IETF Logo Mail Archive

Re: [COSE] [Cbor] Gordian Envelope and Crypto-Agility for its Hash

Laurence Lundblade <lgl@island-resort.com> Wed, 08 March 2023 17:50 UTC

Return-Path: <lgl@island-resort.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 592FFC1522A0 for <cose@ietfa.amsl.com>; Wed, 8 Mar 2023 09:50:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0G_NKaRKQu7m for <cose@ietfa.amsl.com>; Wed, 8 Mar 2023 09:50:29 -0800 (PST)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10on2071e.outbound.protection.outlook.com [IPv6:2a01:111:f400:7e89::71e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 03937C1516E3 for <cose@ietf.org>; Wed, 8 Mar 2023 09:50:28 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=O92smdCPys2kD5bQNteuUAEVPvUy91sPWAJUqjhM1VpneJKoxgndtFNyW+bvcylHrZOPvjxNrdDAZyfI4E71LsddICK3+edq1PZqqR8bD6P1iscEg3ztEg32t3agGpi+hRO6XjZhT5Ga1O6EZraZok2+g4x0Fd0QLdiURxOThci05cwQ8qE/TFSNGlOblvsmtaXh/dAMwRXuQ3CczbXc8ySWE+UD1bMpejumMwKvPc2xe+dLqwDHe9oz6u85Nr7lHLB3vNlKRBYwHDqnLqv5QdSLBrb8muO2sQOznm+5qPMmyy6kI5A2Ja+i9XTtOFvBDQODeN+iJKn29yejofucHA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=UtljrokTfWQDJ9D6akJTFP4t5rQ2RtIGOW94GXhZrXI=; b=V0yAukVsfCgd11NC/zjMhIaDGvIcGj2MN3E60EEKEmVozsYef4OJOmHBndUwEDYIVZ4DYWINj2nlePCMrRCgnrxMCtsbEU5BKtLLRAvfkc+qmShkHwMMjOZKdEWbCtoQr1BT6Ev9Rg/bQjvSRcZQZ0RxDTwCS+YR2fvOkffL8JhBnYL72MUGlRLF43dTra6eYvnZxxpacL+C+7grIWpIe01moqFk2q2XK5bmJXMgLIh4aRUTAG47dm30h5jRt8EKyGrjHi3s9p3d4duqNmXvppb0mTpJxL9ls98Xys92eLEASC12ABWnCb93YBWrkzDAXFNjQejJx9NY8A8Oy2BfUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by CO6PR22MB2419.namprd22.prod.outlook.com (2603:10b6:303:ad::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6178.17; Wed, 8 Mar 2023 17:50:24 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::1aae:283a:d7b:3d58%4]) with mapi id 15.20.6156.029; Wed, 8 Mar 2023 17:50:24 +0000
From: Laurence Lundblade <lgl@island-resort.com>
Message-Id: <BD381380-0EE8-441B-8C55-2E60B5181859@island-resort.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_413DA563-56D7-4FB2-8BEE-3BF57A0B92A2"
Date: Wed, 08 Mar 2023 09:50:21 -0800
In-Reply-To: <CAAse2dGUmiZ3ETnbzdr8wVjxKkV5TesYx_RO7onoTMkkec+Tfw@mail.gmail.com>
Cc: cose <cose@ietf.org>
To: Christopher Allen <christophera@lifewithalacrity.com>
References: <CAAse2dHXGbMDEh1vWbAReH5Ax7cCWOwv4QjfPZMh0Hv=cfaa5A@mail.gmail.com> <CAAse2dGUmiZ3ETnbzdr8wVjxKkV5TesYx_RO7onoTMkkec+Tfw@mail.gmail.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-ClientProxiedBy: BYAPR08CA0008.namprd08.prod.outlook.com (2603:10b6:a03:100::21) To PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: PH7PR22MB3092:EE_|CO6PR22MB2419:EE_
X-MS-Office365-Filtering-Correlation-Id: f4149b8e-57a0-42ac-357a-08db1ffd980a
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: W7ouAl9Fcmy0kL+sim6NG9qzQnCZGno2MTc13o1+LjCWtu3Lm+DXyjzP5CVjCedE361Wciv8IZh5xdt5O4ogS5lZQFdcGE6mJ4O4FOY0J9QDztXRlf2pZrc1P6238gk6puaOBr8zmm5mzHAByzf3ehiR5AJ7qz2DkvdIqflefA7WgSO/HClO58rzRWXZPGRFEHCykxh6bmFCf4bBvqpAVjOe1hGpfNvczTcn8MODwV57d1QyEeYPTdDp/At++oc5TMng1Pa1QS1jpPmQ9kWGxcq6fVKe4FHAT2C2d8afwJQi7+KDUKAleqr2PWh491kyHSMPA/WIaD6FdICyVEuVm1fq1K+PP80mF3OJewTNedhYnenF7oIg7vwPAvi6CHAUOV2gsp42un+B97miFcq8CAi+iGeBfGylv/Btk7T+USW8TYneu1gePT00sp2VBH14f8dUmf8KC6X89HM/3+boC1uccNyR89l9Lvj9yFnTL7Y06eA6b+0wKcp3e9/XCRct04hhnrnOEsZSiOjhJShEOnCn/iuLC3xiezkSAICPci/JWp4iCk1r8t7uesftFMdiREZSzvsvE385qRjKPiavnY6T4NDu2eOblUkbbzJzZsZ9GC5IPAtFIqZQ+8pIs1VRrwu5TfRtPXPnVI4NzLQt8BdabYqhGrUb+M41fy2Gdrp2nJYcNuP0V7F7QyU9efAFTSYBUwjXzaqCuo64HyjjPLuxxT7OG3RB2/rSsFPeIF4=
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:PH7PR22MB3092.namprd22.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(376002)(366004)(39830400003)(346002)(136003)(451199018)(36756003)(33656002)(2616005)(316002)(478600001)(966005)(52116002)(6486002)(5660300002)(2906002)(8676002)(6916009)(66476007)(66556008)(4326008)(66946007)(41300700001)(8936002)(26005)(86362001)(38350700002)(38100700002)(166002)(186003)(6666004)(53546011)(6506007)(6512007)(33964004)(83380400001)(45980500001); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: K17CGxKzgcmyQAPrFp4TILFRFfIoOiVc5lJvrFRDlEOkkHW4lL8UMzwsAnreDy9Ku1yAeUMCVBsMdzDLQNqVY1H1n8ZAvhSxonwbHYQXCV/tAIgderok4Krf4JzomeW/1PrhJ+XwB9iNq8mnrkxDbi8sDAsc7H1RG9hNYJmBHScSmMD+7POZHiKHN0ljmMlMZjHe93GIaqnu3fvhUstf7+TsrgR+aulKWc3Is+VYgwQxIWFBEGqiyEBfR+tb6xLFiUKn84/UHv7V/9oGnrAAKyP8OstJQ56XlXGw9rzwjT+HcS0J3iT7JHnixQTejxIZJhyUJ+/UZ95GWOzwEubJBClKtOfGua6z5ZMHFiJNVduCFBETeT2GNd3uTDv+EroEHGqB7dB9ddUWysD+v7xwGqaaJeVaZzOn5n6Fi33uvEPNyxwuPZoCx/DYQ2Q9clj6SCoISaWWKZk642L0nQfSqHINhuHyGVJaAFtO49uRAOwdRSNCjoNKOQZD05O38Ac0UZY8GthpJr3t+5Bb3SqWYotN+fzRHta1Bhqnj5VS1aiL1NWRydmEc7oGXGvMg5TSqV2nKnT27+2EhDA/b7J9N9xk6LrQWMf7y/arnXv3h8VPOXveRwGwaH9cVjLRt9aBe7taVrJceq+KGu6EkDl0EQmoPjJRZNZyit6/mgZt9WdZmgeBzMkX7Nhk7lQfblwme8faRlRaQHiE1n2GPsuGRy1Dby0dYv77dJu1rLQpZjl1UjuF1ZyTT6VkOjV1bTvuSBSuEFWFq79PTqUSHKxEHGcMc/VhHPAkXsDn0nyH1EI4nTfhhfOQ7TN7Cae+y4GvdKNgY3I3NPPFR19/erkGtCs39podlUtplLHTw3h2a00w4cgTQrHcSLnuxAX6EZfHzM1wisBSHJ8Facio3bthfg7v5kIm2Bj/7r0qVzUI20PGyV0DDYtiTIE/PKTV8pFuGq0Eh4J+DH3XvlRs0ELs+GPD/gfQ8JxcqYpeAWyqN7LEyvJBQqNx4QQ/TK8zikATGeZjoUFsC3VzSZfGFshA6jB8C5Be+RltYlGygsWA+fyf6Ck33Uf9Z8iF9uMhWDx7tC1cOB/5whQQIUCKQ5HhmARv7ydRjSDEglXGoK1xay0HoKC7i0G1v0Wr2u6mtzKv/YUjp1AT6ZqyynnpYrWafCmc6to7hJnPqD5txiZ4TKszw9/hrWiK8oeU2HjSPGvGZwkaCwGxAb638A09T5qvXRdTY2E6PLKmF0E2NU9htsf6NQgi8Rw0G0qtmr/QO3Cbh/5wNmVh0o5yZriB1HLWxjbLr2gvgKUK5YTwYvLrNe7xsyKLqYJBkeI16BNEsq7DCVc7JB18T6uPwJlAoXdtLBBIXftUi+wGdRP/mGIoY3MApQDH/a/XGY0mz5GgX1I7OsOotcvHV4knrvW/4tVgypRcHeJudPnAqzhcsAU9bAO+RgEwPEsI3jjSvfR7exjbDATadNk6wsGnTYCPGTERBVdgPn+mdD3yxrgWbpViY+e28GyIi0748DMS+4LU9U9hAvKfLPpChjICMRmeCCumiswmK00nSqtV0h8ndOuiuCOYiLKAJgOkeF+cNDcvDekIA2+SMoo9Qpo2a0SDOVQpBg==
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f4149b8e-57a0-42ac-357a-08db1ffd980a
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 08 Mar 2023 17:50:24.2924 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OUdCklk62pGuwb1QnickDSH9g5BsK72v1vEVddIeOlIYWnq0urCBzhHUz9Hi8AtfPdarK2GichXxWGxhmOgr3w==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR22MB2419
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/4HkrEz2io72eGHss5tFI-wyiQ-E>
Subject: Re: [COSE] [Cbor] Gordian Envelope and Crypto-Agility for its Hash
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 08 Mar 2023 17:50:33 -0000

