Re: [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard

Jim Schaad <ietf@augustcellars.com> Sat, 23 May 2020 02:23 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 850643A0EC9; Fri, 22 May 2020 19:23:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zMsDaFEnEoEf; Fri, 22 May 2020 19:23:01 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 89A473A0DEA; Fri, 22 May 2020 19:23:00 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Fri, 22 May 2020 19:22:54 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: last-call@ietf.org, 'IETF-Announce' <ietf-announce@ietf.org>
CC: 'Ivaylo Petrov' <ivaylo@ackl.io>, cose-chairs@ietf.org, superuser@gmail.com, draft-ietf-cose-webauthn-algorithms@ietf.org, cose@ietf.org
References: <158937361695.30811.14534799425984840549@ietfa.amsl.com>
In-Reply-To: <158937361695.30811.14534799425984840549@ietfa.amsl.com>
Date: Fri, 22 May 2020 19:22:54 -0700
Message-ID: <027401d630a9$12fa2d00$38ee8700$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQHGsE9uJCC405T99FjDqvVj21ZBSqjT7zIA
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/24eS6tnGYkuygG3vFPE5T3M9e2g>
Subject: Re: [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2020 02:23:05 -0000

I will raise the same issue that I did during the working group
(https://mailarchive.ietf.org/arch/msg/cose/6SpNYAD0YC0fTM0dOA7MZ3fnqqo/ is
the first time).  The messages sent over to CFRG did not receive a positive
response for the IETF recommending it
(https://mailarchive.ietf.org/arch/msg/cfrg/iuRak1_HFZ33oWDWPl7KbvZHC0k/
among others).

I believe that the IESG needs to debate if this document should be the one
which makes the secp256k1 curve a recommended IETF curve to use.

Jim


-----Original Message-----
From: COSE <cose-bounces@ietf.org> On Behalf Of The IESG
Sent: Wednesday, May 13, 2020 5:40 AM
To: IETF-Announce <ietf-announce@ietf.org>
Cc: Ivaylo Petrov <ivaylo@ackl.io>; cose-chairs@ietf.org;
superuser@gmail.com; draft-ietf-cose-webauthn-algorithms@ietf.org;
cose@ietf.org
Subject: [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt>
(COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard


The IESG has received a request from the CBOR Object Signing and Encryption
WG (cose) to consider the following document: - 'COSE and JOSE Registrations
for WebAuthn Algorithms'
  <draft-ietf-cose-webauthn-algorithms-05.txt> as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits final
comments on this action. Please send substantive comments to the
last-call@ietf.org mailing lists by 2020-05-27. Exceptionally, comments may
be sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


   The W3C Web Authentication (WebAuthn) specification and the FIDO
   Alliance Client to Authenticator Protocol (CTAP) specification use
   CBOR Object Signing and Encryption (COSE) algorithm identifiers.
   This specification registers the following algorithms in the IANA
   "COSE Algorithms" registry, which are used by WebAuthn and CTAP
   implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512,
   and SHA-1, and ECDSA using the secp256k1 curve and SHA-256.  It
   registers the secp256k1 elliptic curve in the IANA "COSE Elliptic
   Curves" registry.  Also, for use with JSON Object Signing and
   Encryption (JOSE), it registers the algorithm ECDSA using the
   secp256k1 curve and SHA-256 in the IANA "JSON Web Signature and
   Encryption Algorithms" registry and the secp256k1 elliptic curve in
   the IANA "JSON Web Key Elliptic Curve" registry.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-ietf-cose-webauthn-algorithms/



No IPR declarations have been submitted directly on this I-D.


The document contains these normative downward references.
See RFC 3967 for additional information: 
    rfc6194: Security Considerations for the SHA-0 and SHA-1 Message-Digest
Algorithms (Informational - IETF stream)




_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose