Re: [CFRG] options == bad?
Manu Sporny <msporny@digitalbazaar.com> Sat, 20 August 2022 17:27 UTC
Return-Path: <msporny@digitalbazaar.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF555C14CE34 for <cfrg@ietfa.amsl.com>; Sat, 20 Aug 2022 10:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digitalbazaar.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rq0gLog3yFHB for <cfrg@ietfa.amsl.com>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFD1AC14F5E1 for <cfrg@irtf.org>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id l7so7065610vsc.0 for <cfrg@irtf.org>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalbazaar.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=n4d11YzrIEXgwPYuNIwrp56Bcy1LGBJ33qV4DyEwRZU=; b=DzNDNJivy94K7u1Ra+Ibuszgk3X7CsVpkRdmNV47lh4NaWYmGxIWcJbVK52VMKCGoC koWsPZ0XUHHt5gI3g9tkeN2bwCmoaZJg0tEkYk5mXzscNc10jpsGHNFC3RSFqeatnhue ltt1g9rSjy5jmpKwY/BAsr4yPS1wzUrORxmcMuTJa+aSkZnWqvmEKFDfmxLChTh5b4ay aNzdI/S84JERoYUL6pW873Qsg30yyncvSaOkriRxMqW/DH8GFkR/bBC/UW89UzO8Mefr dRYPfgjc3KrbvfceoMWjxsacPUNmUkcD9JxOT/fa1y6WcnILSK5rrnxxVPLTpNZKLxr8 s3Cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=n4d11YzrIEXgwPYuNIwrp56Bcy1LGBJ33qV4DyEwRZU=; b=bkMXV5WiduBWDC9XPCiyjZ52R0Pqru5Eu04xZ+tvTyWSSgsbHht3hI6CclQRQGBEUW NqBjjD4l30+1siMJXvMwgYVqDw8e79Q+sc6BxwTzujrrIbTnjft1u5recV7X83f6XPHl gfl/DImOk+fN7myc847FM9Kgl4PtqyVrFdREJtC4BvuBazXdq1Yezq8TFPeO/Kmfr52v PWmNGNcu3dIR1Jcr0KVCqeMh7/eSGpbdo5qryBRK9ikPw5oip9bcCM33SfWPbkgBLKX0 qP3x0g9TLh7xD0Xz1Kg/OXWcTe0euJi7qRjIWS/9E3D2XYzEA1/9YqB2X6oO1u1nXbK8 DcvQ==
X-Gm-Message-State: ACgBeo1co8m+YDP5CrZnYQh1Yevj+t70pxmK4asKHFMcFgdVldE8jiMr v2ee4QO1OCvfoOcJMtBZx8qWCcH3+AW642HULwX9+DBCDpNxiPc1
X-Google-Smtp-Source: AA6agR4/zaO1mks9ktfepwPlWBqxbLLKoNMOGwfSxqdY/CXsaoWwCzuAYcO/UB+2GYP5344aA+RozO1peZStNb0aL6Y=
X-Received: by 2002:a05:6102:3a6a:b0:390:28e3:3fce with SMTP id bf10-20020a0561023a6a00b0039028e33fcemr2861048vsb.13.1661016441962; Sat, 20 Aug 2022 10:27:21 -0700 (PDT)
MIME-Version: 1.0
References: <CH0PR11MB5739393F19DD5282E3D7EF549F6A9@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739557425DD3FDE5812D8479F6A9@CH0PR11MB5739.namprd11.prod.outlook.com> <4a3c52bf-d9b9-4e32-9f7f-f42256479906@beta.fastmail.com> <d9bd996d-0d2f-c313-80d2-3468cd4c956b@cs.tcd.ie> <CAMBN2CQ9+ZXAmz=5zRgpEfur9i=REwAOKsuZa5LEJfwvW4zcQQ@mail.gmail.com> <AM9P194MB1265C3C141951A47FEB315D5B66D9@AM9P194MB1265.EURP194.PROD.OUTLOOK.COM>
In-Reply-To: <AM9P194MB1265C3C141951A47FEB315D5B66D9@AM9P194MB1265.EURP194.PROD.OUTLOOK.COM>
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 20 Aug 2022 13:26:46 -0400
Message-ID: <CAMBN2CT8W7AHzb-F_H1Q=4pXMUAo-8_+NpwttLodPNg0ZKsQMw@mail.gmail.com>
To: Kai Mindermann <kai.mindermann@ic-consult.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/xKdlU-uWb75pKBXvS6zVgkG03bc>
Subject: Re: [CFRG] options == bad?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Aug 2022 17:27:28 -0000
On Thu, Aug 18, 2022 at 10:54 AM Kai Mindermann <kai.mindermann@ic-consult.com> wrote: > sounds a lot like you are going for some of the ideas I presented/drafted in https://datatracker.ietf.org/doc/html/draft-kaimindermann-securecryptoconfig a while ago. Interesting... I read through the entire draft. Yes, the concepts are very similar, though the W3C Verifiable Credentials WG isn't trying to go as far as establish cryptoconfigs (as you call them) for the world. We're just trying to define them for the Verifiable Credential Data Integrity work by building on top of established options in the COSE/JOSE algorithms registry... but (ideally) whittling them down to "one secure set of parameters for using a specific modern digital signature algorithm (eg. ECDSA, EdDSA) for the next 5 years". > Its of very big importance