[CFRG] OCB does not have an OID specified, that is a general problem
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 07 June 2021 12:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 381303A14A6 for <cfrg@ietfa.amsl.com>; Mon, 7 Jun 2021 05:51:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PIv5vSkOkf7v for <cfrg@ietfa.amsl.com>; Mon, 7 Jun 2021 05:51:43 -0700 (PDT)
Received: from mail-yb1-f179.google.com (mail-yb1-f179.google.com [209.85.219.179]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 183F63A14A4 for <cfrg@irtf.org>; Mon, 7 Jun 2021 05:51:42 -0700 (PDT)
Received: by mail-yb1-f179.google.com with SMTP id b13so24746368ybk.4 for <cfrg@irtf.org>; Mon, 07 Jun 2021 05:51:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ka/7/+M/iDsu51gto3/eiXlYeFMP8tYa3RQm9tW9ETk=; b=uGzFXoTA2FOJDiHpLYHbQe0lQ0hchz+WsnUNTT4NvIQu+TyfNQwhFSMBtGiWQwhjN9 owB8F2+RTMKyYvEeFbzywvUiKFOJUMGBkAPGT1HS3xU5NrmvMwv07krpP+D8xP5wE79x sWsEDICk246s80qDYpo/dN/9unYpsp9PUS4bhuc/NDuYR2XjBj/I62cuCAFgyxOipnJD yEUWjWhcmgMVWy5McgI0h/Ipes3j21m/a0nQkrm3KTed123yLKeyaoya3v96wFM+sQCP YJ6caDCNuBWvNNa/0ATP0XfRQLITAH8wAHMoDagno2UrvDxgNHrrcNWiVnLmzZcBcehZ gXFg==
X-Gm-Message-State: AOAM531gS9rKMsOQb670y9q6qEq8MfN1b0vZ8ZXH2dr3aDUu9Q1eadaq +jg2w3l6xsY/I53FodMOH8FwsxxnrvJH6M2sXWweHJWpKQj95g==
X-Google-Smtp-Source: ABdhPJxkFPDH7FstnW6s24oETNXEhUcxJI9zSAfmlUKMDGvsBFpMhzvn7J1T4QlHynS4VDxX3h1k2IzFiNNKdMA8xyA=
X-Received: by 2002:a25:850b:: with SMTP id w11mr22834104ybk.518.1623070301754; Mon, 07 Jun 2021 05:51:41 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 07 Jun 2021 08:51:30 -0400
Message-ID: <CAMm+Lwizfw6=T28gGOgeGZ=4CEHsQ5BoWcAt5mOWbyJHLVJmuQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000c8190305c42c8068"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/e7aQwOBKVApwNxb1SOUggOhaHdc>
Subject: [CFRG] OCB does not have an OID specified, that is a general problem
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 12:51:46 -0000
Raising this in SAAG because this raises a policy issue and CFRG because that is where the policy should be enforced. It is also relevant to LAMPS but trying to avoid cross posting as everyone on the LAMPS list is likely on SAAG. rfc7253 specifies OCB mode. But there is no OID specified to use OCB with CMS, nor are there identifiers for use with JOSE. This is problematic to say the least. If an algorithm is worth publishing as an RFC, there should be definitive identifiers for general purpose packaging formats specified in that RFC. I would like to propose that in future assignment of relevant OIDs and JOSE identifiers be considered a requirement for similar work. If a spec for a symmetric mode isn't sufficiently specified to enable interoperable implementation in CMS and JOSE, it is not sufficiently specified to be an RFC. This would not cover TLS, IPSEC etc. since they have rather different considerations. Algorithms are curated and selected as suites for TLS for a start. I am not a fan of having multiple registries for specifying identifiers for algorithms. In fact if I had my way, there would be a single IANA text registry because while we could write a spec for a cryptographic algorithm and call it SMTP, that would be silly. It seems to me that one registry for the ASN.1 identifiers and one for text based identifiers is sufficient for all reasonable purposes. To the extent that XML signature and encryption are still a thing, well why don't we just specify a generic URN scheme for IANA registries and have done.
- [CFRG] OCB does not have an OID specified, that i… Phillip Hallam-Baker
- Re: [CFRG] OCB does not have an OID specified, th… Salz, Rich
- Re: [CFRG] OCB does not have an OID specified, th… Roman Danyliw
- Re: [CFRG] OCB does not have an OID specified, th… Neil Madden
- Re: [CFRG] OCB does not have an OID specified, th… Carsten Bormann
- Re: [CFRG] OCB does not have an OID specified, th… Richard Outerbridge
- Re: [CFRG] [saag] OCB does not have an OID specif… Russ Housley
- Re: [CFRG] OCB does not have an OID specified, th… Phillip Hallam-Baker
- Re: [CFRG] OCB does not have an OID specified, th… Neil Madden
- Re: [CFRG] OCB does not have an OID specified, th… Phillip Hallam-Baker
- [CFRG] CFRG does standards and that is a general … Michael StJohns
- Re: [CFRG] CFRG does standards and that is a gene… Colin Perkins
- Re: [CFRG] OCB does not have an OID specified, th… Neil Madden
- Re: [CFRG] CFRG does standards and that is a gene… Michael StJohns
- Re: [CFRG] OCB does not have an OID specified, th… Phillip Hallam-Baker
- Re: [CFRG] CFRG does standards and that is a gene… Colin Perkins