Re: [CFRG] An update on Web Crypto, and adopting CFRG curves
"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Wed, 10 August 2022 17:06 UTC
Return-Path: <prvs=62210fe818=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5E17EC157B52 for <cfrg@ietfa.amsl.com>; Wed, 10 Aug 2022 10:06:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.904
X-Spam-Level:
X-Spam-Status: No, score=-1.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EffMY08pdofJ for <cfrg@ietfa.amsl.com>; Wed, 10 Aug 2022 10:06:09 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA33AC14F730 for <cfrg@irtf.org>; Wed, 10 Aug 2022 10:06:08 -0700 (PDT)
Received: from LLEX2019-3.mitll.ad.local (llex2019-3.llan.ll.mit.edu [172.25.4.125]) by MX3.LL.MIT.EDU (8.17.1.5/8.17.1.5) with ESMTPS id 27AH5usa016787 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Wed, 10 Aug 2022 13:05:56 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=pe38Z1Q1gPKqM1og5poU1Hc/q4i2YkIpA8LQ1TJQApHqvAChXIo/gt1Y8SY+7+HHb11qASgp27LTYrjpCOog/MPAWedmv7zpA/5RoeffBZEvMMdSQWbQFU/PfSG/U4wF++nDxD8BtK8g40P0h3bZIdp55J9RTCl4QeCItr7P92EIxVsrrjdqgeMxCS1UgKik7/0VxzOGnnCMyH3MAr4/HYWhFEAu2G34dJWvzPdBIrdY9muxh8AQDK/DyxEIIcY8aCMny0i3EJ4/gb4AE7zPeZSxECDan6F20sS8LFx/6fk2+Ug39xys0Zo4TOyJb/aUKFSja0/TBKpRZTOz/5SHIQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=nGR2LgCdTKKS+DL8Bx15XwueA3TKQqivo7t9N2zm4yg=; b=y3LqsW28KgXL69Vy/3NCRWextlRsBXKKedg5Pigsp0+VRiQ3pD+JknSQ5X6+yH43KsMLPSkiqASQ4rBkesecVUtZvDrwoCZpcMVOsvxF82Q0HF6TGEko25IbqbIZBEWzrP791P/+PCifhZWtm6jbrB52sVc5YUhbtowbX2hOvDNNztP+NwzEdLiBOVafySuvMAm/ehoSVtX2dR6o7t6f4KJNfSJAoa+iSzsOQvMXmd/2CwmnuaZERc+Afox9RzS9uHJ/zc6Fl/CSQCSOTWWSvfDEJEEV5Ks04J0H+QxNdOL8ORDeu3vykNtmTDrIPaCDFRqBtzj6QOfEO2wPzPEEsQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Daniel Huigens <daniel.huigens@proton.ch>, "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: [CFRG] An update on Web Crypto, and adopting CFRG curves
Thread-Index: AQHYrNn+bfgbMp3qz0qIUEwbPenTbq2oGi+A
Date: Wed, 10 Aug 2022 17:06:04 +0000
Message-ID: <895074EB-4E05-4D97-9C47-3B64E320743E@ll.mit.edu>
References: <lOuLx02d-aJwfKgoM3e740D2ipOIu-8AL2TKk_CZ1EGzgw8Q22K6qNOtYmCh9nQ4mHLL5JM5mpwrgF3-2c97PscNJzriGHohgVkjLIT-8XI=@proton.ch>
In-Reply-To: <lOuLx02d-aJwfKgoM3e740D2ipOIu-8AL2TKk_CZ1EGzgw8Q22K6qNOtYmCh9nQ4mHLL5JM5mpwrgF3-2c97PscNJzriGHohgVkjLIT-8XI=@proton.ch>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.63.22070801
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 33b8793d-0986-4402-7570-08da7af29bea
x-ms-traffictypediagnostic: BN0P110MB1564:EE_
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 4iCja23RQdcti2osXqJ3SUdHlhre3Wz40hFqzsPs5oHrNbfofJ1g9LewBKEyj0vuWu3OimPxn8NjE1pn48g6Ehk1bdwWa5qdKHsJJGGPgFpkZ8ySOjAUqPCRxlhto299w6pIiJKgFRmgqnl7SoNdmWCHlxjLtm3R7wobczuZiBicCKu5izqq5gHH9qzHYeWunkYBHH3+9xoba6k6s+xrmMqUFZxs91NsDIAc6RmCkahQm8Zuo4tlwsPsTbOsfKpsnnWBEaUNsyXpKK47tJ/xxtGUFyfg0W/+bs6lJVKpIy1qiUoSAs0WF6YEDs9XSxlOritK8bxNusBg9W15SmLHif48jlUR86Nfg7qvTZ1nWr87mdjc5FX8oUg6CJ0UEvIi5pwqdB3RjxPHXxBrfhCQ/Nx2eGF0SohFRT8fu+jy1vzI6C+GMeE6loxmcaVXOklPLQsApFwlXqmIkHaulKTQp8+R5nufab6Xs00UWRW+RHLHv7pI8OWeEHJdwVdXhyOylUYN3MH6mDNIxYPxgk08RyzyE2wC8hdO5znD/FZSelRT3/oolO/aF9fYR/AoHh6Yla0c1tKX2U2wwYxlgmbEVwhXsFPLrYNL9BgH49/P2IXj6YZyefaCZJ94IGp7+bqE/JlmfCEQ3n+p3j7MC4zgmcucAVTbpQR/gzomcG8qBAm7M93HR8fz0V2ug+AtJln1w0C99HiPjf+ABkowH291nWumlyQxE8NqZ4UzGJRFU/ZSddcQTXIGezz3F6O9ReagOMXrwNkwnZh2hu77xhvanA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230016)(366004)(498600001)(6486002)(71200400001)(966005)(26005)(6512007)(6506007)(86362001)(33656002)(38070700005)(99936003)(2616005)(186003)(110136005)(83380400001)(66446008)(66556008)(76116006)(66476007)(75432002)(66946007)(8676002)(5660300002)(64756008)(8936002)(38100700002)(122000001)(2906002)(15650500001)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ZZFyHe8tD7LWX+0vphYlpsCkrk2SLjW9Edcnm1eSKfEArHd5GoiwekOH3UpqqIr7mBi8TS2yXDcostAwi7ZDD2fw5xebzu/PloV0IcudHt59zW9zbobS63QB7nTnPa/16a83tgdngK5meq5iuQhnpi5C5yJsmYOo0NM0YQ24q41hLd7vSy28KvmY1sUbbzfrBx7w6teSJlD0xLRwg4qSLakqLpATu5vvRo1z0UvCiM5E7Mh3GaNo5xXA0H8lgdKrtgoxnrASrqq75bedERDWIU7ugdTKtBqlhXmv+Jq4RWrEs4KFYSpHkWQCg0ClMIIVqS1596I2e6qOwgY102Xjg8JehE0Ebiv492ZGy6ik1hpvFN1Oi40h8+VAzwo90dkPxUp26t5obfsuZs3ZG9WeMsGfK72C3VfZhmb7RaJ6PbQ=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3742981563_4110645968"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 33b8793d-0986-4402-7570-08da7af29bea
