IETF Logo Mail Archive

Re: [CFRG] options == bad?

Manu Sporny <msporny@digitalbazaar.com> Sat, 20 August 2022 17:27 UTC

Return-Path: <msporny@digitalbazaar.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EF555C14CE34 for <cfrg@ietfa.amsl.com>; Sat, 20 Aug 2022 10:27:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digitalbazaar.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rq0gLog3yFHB for <cfrg@ietfa.amsl.com>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
Received: from mail-vs1-xe30.google.com (mail-vs1-xe30.google.com [IPv6:2607:f8b0:4864:20::e30]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AFD1AC14F5E1 for <cfrg@irtf.org>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
Received: by mail-vs1-xe30.google.com with SMTP id l7so7065610vsc.0 for <cfrg@irtf.org>; Sat, 20 Aug 2022 10:27:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalbazaar.com; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc; bh=n4d11YzrIEXgwPYuNIwrp56Bcy1LGBJ33qV4DyEwRZU=; b=DzNDNJivy94K7u1Ra+Ibuszgk3X7CsVpkRdmNV47lh4NaWYmGxIWcJbVK52VMKCGoC koWsPZ0XUHHt5gI3g9tkeN2bwCmoaZJg0tEkYk5mXzscNc10jpsGHNFC3RSFqeatnhue ltt1g9rSjy5jmpKwY/BAsr4yPS1wzUrORxmcMuTJa+aSkZnWqvmEKFDfmxLChTh5b4ay aNzdI/S84JERoYUL6pW873Qsg30yyncvSaOkriRxMqW/DH8GFkR/bBC/UW89UzO8Mefr dRYPfgjc3KrbvfceoMWjxsacPUNmUkcD9JxOT/fa1y6WcnILSK5rrnxxVPLTpNZKLxr8 s3Cw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc; bh=n4d11YzrIEXgwPYuNIwrp56Bcy1LGBJ33qV4DyEwRZU=; b=bkMXV5WiduBWDC9XPCiyjZ52R0Pqru5Eu04xZ+tvTyWSSgsbHht3hI6CclQRQGBEUW NqBjjD4l30+1siMJXvMwgYVqDw8e79Q+sc6BxwTzujrrIbTnjft1u5recV7X83f6XPHl gfl/DImOk+fN7myc847FM9Kgl4PtqyVrFdREJtC4BvuBazXdq1Yezq8TFPeO/Kmfr52v PWmNGNcu3dIR1Jcr0KVCqeMh7/eSGpbdo5qryBRK9ikPw5oip9bcCM33SfWPbkgBLKX0 qP3x0g9TLh7xD0Xz1Kg/OXWcTe0euJi7qRjIWS/9E3D2XYzEA1/9YqB2X6oO1u1nXbK8 DcvQ==
X-Gm-Message-State: ACgBeo1co8m+YDP5CrZnYQh1Yevj+t70pxmK4asKHFMcFgdVldE8jiMr v2ee4QO1OCvfoOcJMtBZx8qWCcH3+AW642HULwX9+DBCDpNxiPc1
X-Google-Smtp-Source: AA6agR4/zaO1mks9ktfepwPlWBqxbLLKoNMOGwfSxqdY/CXsaoWwCzuAYcO/UB+2GYP5344aA+RozO1peZStNb0aL6Y=
X-Received: by 2002:a05:6102:3a6a:b0:390:28e3:3fce with SMTP id bf10-20020a0561023a6a00b0039028e33fcemr2861048vsb.13.1661016441962; Sat, 20 Aug 2022 10:27:21 -0700 (PDT)
MIME-Version: 1.0
References: <CH0PR11MB5739393F19DD5282E3D7EF549F6A9@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB5739557425DD3FDE5812D8479F6A9@CH0PR11MB5739.namprd11.prod.outlook.com> <4a3c52bf-d9b9-4e32-9f7f-f42256479906@beta.fastmail.com> <d9bd996d-0d2f-c313-80d2-3468cd4c956b@cs.tcd.ie> <CAMBN2CQ9+ZXAmz=5zRgpEfur9i=REwAOKsuZa5LEJfwvW4zcQQ@mail.gmail.com> <AM9P194MB1265C3C141951A47FEB315D5B66D9@AM9P194MB1265.EURP194.PROD.OUTLOOK.COM>
In-Reply-To: <AM9P194MB1265C3C141951A47FEB315D5B66D9@AM9P194MB1265.EURP194.PROD.OUTLOOK.COM>
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Sat, 20 Aug 2022 13:26:46 -0400
Message-ID: <CAMBN2CT8W7AHzb-F_H1Q=4pXMUAo-8_+NpwttLodPNg0ZKsQMw@mail.gmail.com>
To: Kai Mindermann <kai.mindermann@ic-consult.com>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "cfrg@irtf.org" <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/xKdlU-uWb75pKBXvS6zVgkG03bc>
Subject: Re: [CFRG] options == bad?
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 20 Aug 2022 17:27:28 -0000

On Thu, Aug 18, 2022 at 10:54 AM Kai Mindermann
<kai.mindermann@ic-consult.com> wrote:
> sounds a lot like you are going for some of the ideas I presented/drafted in https://datatracker.ietf.org/doc/html/draft-kaimindermann-securecryptoconfig a while ago.

Interesting... I read through the entire draft. Yes, the concepts are
very similar, though the W3C Verifiable Credentials WG isn't trying to
go as far as establish cryptoconfigs (as you call them) for the world.
We're just trying to define them for the Verifiable Credential Data
Integrity work by building on top of established options in the
COSE/JOSE algorithms registry... but (ideally) whittling them down to
"one secure set of parameters for using a specific modern digital
signature algorithm (eg. ECDSA, EdDSA) for the next 5 years".

> Its of very big importance to leave as much of the decisions regarding crypto parameters to the crypto experts/libraries and only expose the needed parameters.

Yes, and the problem right now is that web developers (to take an
example population) are choosing from ALL of the algorithms in the
COSE/JOSE registry (without understanding what mixing any of the
parameters together really means). The incentives for
application-layer cryptography library implementers to implement
algorithms in the registries are misaligned... the more algorithms and
parameters they support, the more popular their library becomes
(because no developer wants to switch out their cryptography libraries
if they need to do something else in the future... so developers
choose something that supports EVERYTHING! ... and then go on to make
questionably uneducated guesses based on stackoverflow threads). Case
in point: https://github.com/panva/jose

We've watched in horror as our cryptography software (17M weekly
installs), which takes this "implement all the options kitchen sink
approach", is used by inexperienced developers that continue to make
some questionable parametric choices:
https://www.npmjs.com/package/node-forge

> (Of course, there can also still be an interface that allows all the possible parameters for power users / experts).

Yes, of course "expert interfaces" still need to exist... but be
deactivated/turned off by default. Ideally, cryptographic suites are
actively installed by the end developer as requirements for the
application (and are not just randomly pulled in when you install the
library). Use of deprecated/experimental features are explicitly
turned on (with warnings spewed to the console /logs if possible).

> What I have no concrete idea about yet are tunable parameters, e.g. some of the argon2id parameters may depend on the runtime environment.

Yeah, that's more difficult, and we're not currently trying to tackle
that beast. We're fairly narrowly focused on doing this correctly for
digital signatures and key exchange. We'll have some proposals for
CFRG to review in the coming months to see if we're on the right
track.

Kai, what was the response to the concepts in your suggested I-D?

-- manu

--
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
News: Digital Bazaar Announces New Case Studies (2021)
https://www.digitalbazaar.com/

v2.23.0 | Report a Bug | By Email