Re: [6lo] [Lake] SEC-DIR review of AP-ND:
Jim Schaad <ietf@augustcellars.com> Mon, 03 February 2020 18:16 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: 6lo@ietfa.amsl.com
Delivered-To: 6lo@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DD80120C42; Mon, 3 Feb 2020 10:16:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mPQji1NRLInd; Mon, 3 Feb 2020 10:16:32 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 67CFB120C14; Mon, 3 Feb 2020 10:16:31 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 3 Feb 2020 10:16:06 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: "'Pascal Thubert (pthubert)'" <pthubert@cisco.com>, draft-ietf-6lo-ap-nd@ietf.org
CC: 6lo-chairs@ietf.org, "'Shwetha Bhandari (shwethab)'" <shwethab@cisco.com>, 'The IESG' <iesg@ietf.org>, 6lo@ietf.org, 'Benjamin Kaduk' <kaduk@mit.edu>
References: <MN2PR11MB3565A885E27E86C53205825BD8000@MN2PR11MB3565.namprd11.prod.outlook.com>
In-Reply-To: <MN2PR11MB3565A885E27E86C53205825BD8000@MN2PR11MB3565.namprd11.prod.outlook.com>
Date: Mon, 03 Feb 2020 10:16:04 -0800
Message-ID: <020301d5dabe$01c24d10$0546e730$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0204_01D5DA7A.F39FF770"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQI51a2x6Xn9gJl7cgl9kt+4OYRyJadBzH8A
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/6lo/wjR-v-bSZenY0nML4Cv3vVK7kHA>
Subject: Re: [6lo] [Lake] SEC-DIR review of AP-ND:
X-BeenThere: 6lo@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Mailing list for the 6lo WG for Internet Area issues in IPv6 over constrained node networks." <6lo.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/6lo>, <mailto:6lo-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/6lo/>
List-Post: <mailto:6lo@ietf.org>
List-Help: <mailto:6lo-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/6lo>, <mailto:6lo-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Feb 2020 18:16:34 -0000
What is following is personal opinion (although I will admit to being one of the DEs on these registries): 1. I don't think that you are going to be able to start doing compressed points easily in JOSE. It is a design philosophy that people really wanted at the time. There was extensive discussions about getting compressed points as well as how to expressed the point format. 2. In my opinion, table 2 should not be referencing the Curve25519 in the last column. From my point of view when curves are expressed as using different coordinate systems then you need to be expressing these as different curves. An algorithm negotiation currently only needs to include the curve and not additionally include the point format. This needs to be maintained. I therefore believe that a new curve code point should be registered here. That is the only registration that I believe needs to be done in the JOSE registries. Note, I find section 7.5 to be missing a small piece of guidance that might be needed. If you use the "same" private key for both the Edwards and Weierstrass curve representations, is that a problem according to this guidance? Jim From: Lake <lake-bounces@ietf.org> On Behalf Of Pascal Thubert (pthubert) Sent: Monday, February 3, 2020 5:29 AM To: draft-ietf-6lo-ap-nd@ietf.org Cc: 6lo-chairs@ietf.org; Shwetha Bhandari (shwethab) <shwethab@cisco.com>; The IESG <iesg@ietf.org>; 6lo@ietf.org; lake@ietf.org; Benjamin Kaduk <kaduk@mit.edu> Subject: [Lake] SEC-DIR review of AP-ND: Dear all During SEC-DIR review, Benjamin pointed out: > Why do we need to allow ambiguity/flexibility as to the point representation > within a given Crypto-Type value (as opposed to fixing the representation as a > parameter of the Crypto-Type)? Alternately, what does "(un)compressed" > mean, as it's not really clarified directly? Furthermore, Table 2 lists an > "(un)compressed" representation for type 0 (over P-256), but RFC 7518 notes > that the compressed representation is not supported for P-256 (Section > 6.2.1.1). I also am not finding the needed codepoints registered in the JOSE > registries to use ECDSA25519 (crypto-type 2) -- do we need to register > anything there? Any idea how we can address this? In particular does anyone know why RFC 7518 does not support the compressed representation for P-256? Cc'ing LAKE on the impact of this Pascal
- [6lo] SEC-DIR review of AP-ND: Pascal Thubert (pthubert)
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Jim Schaad
- Re: [6lo] [Lake] SEC-DIR review of AP-ND: Rene Struik