IETF Logo Mail Archive

[COSE] FIDO/WebAuthn redefined the COSE EdDSA (-8) algorithm

Anders Rundgren <anders.rundgren.net@gmail.com> Sat, 05 June 2021 06:17 UTC

Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A82F93A14F7 for <cose@ietfa.amsl.com>; Fri, 4 Jun 2021 23:17:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.498
X-Spam-Level:
X-Spam-Status: No, score=-1.498 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_SBL=0.5, URIBL_SBL_A=0.1] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id W4nhqkF18sRa for <cose@ietfa.amsl.com>; Fri, 4 Jun 2021 23:17:53 -0700 (PDT)
Received: from mail-wr1-x42c.google.com (mail-wr1-x42c.google.com [IPv6:2a00:1450:4864:20::42c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA133A14F3 for <cose@ietf.org>; Fri, 4 Jun 2021 23:17:52 -0700 (PDT)
Received: by mail-wr1-x42c.google.com with SMTP id i94so6304803wri.4 for <cose@ietf.org>; Fri, 04 Jun 2021 23:17:52 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=to:from:subject:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=1z3bfcm90byNp2T6+RPPommt1ZEP16bmRR4sNcoOdhY=; b=O99ujIibrK2j9POWcVjr6LeZrmGcw5aWId2uLf7wBpG6FZzXQ2D52IHQjNPXg7TczY wKfCnxdsU27cYep9zlh7r88E4EuOoQBeTxccf9JO/z4SNb9pLqfe9rvhKiIykbHFEvqg sboGOOmHrG5oGgFEvgKoPOTBNBhy4S4Dr0mw/IV0gjzO6TOMt5rVmjiDrjItvlvCllGj FgBN4OcqJ5rrpbId9NxmdzrwcGWZX7noxV+LWZi+t4iXWhy8aOPCum/x/slLSC7IwZRd yKWJWIjI4/oc9yraVXmfEVBw8d/oVIZ448aEeV1xur8YibUf31qwSNalRnZiHd0vpMl6 3+qw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:to:from:subject:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=1z3bfcm90byNp2T6+RPPommt1ZEP16bmRR4sNcoOdhY=; b=J1tzutn4Mb5FGz0dTyq6n4v4iZxst5+tFncT/teqRj8HI+MtnCagVaiF2o8istF2lC B6reOTsBpM9Sy50oLap0G/ysil2iIw8NgU4kUBA6j60EtMV2oTV0NybC+w0O5oNrwkpC BW3cm6W9zGnj2hQJo8uPEYuNOuALLVzt3Dy1aqbWW7tQNZN9QwTikZIg/18IEZoaA5R7 r5wZOHJy43WgMX728jG9Go6t0g74CnLvGHNTsDIkkXKH3iFpifXyNquCi/kbzRoDe+qj XRAfNudavYyfi1ul5RyvtWgofquNlSUwZTwNIQwZ1DCNhzCLiSlcAX2vtw1vRtZT0LlI xoIQ==
X-Gm-Message-State: AOAM533PrHXdTWWHbCIxQeBNv3XLIGyMo+qfaYvVOXloom/4l7c9GrEI nNfXFIgyM6Bv51+cdz3WsCe5c/TC0ICkow==
X-Google-Smtp-Source: ABdhPJxueHmVPJPFi/jFgduQ0gx+J/bmuEFYhgY5SveECjbfa/TX97wXhikCQcvqdLOQ5Lp06vZMSw==
X-Received: by 2002:adf:fe4f:: with SMTP id m15mr7386691wrs.361.1622873869979; Fri, 04 Jun 2021 23:17:49 -0700 (PDT)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id 62sm9614535wrm.1.2021.06.04.23.17.49 for <cose@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Fri, 04 Jun 2021 23:17:49 -0700 (PDT)
To: cose@ietf.org
From: Anders Rundgren <anders.rundgren.net@gmail.com>
Message-ID: <7e2a14a1-1633-9235-5348-853e60ee3067@gmail.com>
Date: Sat, 05 Jun 2021 08:17:48 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/9PNWfQGTf8vlMv_grUtkiIgNqMw>
Subject: [COSE] FIDO/WebAuthn redefined the COSE EdDSA (-8) algorithm
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 05 Jun 2021 06:17:58 -0000

F.Y.I.
When a key is to be generated, the FIDO/WebAuthn "create" API provides a list of COSE signature algorithms.  To save some bytes they overloaded EdDSA so that it would mean EdDSA with an Ed25519 key.  Seen in retrospect this was obviously a mistake since this doesn't extend to Ed448.

However, I believe the mistake was really making EdDSA a signature algorithm.  The "family" concept fits squarely with most cryptographic APIs that typically only deals with specific algorithms.

I don't know how FIDO/WebAuthn will get out of this quagmire but personally I have "hijacked" the currently unassigned -9 for a signature scheme which follows what I have previously done in JSON. Here is the algorithm table for what I call COSE Signature Format (CSF):
https://cyberphone.github.io/javaapi/org/webpki/cbor/package-summary.html#csf-algorithms

Ideally, two new algorithm identifiers could be defined which are better aligned with the EC and RSA schemes which do not suffer from this problem.

Thanx,
Anders

v2.23.0 | Report a Bug | By Email