to leave as much of the decisions regarding crypto parameters to the crypto experts/libraries and only expose the needed parameters. Yes, and the problem right now is that web developers (to take an example population) are choosing from ALL of the algorithms in the COSE/JOSE registry (without understanding what mixing any of the parameters together really means). The incentives for application-layer cryptography library implementers to implement algorithms in the registries are misaligned... the more algorithms and parameters they support, the more popular their library becomes (because no developer wants to switch out their cryptography libraries if they need to do something else in the future... so developers choose something that supports EVERYTHING! ... and then go on to make questionably uneducated guesses based on stackoverflow threads). Case in point: https://github.com/panva/jose We've watched in horror as our cryptography software (17M weekly installs), which takes this "implement all the options kitchen sink approach", is used by inexperienced developers that continue to make some questionable parametric choices: https://www.npmjs.com/package/node-forge > (Of course, there can also still be an interface that allows all the possible parameters for power users / experts). Yes, of course "expert interfaces" still need to exist... but be deactivated/turned off by default. Ideally, cryptographic suites are actively installed by the end developer as requirements for the application (and are not just randomly pulled in when you install the library). Use of deprecated/experimental features are explicitly turned on (with warnings spewed to the console /logs if possible). > What I have no concrete idea about yet are tunable parameters, e.g. some of the argon2id parameters may depend on the runtime environment. Yeah, that's more difficult, and we're not currently trying to tackle that beast. We're fairly narrowly focused on doing this correctly for digital signatures and key exchange. We'll have some proposals for CFRG to review in the coming months to see if we're on the right track. Kai, what was the response to the concepts in your suggested I-D? -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
- [CFRG] Whether to hash-then-sign with Dilithium a… Mike Ounsworth
- Re: [CFRG] Whether to hash-then-sign with Dilithi… Scott Fluhrer (sfluhrer)
- Re: [CFRG] Whether to hash-then-sign with Dilithi… Mike Ounsworth
- Re: [CFRG] [pqc-forum] RE: Whether to hash-then-s… Massimo, Jake
- Re: [CFRG] Whether to hash-then-sign with Dilithi… Martin Thomson
- [CFRG] options == bad? (was: Re: Whether to hash-… Stephen Farrell
- Re: [CFRG] [pqc-forum] RE: Whether to hash-then-s… Tadahiko Ito
- Re: [CFRG] options == bad? Manu Sporny
- Re: [CFRG] options == bad? Kai Mindermann
- Re: [CFRG] options == bad? (was: Re: Whether to h… Phillip Hallam-Baker
- Re: [CFRG] options == bad? (was: Re: Whether to h… Ilari Liusvaara
- Re: [CFRG] options == bad? (was: Re: Whether to h… Stephen Farrell
- Re: [CFRG] options == bad? (was: Re: Whether to h… Scott Fluhrer (sfluhrer)
- Re: [CFRG] [lamps] [EXTERNAL] Re: [pqc-forum] RE:… Phillip Hallam-Baker
- Re: [CFRG] [lamps] [EXTERNAL] Re: [pqc-forum] RE:… Blumenthal, Uri - 0553 - MITLL
- Re: [CFRG] [lamps] [EXTERNAL] Re: [pqc-forum] RE:… Mike Ounsworth
- Re: [CFRG] options == bad? Manu Sporny
- Re: [CFRG] options == bad? (was: Re: Whether to h… Manu Sporny
- Re: [CFRG] Whether to hash-then-sign with Dilithi… D. J. Bernstein
- Re: [CFRG] options == bad? Manu Sporny
- Re: [CFRG] options == bad? Ilari Liusvaara
- Re: [CFRG] options == bad? Loup Vaillant
- Re: [CFRG] options == bad? Phillip Hallam-Baker
- Re: [CFRG] options == bad? Kai Mindermann