Re: [CFRG] OCB does not have an OID specified, that is a general problem

Roman Danyliw <> Mon, 07 June 2021 13:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id E64AC3A1723; Mon, 7 Jun 2021 06:53:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 2ukLK7EjrNf4; Mon, 7 Jun 2021 06:53:21 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3422E3A171A; Mon, 7 Jun 2021 06:53:20 -0700 (PDT)
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id 157DrCM2011603; Mon, 7 Jun 2021 09:53:12 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 157DrCM2011603
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=yc2bmwvrj62m; t=1623073993; bh=N0G/OoshoIVT+Cm11iKuNySh4hwvNUSPnwTxxt1TVQU=; h=From:To:Subject:Date:References:In-Reply-To:From; b=GHDqm+T5XmXSDd0KHZ0PcROuz7L/lHqHNBxdmQoXe5J2BjozcN7z56z3Rwdcq2p44 aV8XXbKMmx2n+dTIhVIhonBdOWTdgVAerqg8TzISD5xNXLpHdeg1/UHTj5D47V/zSF Z5n+yNwXTjxC/kHoX2DBoOklKDAuiLm1Hle5uroY=
Received: from ( []) by (8.14.7/8.14.7) with ESMTP id 157DrCbE029886; Mon, 7 Jun 2021 09:53:12 -0400
Received: from ( by ( with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2242.4; Mon, 7 Jun 2021 09:53:11 -0400
Received: from ([fe80::555b:9498:552e:d1bb]) by ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2242.008; Mon, 7 Jun 2021 09:53:11 -0400
From: Roman Danyliw <>
To: "Salz, Rich" <>, Phillip Hallam-Baker <>, IETF SAAG <>, IRTF CFRG <>
Thread-Topic: [CFRG] OCB does not have an OID specified, that is a general problem
Thread-Index: AQHXW6N+a1Vrdzx3xU+eJBWSPnEszasIkDQQ
Date: Mon, 07 Jun 2021 13:53:10 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_773badc5fdc04c41a5ceea7ad4fe29fecertorg_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [CFRG] OCB does not have an OID specified, that is a general problem
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 07 Jun 2021 13:53:26 -0000


From: saag <> On Behalf Of Salz, Rich
Sent: Monday, June 7, 2021 9:45 AM
To: Phillip Hallam-Baker <>; IETF SAAG <>; IRTF CFRG <>
Subject: Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem

  *   rfc7253 specifies OCB mode. But there is no OID specified to use OCB with CMS, nor are there identifiers for use with JOSE.

For this particular case, a request to the IANA expert will get an OID.  (He’s a co-chair of LAMPS :)

  *   I would like to propose that in future assignment of relevant OIDs and JOSE identifiers be considered a requirement for similar work. If a spec for a symmetric mode isn't sufficiently specified to enable interoperable implementation in CMS and JOSE, it is not sufficiently specified to be an RFC.

That’s a reasonable thing to ask for, and something that could be caught by SECDIR or AD review.

[Roman] Agreed in the general case for the IETF stream.  For RFC7253, this review would have been during IESG conflict review because that document was IRTF stream (which doesn’t have an SECDIR review, AD review or even an IESG ballot).