IETF Logo Mail Archive

Re: [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens

"Salz, Rich" <rsalz@akamai.com> Sat, 28 April 2018 17:41 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C8E371270FC; Sat, 28 Apr 2018 10:41:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Udl0UXn6_9J; Sat, 28 Apr 2018 10:41:07 -0700 (PDT)
Received: from mx0a-00190b01.pphosted.com (mx0a-00190b01.pphosted.com [IPv6:2620:100:9001:583::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F0BA01200B9; Sat, 28 Apr 2018 10:40:59 -0700 (PDT)
Received: from pps.filterd (m0122332.ppops.net [127.0.0.1]) by mx0a-00190b01.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w3SHaphX014000; Sat, 28 Apr 2018 18:40:58 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=CaWsoHjPXLEVVRGtACP0QfaNQVARySJUO3aHw1llfWE=; b=FSxEV/2WziIHtLmARNS0kaUhzHb/1lzdWfVsebBhTZo0mK9spatitJn6chNRORD6kMmN QxBvK9yTBd+lsVblMhFSBARkBkh+DKbqNh1L4FyMRvyT35YVlVw/f2Ym/bjRB73SbnsI UP2SfSg2psKSQdd0k6c81F8afkjxsQTtE6NeIiYaplnpuX+3DeyU0n+5UN3/tJRjBYO+ SBn2z9tnkyFM4Y0M3PWvtR187sVa40q2QS91SkyQtFtJU4FYg+YRkXGKlKthm42/mTul E8j9HOaDGLw4IKa6zmRzY6rI1ohlIBfk6uGoR3O2l4NFrMbsHsk2HTAa2aWMchnR4ZkR yg==
Received: from prod-mail-ppoint4 ([96.6.114.87]) by mx0a-00190b01.pphosted.com with ESMTP id 2hmq3pgj1r-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 28 Apr 2018 18:40:58 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.21/8.16.0.21) with SMTP id w3SHevdP009467; Sat, 28 Apr 2018 13:40:57 -0400
Received: from email.msg.corp.akamai.com ([172.27.123.53]) by prod-mail-ppoint4.akamai.com with ESMTP id 2hmm9w1754-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sat, 28 Apr 2018 13:40:57 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com (172.27.123.101) by usma1ex-dag1mb1.msg.corp.akamai.com (172.27.123.101) with Microsoft SMTP Server (TLS) id 15.0.1365.1; Sat, 28 Apr 2018 13:40:55 -0400
Received: from USMA1EX-DAG1MB1.msg.corp.akamai.com ([172.27.123.101]) by usma1ex-dag1mb1.msg.corp.akamai.com ([172.27.123.101]) with mapi id 15.00.1365.000; Sat, 28 Apr 2018 13:40:55 -0400
From: "Salz, Rich" <rsalz@akamai.com>
To: Scott Arciszewski <scott@paragonie.com>
CC: Neil Madden <neil.e.madden@gmail.com>, "cfrg@ietf.org" <cfrg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens
Thread-Index: AQHT1+ikF93gujSL2kug06GbhFcwgKQI576AgABLYYCADT66AIAAROOA///JkIA=
Date: Sat, 28 Apr 2018 17:40:55 +0000
Message-ID: <8820EE1A-ADAA-4442-B539-771806AE9949@akamai.com>
References: <CAKws9z15m6WY+-mz5D01vxB4s-TE7nQN56=ssYt=vz3z4gAj6A@mail.gmail.com> <DBC2F048-C949-4362-8FD0-A43A54767B03@gmail.com> <CAKws9z277JLfv7Pb9wSkJ7zYR8FzoAfiXuFS6Vq0x32-3bWx7Q@mail.gmail.com> <2838C1FA-F11E-4E8E-ABB4-65C5485A03BC@akamai.com> <CAKws9z027n4Kbg2SgoXyM_z04VdAfE7BFfYTehkucOWsm6tizg@mail.gmail.com>
In-Reply-To: <CAKws9z027n4Kbg2SgoXyM_z04VdAfE7BFfYTehkucOWsm6tizg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/10.c.0.180410
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.45.73]
Content-Type: multipart/alternative; boundary="_000_8820EE1AADAA4442B539771806AE9949akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-28_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=476 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804280176
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2018-04-28_08:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1015 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=411 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1804280175
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/GlRXf_tIjodmbI_65FUi3EImHSc>
Subject: Re: [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2018 17:41:09 -0000

I mean no offense, but yes, it deserves incredulity.  The way to evolve crypto is to allow for agility (which JSON does), and then migrate off the old onto the new.  Eventually toolkits stop supporting the old.  You can’t decrypt RC4 with AES, but you can use TLS 1.2 between both hosts.

I haven’t followed all of this thread very closely; did you ever explain the “novel construct”?  Has there been any crypto analysis?

v2.23.0 | Report a Bug | By Email