Hi Christopher,

I’m redirecting this to the COSE work group. There are other groups like the CRFG <https://irtf.org/cfrg> that might be even better. The CBOR work group is not the right place for it.

I have a few comments:

COSE is not an end-end system with guaranteed interoperability. It has to be profiled to interoperate. It is designed to serve a huge range of use cases so it has a lot of options.

COSE mostly does take a cipher suite approach as much as it can. The main author is no longer with us to discuss this, but I suspect it is for some of the reasons you give. I mostly like cipher suites myself.  In recent work here, COSE HPKE <https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/> is however going for the full agility that you criticize.

I don’t think dCBOR has anything to do with crypto agility so I’m not sure why you mention it.

I primarily work on EAT <https://datatracker.ietf.org/doc/html/draft-ietf-rats-eat>  a derivative of CWT/JWT. EAT is also intended for lots of use cases and to be profiled. Your comments here are making be consider adding text that recommends that EAT profiles allow only very a limited numbers of algorithms.

LL




> On Mar 7, 2023, at 6:53 PM, Christopher Allen <christophera@lifewithalacrity.com> wrote:
> 
> On Tue, Mar 7, 2023 at 12:25 AM Christopher Allen <christophera@lifewithalacrity.com <mailto:christophera@lifewithalacrity.com>> wrote:
> When looking at switching back to SHA-256 from BLAKE3, we decided to forebear crypto-agility with Gordian Envelope, especially as we have only 1 cryptographic algorithm (the hash), and desire to the conservative stance that having only one makes it easier to review, and if something major happens, we'll revise the standard to v2.
> 
> This is the approach that more and more cryptographers and protocol designers like Wireguard are taking. I'm working now on an article about the various risks of crypto-agility, and alternatives like crypto-suites, methods, better layering, etc. 
> 
> I’ve finished the article I was working on talking about why we’re restricting the use of cryptographic agility in Gordian Envelope:
> 
>     https://www.blockchaincommons.com/musings/musings-agility/ <https://www.blockchaincommons.com/musings/musings-agility/>
> 
> Basically, I believe there are flaws with a full-throated embrace of cryptographic agility, mainly:
> 
> * High Costs
> * Bad Interactions
> * Downgrade Attacks
> 
> Though there are obvious advantages to being able to nimbly switch to a new algorithm if a problem emerges with an old one, I think that switchover ability should be highly limited. For Gordian Envelope, I plan to include just two options for the hash algorithm we use: a current version and a reserved tag to switch to if/when problems arise.
> 
> There are other alternatives that I talk about in the article, such as cipher suites, expiration dates, methods, and good usage of layering, but my general philosophy after 23 years of experience since the release of IETF TLS 1.0, is the less, the better.
> 
> The article goes into all of this in more depth.
> 
> -- Christopher Allen
> _______________________________________________
> CBOR mailing list
> CBOR@ietf.org
> https://www.ietf.org/mailman/listinfo/cbor

v2.46.0 | Report a Bug | By Email | System Status