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2022 17:06:04.2386 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1564
X-Proofpoint-GUID: k--kf7zTV8w-BfXIIQIvi8A1JIQcduGG
X-Proofpoint-ORIG-GUID: k--kf7zTV8w-BfXIIQIvi8A1JIQcduGG
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-08-10_08,2022-08-10_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 mlxscore=0 spamscore=0 adultscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 phishscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2207270000 definitions=main-2208100052
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/JucPsJc6J1gkFnpxl8h4Syf42P4>
Subject: Re: [CFRG] An update on Web Crypto, and adopting CFRG curves
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Aug 2022 17:06:13 -0000
Yes, this work makes sense. I am interested, and support it. Thanks -- V/R, Uri There are two ways to design a system. One is to make it so simple there are obviously no deficiencies. The other is to make it so complex there are no obvious deficiencies. - C. A. R. Hoare On 8/10/22, 12:55, "CFRG on behalf of Daniel Huigens" <cfrg-bounces@irtf.org on behalf of daniel.huigens=40proton.ch@dmarc.ietf.org> wrote: Hi all, At the IETF 114 session, there was a slide with expired documents which listed draft-irtf-cfrg-webcrypto-algorithms-00, which prompted me to think that you might appreciate an update regarding the state of the Web Cryptography API specification. For a long while, the Web Cryptography WG at W3C has been closed, and there was no obvious path to include new (more modern) algorithms in Web Crypto. That was until two months ago, when the Web Application Security WG adopted a new charter which includes a provision to "adopt well-supported proposals from incubation for maintenance of the Web Cryptography API". I also volunteered as editor for the Web Crypto specification, and so am now trying to modernize the cryptographic algorithms available in the API. To start, I wrote a draft spec proposing to add the CFRG curves to Web Crypto [1]. There is an experimental implementation of that in Node.js, but no browsers yet. There was a request (from Mozilla) to tighten the checks beyond what is required by RFC 7748 and RFC 8032, particularly to check for small- order elements. There is an open PR with a proposal to do so at [2]. It would be great if you could comment on that either here or on the PR. Note that the current text mandates the check for all-zero shared secrets that is optional in RFC 7748, partially because I think it's better to have consistent behavior among implementations, but I think that checking for small-order elements on import would be even better for that. However, let me know if you disagree, and also if you do agree commenting on the PR would be helpful as well. Then, there are some other algorithms that, in my mind, would make for obvious additions, such as Argon2 (currently the only password hashing function is PBKDF2), OCB (currently the only AEAD mode is GCM), SHA-3, and eventually some post-quantum algorithms. However, that might take a bit longer, and all of this obviously depends on the interest and bandwidth of implementers. But, if you have other thoughts on what should be included in a modern crypto API, that would be welcome too. Finally, circling back to draft-irtf-cfrg-webcrypto-algorithms-00, for now I think there's not much to do, but once the above has been added, I think it might be worthwhile to have an updated document with recommendations for which algorithms to use. Of course I don't know if there's still interest in that here (after all, it's been a while :s), but let me know what you think. Thanks! Best regards, Daniel Huigens [1]: https://wicg.github.io/webcrypto-secure-curves/ [2]: https://github.com/WICG/webcrypto-secure-curves/pull/13 _______________________________________________ CFRG mailing list CFRG@irtf.org https://www.irtf.org/mailman/listinfo/cfrg
- [CFRG] An update on Web Crypto, and adopting CFRG… Daniel Huigens
- Re: [CFRG] An update on Web Crypto, and adopting … Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] An update on Web Crypto, and adopting … Hubert Kario
- Re: [CFRG] An update on Web Crypto, and adopting … Daniel Huigens
- Re: [CFRG] An update on Web Crypto, and adopting … Hubert Kario
- Re: [CFRG] An update on Web Crypto, and adopting … Daniel Huigens