IETF Logo Mail Archive

Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re: Call for COSE Agenda Items for IETF 113 in Vienna]

Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 10 March 2022 06:15 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 213133A088F for <cose@ietfa.amsl.com>; Wed, 9 Mar 2022 22:15:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e6kzHBCBGlqZ for <cose@ietfa.amsl.com>; Wed, 9 Mar 2022 22:15:06 -0800 (PST)
Received: from mail-wr1-x432.google.com (mail-wr1-x432.google.com [IPv6:2a00:1450:4864:20::432]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AEF23A0898 for <cose@ietf.org>; Wed, 9 Mar 2022 22:15:06 -0800 (PST)
Received: by mail-wr1-x432.google.com with SMTP id e24so6273411wrc.10 for <cose@ietf.org>; Wed, 09 Mar 2022 22:15:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=message-id:date:mime-version:user-agent:subject:content-language:to :cc:references:from:in-reply-to:content-transfer-encoding; bh=Gw0vk/LhqzdOK7VByZNvO3RmMmLwzTq6gwJRl3Gq2gs=; b=KXm5SUf7InF1QPXKVp/P8Cne+tF2BdVK3yff12sKkpSuCjqGjhN5GMjOQo46RaRXTn kAjc2JzJonSy3IerSosuzpPLWrxYdtuZubyavzFbGL8n0wnK6T0dw6gwqNqcrEfImrQ9 A/ffIBzfGNOdy6/oA3m3HrAvQ1ICOQJE9MT4Qv8JkHbcwZQ0dkMctHwVNBCxWn7aQBji ieaaCIx4cF8ZcSoy/ikV2z/zD4ympwikZAePep8iD3zZjDfsgyFY8YrfBxx3hkEhbnhN MqM6HIJ5Fvq+u4MIcrEMqewRWo31dA+FAmTLRmZihX44o6IO/aZvo9Fr+v1pzp646lIK S0OA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:message-id:date:mime-version:user-agent:subject :content-language:to:cc:references:from:in-reply-to :content-transfer-encoding; bh=Gw0vk/LhqzdOK7VByZNvO3RmMmLwzTq6gwJRl3Gq2gs=; b=BQZGGI6ONeIoPKRiV8wfeSviTRL2dnrwzEW1BO3/GeJZTr3iIg42th7x3cmA7xdyso PYlD4DtrD99b/JuW5mWQBDtljxQzFtcvXzUMOA96VrzfvnxQoBpIEgU72caCHKVYqwAg 7U7+6dA2hfcuaEXufx+W/bC6FZOqej5CX4rF7EW5wTbF7E+cqsxASUXUhvPebaUorcEQ cJalaeintnt0eKwHay5b31O5rh22e3rbXYn8yWbWTV2csQ7qnOIO3roKfO037n6CQKl3 mSLwNDmVEzUBQAWiVS/rAS+wM/10gW95e+y6/WaWvbDO0vQcxAHd5QjmDTGK7uQ7k3VF Ihcw==
X-Gm-Message-State: AOAM530fU//mjfIvd7hXS6qTM2pcabPQ4hnoRJhyFoTbJJk15oqqO4PX nrikcDPUQRoZ6KkVjKWtjZM=
X-Google-Smtp-Source: ABdhPJyvxKQ+ysWo5+K4bAZVuG6IP1Vbr9JMeRsw4lR9Zu+QZZuuLyIcRcOFLLPPa7LgFuW3yXmHXw==
X-Received: by 2002:adf:d1cf:0:b0:203:7e27:8f55 with SMTP id b15-20020adfd1cf000000b002037e278f55mr2256885wrd.38.1646892904462; Wed, 09 Mar 2022 22:15:04 -0800 (PST)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id i8-20020a1c5408000000b00389bf11ba0csm6783220wmb.38.2022.03.09.22.15.03 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 09 Mar 2022 22:15:03 -0800 (PST)
Message-ID: <a730ecbe-bbc5-2df1-ec60-a43353507b93@gmail.com>
Date: Thu, 10 Mar 2022 07:15:01 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:91.0) Gecko/20100101 Thunderbird/91.6.2
Content-Language: en-US
To: Mike Jones <Michael.Jones@microsoft.com>, Russ Housley <housley@vigilsec.com>, Mike Prorock <mprorock@mesur.io>
Cc: "cose@ietf.org" <cose@ietf.org>, Orie <orie@transmute.industries>
References: <SA2PR00MB1002C64FDF9A7CF14E95D135F50B9@SA2PR00MB1002.namprd00.prod.outlook.com>
From: Anders Rundgren <anders.rundgren.net@gmail.com>
In-Reply-To: <SA2PR00MB1002C64FDF9A7CF14E95D135F50B9@SA2PR00MB1002.namprd00.prod.outlook.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/03NObl_v9G547-DkP3vakoQHVoo>
Subject: Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re: Call for COSE Agenda Items for IETF 113 in Vienna]
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 06:15:22 -0000

Hi Guys,

May I as an implementer also comment on the idea of overloading the OKP identifier?

Actual code for a COSE public key decoder:

     // Throws an exception if there is no KTY label (=key object is completely malformed).
     int coseKty = publicKeyMap.getObject(COSE_KTY_LABEL).getInt();
     KeyTypes keyType = keyTypes.get(coseKty);
     if (keyType == null) {
         throw new GeneralSecurityException("Unrecognized key type: " + coseKty);
     }

I guess that most decoders do something like this since the parameters associated with each "kty" are quite different.

If you OTOH overload OKP, decoders would assume that they are going to process an x25519, x448, ed25519, or ed448 key and convert these to the platform's own representation.  Such code will fail and in a much less predictive way.  BTW, Oracle would never considering extending their existing interfaces for the mentioned algorithms; they would define new ones.   Some people suggested retrofitting the EC interfaces for ed25519 and friends but Oracle turned down this request since existing crypto providers would either have to be upgraded or just crash and that is not overly appealing.  Clean separation is more important than code reuse.  A key decoder/encoder is also a very small piece of code.

This is also a question about adoption. By using different identifiers, software can be upgraded without support by the platform vendors.  It took Oracle 5 years to introduce native support for Ed25519!

Cheers,
Anders

v2.8.7 | Report a Bug | By Email