small piece of guidance that > might be needed. If you use the “same” private key for both the > Edwards and Weierstrass curve representations, is that a problem > according to this guidance? > RS>> Reuse of the same public-private key pair with different signature schemes is not allowed. <<RS > Jim > > *From:* Lake <lake-bounces@ietf.org> *On Behalf Of *Pascal Thubert > (pthubert) > *Sent:* Monday, February 3, 2020 5:29 AM > *To:* draft-ietf-6lo-ap-nd@ietf.org > *Cc:* 6lo-chairs@ietf.org; Shwetha Bhandari (shwethab) > <shwethab@cisco.com>; The IESG <iesg@ietf.org>; 6lo@ietf.org; > lake@ietf.org; Benjamin Kaduk <kaduk@mit.edu> > *Subject:* [Lake] SEC-DIR review of AP-ND: > > Dear all > > During SEC-DIR review, Benjamin pointed out: > > > Why do we need to allow ambiguity/flexibility as to the point > representation > > > within a given Crypto-Type value (as opposed to fixing the > representation as a > > > parameter of the Crypto-Type)? Alternately, what does "(un)compressed" > > > mean, as it's not really clarified directly? Furthermore, Table 2 > lists an > > > "(un)compressed" representation for type 0 (over P-256), but RFC > 7518 notes > > > that the compressed representation is not supported for P-256 (Section > > > 6.2.1.1). I also am not finding the needed codepoints registered in > the JOSE > > > registries to use ECDSA25519 (crypto-type 2) -- do we need to register > > > anything there? > > Any idea how we can address this? > > In particular does anyone know why RFC 7518 does not support the > compressed representation for P-256? Cc’ing LAKE on the impact of this > > Pascal > -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 287-3867
- [6lo] SEC-DIR review of AP-ND: Pascal Thubert (pthubert)
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik