Re: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
Mike Jones <Michael.Jones@microsoft.com> Sat, 23 May 2020 23:48 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DCA7E3A0F6D; Sat, 23 May 2020 16:48:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id L3nqNBOs9IDm; Sat, 23 May 2020 16:48:48 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650118.outbound.protection.outlook.com [40.107.65.118]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 30C243A0F6B; Sat, 23 May 2020 16:48:47 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bf911gFXuAj0M1AuMgTOS2OMFdcye/sR1TmNiPCyx/ZKCTK7zubUDw4iaRZQCvYKo61u1FL19rlUnc/PAQYIWjF160GPbVrc4YJiQNDeElXQE0HN6Ss55nI3hXK8OZL9FHQErdWvwqBn3UqRePi65tAM/PUOO8isQ/wiD11g6DjWOMZU0P51bqtDOoGXoUOuM1lyd9/lzGDPJ3ottYNqdlWhy61mI+sdr72OWNR+Adl8b6y+XTVkA4ogl1estUm3X7QpZYYOlGZScEt/Wbt++5tg0gt3fWznPSKYyUqOnJd2UMHYaJYycW7Xxs9HN/4tJI/QJ/TQCkcgmTHU4GxmEQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gsP45rJ9MmMuGtPfW4W5s9zVuCgGOsCdJ6IaQubk7+I=; b=HBPo4wRZMJOgtr8WwTV0bPat6azSVS60d8eoMWX3Ql5PpI2JAoqal7R24Vm/nRRFr9pkaAi05/g9Kbf16RtWXGu1DxCJ+E9chf+97hdCAYMYmyS0ZhdVvMa5WoD8pJ6pFzq6PD/fMJLj/cA0NIDc9j/RmylW63Ss26YGYhWTMJdJNbOVA6bYa9/gieFNNI+E72D6OwiBKfoVWbcViW3EPR1V6pJLHn92mNXQor5RTKz45aYYVkrOXPOF7qXeHQgTjFcsIWKl3XkF9HAtawOkUlJlC4xFdJE3sixH/sQk8f4XimafoUBMkxthT/ahHB0EoJJX3sFNnXRVAWVEDIPD4A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=gsP45rJ9MmMuGtPfW4W5s9zVuCgGOsCdJ6IaQubk7+I=; b=DGn+H1QJOZ2iNMYiDV0R24skGuCd4GjYgNpvu5UaB5Q9WiAktB6SoG+C8aCd7luoHSAbxrCwbD9ZjmixEVJHbz33TUc4jnc25cIZHCokov3oleKfZDw/U93m55LtOd8IDUGRspR2k7UneSixe+FPD2Z5P3sCCdiHAkWDxUcw/lA=
Received: from DM6PR00MB0684.namprd00.prod.outlook.com (2603:10b6:5:21c::8) by DM5PR00MB0389.namprd00.prod.outlook.com (2603:10b6:4:a0::25) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3074.0; Sat, 23 May 2020 23:48:42 +0000
Received: from DM6PR00MB0684.namprd00.prod.outlook.com ([fe80::9101:55b5:7415:d38d]) by DM6PR00MB0684.namprd00.prod.outlook.com ([fe80::9101:55b5:7415:d38d%4]) with mapi id 15.20.3072.000; Sat, 23 May 2020 23:48:41 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Eric Rescorla <ekr@rtfm.com>, "rsalz@akamai.com" <rsalz@akamai.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
Thread-Index: AdYxXK5oD21D1OE4Q7aiB+KOED7Tnw==
Date: Sat, 23 May 2020 23:48:41 +0000
Message-ID: <DM6PR00MB068462959AADE20D1CE2BDE4F5B50@DM6PR00MB0684.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=6f8afca1-ed22-409e-a0ab-0000cf3991d6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-05-23T23:38:37Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: rtfm.com; dkim=none (message not signed) header.d=none;rtfm.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.87.252]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 6a73144f-218d-445f-badc-08d7ff73d2d6
x-ms-traffictypediagnostic: DM5PR00MB0389:
x-microsoft-antispam-prvs: <DM5PR00MB0389C52D4C39D999FFECECF6F5B50@DM5PR00MB0389.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0412A98A59
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: X3O6rpjW0Cn92PoYsYszH/05Ue7Pq+tDM2M4UcBjGG9ZxIpnzEPZd0gpaHIXvuHfG9ApHwQPqdtLT5PHgTw8cw7QAnOkMWFv/5vinepFp4kw+ou24174fdmjVUISoHOCivrs9XBRdMTb/fIuDqvy2z/evlQ+nVV+GaFwXvJjAYpkZNqp2UUP4qddS6v/2vHWrx5uIq3PEbXUMLcsLp6+JAEeK4vTa6GxZjK6bX3zXG6lzv9HoduIwvs2Ds725LVpSJfb8CznbVVK2HewW63TzNOENSqRyCTRYOyjFZzTOE/9LGc800HI7poU6ClLcrBoL3GwSkW/g64IstVYx+r/kPV2VFgq3g+ehtP2rNhqX8fVNQi4yEaDo0Kd8VMzkoU9KrvwswktOP6mJfMuF13AWw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR00MB0684.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(136003)(366004)(396003)(39860400002)(376002)(346002)(7696005)(2906002)(10290500003)(316002)(9686003)(53546011)(8990500004)(5660300002)(6506007)(86362001)(478600001)(966005)(186003)(26005)(52536014)(110136005)(55016002)(66476007)(64756008)(66556008)(166002)(4326008)(8936002)(66446008)(82950400001)(82960400001)(66946007)(54906003)(71200400001)(8676002)(33656002)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: gssDQ3/AVs7YEKyGIUPd+Huo9f1uFS0xIgUjP3jbRAeB966qzfUnVG9xRfjIiuGIPuNBpV7Urfh6Y+5Kv3Ort/fOSlWohAT2f4WDplxhVWgqCPAgvA02eGVrqx4P6/qcQGQmA8u5cuTNN7qD3VxGlwGkELoqy63dw02J5w3nh9PxCUNWZItogJcLhJqPz/WIcy47C+tMa/yX5uEZGnBjOvGJXNVy4Fb3/HG4TOockZLUa+yZU/1ltyyQbhsO0XMGXeGahfSeCfGt+NDEJsu2yvv8z/mnJIGrN/bMhfp37fVC4F83MZ9/8nwmjfs5V7Uj35HPIUC47QFxbw4i/5OubPbVgGctF479qSKjyP67kGV8Q79mU8kuCirMIwkscXLF5YXExjEquCATqs47qwtBdVCKAT6isGhRUPpXPV88V0IbjlE9sEX+gieKp0ECRL5A5Z6MaFt3ZqFt/2yyJ+sw/forOzwyrBxmD/WHOH4eyFw=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_DM6PR00MB068462959AADE20D1CE2BDE4F5B50DM6PR00MB0684namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR00MB0684.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6a73144f-218d-445f-badc-08d7ff73d2d6
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 May 2020 23:48:41.8470 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: TD+O3K3XKzQFrY5kxZtG9pm9M6KXDr9otsyiL7Qs8Wn9q+ytb5DpXgnQszVDqc7NXGyOBUN8xlnWWgZE0Un9Xg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0389
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/2qlNgrxFF3GXbL6ut1ONPDxRN80>
Subject: Re: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 May 2020 23:48:52 -0000
I can certainly change the COSE recommendation status from Yes to No, if that’s the prevailing opinion. Those that have decided to use secp256k1 over the NIST and 25519 curves will likely continue to do so no matter what we decide in this regard. I’ll wait until the last call expires on Wednesday to see what other comments may come in and then publish an updated draft. Thanks all, -- Mike From: COSE <cose-bounces@ietf.org> On Behalf Of Eric Rescorla Sent: Saturday, May 23, 2020 2:36 PM To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org> Cc: last-call@ietf.org; Jim Schaad <ietf@augustcellars.com>; cose@ietf.org Subject: Re: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard Good catch. We definitely should not be recommending sep256k1. -Ekr On Sat, May 23, 2020 at 1:30 PM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote: > I believe that the IESG needs to debate if this document should be the one which makes the secp256k1 curve a recommended IETF curve to use. A good point, albeit slightly subtle. +1. -- last-call mailing list last-call@ietf.org<mailto:last-call@ietf.org> https://www.ietf.org/mailman/listinfo/last-call
- [COSE] Last Call: <draft-ietf-cose-webauthn-algor… The IESG
- Re: [COSE] Last Call: <draft-ietf-cose-webauthn-a… Jim Schaad
- Re: [COSE] [Last-Call] Last Call: <draft-ietf-cos… Salz, Rich
- Re: [COSE] [Last-Call] Last Call: <draft-ietf-cos… Eric Rescorla
- Re: [COSE] [Last-Call] Last Call: <draft-ietf-cos… Mike Jones
- Re: [COSE] [Last-Call] Last Call: <draft-ietf-cos… Mike Jones
- Re: [COSE] [Last-Call] Last Call: <draft-ietf-cos… Salz, Rich