Re: [COSE] 🔔 WGLC of draft-ietf-cose-webauthn-algorithms

[Jim Schaad <ietf@augustcellars.com>]

I forgot to respond to this one

 

From: Mike Jones <Michael.Jones@microsoft.com> 
Sent: Monday, October 21, 2019 5:00 PM
To: Jim Schaad <ietf@augustcellars.com>; 'cose' <cose@ietf.org>
Cc: draft-ietf-cose-webauthn-algorithms@ietf.org
Subject: RE: [COSE] 🔔 WGLC of draft-ietf-cose-webauthn-algorithms

 

Thanks for your review, Jim.  Responses are inline, prefixed by “Mike>”.

 

                                                       -- Mike

 

From: Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > 
Sent: Tuesday, September 17, 2019 6:46 PM
To: 'cose' <cose@ietf.org <mailto:cose@ietf.org> >
Cc: draft-ietf-cose-webauthn-algorithms@ietf.org <mailto:draft-ietf-cose-webauthn-algorithms@ietf.org> 
Subject: RE: [COSE] 🔔 WGLC of draft-ietf-cose-webauthn-algorithms

 

I start this review by copying forward all of my comments on draft-jones-cose-additional-algorithms-00

 

 

A.	Please include text related to deterministic ECDSA in this text.

 

Mike> What do you want this text to say?  I’m reluctant to use the text at https://tools.ietf.org/html/rfc8152#section-8.1, which says that “implementations SHOLUD use a deterministic algorithm”, which is misleading, in that it implies that there are many such algorithms that could be used.  In fact, exactly one is being specified.

 

[JLS] I was unaware that there is only one possible deterministic algorithm, any keyed hash algorithm can be used to generate the deterministic ‘k’ to be used for the signature algorithm.  There is not a requirement that the secret value be the private key for the signature key pair, one could generate a private value just for that purpose.  Independent of that, the default ECDSA algorithm specifications all say use a random value of ‘k’ rather than a deterministic value and the use of the deterministic value is far more secure.