Re: [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens

Scott Arciszewski <> Sat, 28 April 2018 16:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 21F2312E056 for <>; Sat, 28 Apr 2018 09:55:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7kPa3CX2Rr3E for <>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:4003:c0f::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 3C9B8126C3D for <>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
Received: by with SMTP id n1-v6so5398026otf.7 for <>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4biAjrMI+o6kjvoOrDmCizicTqEjFK6fqHqohZ9NJEE=; b=qiQKjiJsd2EQP7RlunwmO4yapyzGnwT4GDMqgqkOYjPL62IxPxvNjUVEVVwYE6GV/h XOPnXWbZRY3LtXDVYYmqlw1zYmIGS1zgenHF9saVLAUWsrIWrgHnj2Yp112VtoNx30Mi CB+TxN6vEj/P4wim2tVza0Y4vKAhPgTCV+i8l0aU5J7pTsiMRvbnaF1k6jnX6vKmUZFA gA3L4z7RQr9P/XqjvgQ29YqkTjzPQlP2YdiyMrwVf5W/jc/BS9YO668iOqHYJ2oJ3p/H cD350jWtlCK8DUv8Mn8NcwkgYD8BLyYc2Tj6enfL4x2/ZDymL5TvPKDLqDj7JD12bU2I 8+Vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4biAjrMI+o6kjvoOrDmCizicTqEjFK6fqHqohZ9NJEE=; b=bRBtro7TO2kNuUk2hKOSig9GuxiuE2/vN3EOCnQ2D+UH29SLwdHRH2jtatLasNvPXJ MZOVTeAyFT/gPmup5LTju9DVQxZMWQQfoQY0xHu+10uo3nGusFgqEakvt5siL06kU0rp 7W5K3gjJ4mr1yi535Xdhiv+LOJRmouQ9KTkrB9zMJi4QAPZFlpTKSVz35QfR5cBu6v81 K6YEc6mqPSne12I3VOngrW9X5mMSvEisNidAa8soO+z+gnkMp2izR59n8E9IklJd6xHA nK1gO8fhWgrYuH0n6QiIri/ay2lTRiPMp69TUgD0YWyYjQbik5z0cZGT/0ItKXfCnlKW OmdA==
X-Gm-Message-State: ALQs6tA8rwzhe3Alo3iE7F43uHi8ouavaJOu03bmpotbUaAynbliYx5f fsCuV/vFI/zmq0VD6PVxyiA//ckFq6aSQfnQY0o7hpYcClk=
X-Google-Smtp-Source: AB8JxZp08kVFsQwIUL8PUFRPwBZe2Nn9heJXT5rRT0F67CODC/umgCCe2FgHhuE6cL19OZFRy292NuUJWZGAT4Eg0+0=
X-Received: by 2002:a9d:2fd3:: with SMTP id b19-v6mr4093615otd.184.1524934545655; Sat, 28 Apr 2018 09:55:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:55e9:0:0:0:0:0 with HTTP; Sat, 28 Apr 2018 09:55:45 -0700 (PDT)
In-Reply-To: <>
References: <> <> <> <>
From: Scott Arciszewski <>
Date: Sat, 28 Apr 2018 12:55:45 -0400
Message-ID: <>
To: "Salz, Rich" <>
Cc: Neil Madden <>, "" <>, "" <>
Content-Type: multipart/alternative; boundary="000000000000e65d9e056aeb7d3f"
Archived-At: <>
Subject: Re: [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Sat, 28 Apr 2018 16:55:50 -0000

Yes, seriously. Allow me to explain:

Secure cryptography is not backwards compatible with insecure cryptography.
You can't decrypt an RC4-encrypted message by using AES-GCM.

When engineers develop systems that allow for backwards compatibility on
top of incompatible primitives, they're creating room for downgrade attacks
[1] [2].

Making a replacement rather than another iteration doesn't carry that risk.

And keep in mind, my target audience is the sort that has absolutely no
idea how to tell "trivially broken" cryptography from "has a
certificational weakness but is otherwise fine".


Whether or not you agree with my decision (your appetite for risk,
envisioned use case, and target audience might all be totally different
than my own), I don't think it deserves incredulity. (Seriously?)

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <>

On Sat, Apr 28, 2018 at 12:49 PM, Salz, Rich <> wrote:

> Scott,
> If “good and safe” crypto is not 100% in the JOSE ecosystem, you think the
> solution is a new standard which uses some novel techniques?  Seriously?
> To me, a draft which started the process to deprecate the old/bad things
> seems more effectsive.