[COSE] Registration of encryption only COSE algorithms

Göran Selander <goran.selander@ericsson.com> Wed, 24 February 2021 12:09 UTC

Return-Path: <goran.selander@ericsson.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 004CB3A14BC for <cose@ietfa.amsl.com>; Wed, 24 Feb 2021 04:09:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.671
X-Spam-Level:
X-Spam-Status: No, score=-2.671 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.57, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tMfVKnsy2MzZ for <cose@ietfa.amsl.com>; Wed, 24 Feb 2021 04:09:11 -0800 (PST)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2048.outbound.protection.outlook.com [40.107.21.48]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E23A3A14BB for <cose@ietf.org>; Wed, 24 Feb 2021 04:09:11 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=UIporfmAF5wP5i07m1zI7zbwqgKNfaQxQbijSWEsnvNt7EXDoQzS1YJsomgjyZgEL/XzFU3rAjQ7X2n15JWKurwAc97IG1xyV2L3x/H4/+7A2lZ4amdE/fwM/Qe2pGm1YsPeYOd3nFM9erWCQUrQ/Mlz05DRhbWSJZfXn9qdFFU8lviKi2/f7jMHY4fDf1OZ6r0VFpVnRzIui8u380lsji7YeI5M1byl/oHfSag3wPiwWcpAktfVxopV+y+HEU93t59ihIJu8GF3Dl2gcKG97wAy2ZGFEFXPPfhrtG99VAKYKZa7Uar3spCcTZRPaVk02DcGFdep9QsfsLf03XG9Ow==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jv6el9HwiuFbygkg8uQeKFb41LEi5uNxSEOIgDXIP2E=; b=JMrMLt/4haR2SFL5QFtcRwGalv9S/wBoYfdCLf0rozjc+V7+y82yknrySlmfgx+w5fvtO8VYmtk+ZI/UzCfHuOKEe9RMKGamQuujXpPhuUiQRmvCqNL3yYgXpOH7IQx6MCvm+xO9nNS0CxbZzt1sWGh3EDlWYjfxG4JyBqwyG0iY/4kjqr+Rrsr1zRtf3RZ2AH73Po392Pyvd4Gg7/5LkXHjheOvj/hlvcm6XSIMSrROXMtklQ4TUu/nOannXPYgLyig/L9YahKB275Vjhs/6Zp+iaxsxXmtIWjxuNJ+85EAWzGLhZv7n7J43l2mQzov7HiblnJKOV9LkxTPMtTdIg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=jv6el9HwiuFbygkg8uQeKFb41LEi5uNxSEOIgDXIP2E=; b=crqwJYyqlMtmhrPS21dM+dzVBNN7Ec2JPgfd4lVENPuDaeqru/k0PWGJyjnx8S/u10jZxDPgED1sdiytMvfTXy6deDM/Pis5MwJG4YGvqg8KGga0LLH5jdDsHvkhvXaMJAySQnJlu7m/URcj5VC+dCf+/Sitz4FLaJRn/vwigoc=
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com (2603:10a6:7:82::14) by HE1PR0701MB2411.eurprd07.prod.outlook.com (2603:10a6:3:72::19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3868.14; Wed, 24 Feb 2021 12:09:08 +0000
Received: from HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8]) by HE1PR0702MB3674.eurprd07.prod.outlook.com ([fe80::588f:43b1:d981:5bc8%5]) with mapi id 15.20.3846.045; Wed, 24 Feb 2021 12:09:08 +0000
From: =?utf-8?B?R8O2cmFuIFNlbGFuZGVy?= <goran.selander@ericsson.com>
To: cose <cose@ietf.org>
Thread-Topic: Registration of encryption only COSE algorithms
Thread-Index: AQHXCqXaQ91V5AEohEGM+DmfeAyl2A==
Date: Wed, 24 Feb 2021 12:09:08 +0000
Message-ID: <37AA7117-4B59-4E13-BA03-3A45E21E5036@ericsson.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.47.21021600
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-originating-ip: [83.249.67.87]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 61b1aff5-5afd-42b0-61d1-08d8d8bcfd21
x-ms-traffictypediagnostic: HE1PR0701MB2411:
x-microsoft-antispam-prvs: <HE1PR0701MB2411C4BAFA0A3BFB08ED8792F49F9@HE1PR0701MB2411.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9iul96s1g0KLqNdVxRzBenHaw9/YfJlU+zTUm38k3RL8Id0lqZkN166V3Hz/cC/YpEnL/SJSK0nw54OKE1MSpFlN52Fgzgz/YHGL6u6v3YPUU1tu3SG7tzMwC6U7j0L6oErJAKX/tlHc46+GrqI+jmC1ESd6U8UB1+oS1kRHWkjUdrZRXCkRBQDPE8jkrCMtGCFakYulNPfaUr01aRvok32OJ2i7o6xuVIM7Q4Fq2GojSOQrYoTFqBKadlZlSgqHHkgG4UZkkalX8jsBIS77CoHfbTsbHgDIDOcunieVEw1/iu/7K9FottySNx8vwm3vXFMh4v8z001hvoJH+KBUCgXcLjujjM6qSxNHwvimT6OZ6d06rRfoD84goV/JfKMcC/CqiDQWh84DUCIrG6xuwVp1g+e+zY2fYV6HQJW0wR5OgD8y5pxCOtZyQHk4eehb1Y7QrvJ2duvFYsGp9hxi/Nvw+oAguSyL0590eyotxbZDrDIVUfpWX6WBpmRTF0srm05/7WuW/Wx0SUCorGSpLbf1RXhRoH7/RYlJZLh77StxCrLq2Cx+8cvUCvPIedpRDeSdScyAMV3dyEdtItpFag==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR0702MB3674.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(376002)(136003)(346002)(396003)(39860400002)(66946007)(83380400001)(64756008)(76116006)(66556008)(66446008)(5660300002)(66476007)(26005)(71200400001)(186003)(33656002)(6916009)(478600001)(8676002)(36756003)(6512007)(6506007)(66574015)(6486002)(2906002)(316002)(2616005)(85202003)(85182001)(86362001)(8936002)(45980500001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: =?utf-8?B?YWRWNTJRM1RmRGxqMkJNVVU1eU9vSHJIZE9QeWp4RUpCWGMxTEo2citCcHFy?= =?utf-8?B?dkJ1aDB3VnRDYW1NNjlBSEpua0RYSUplaWpFV2ZMclFkRVhZWkJZcjFSMnlI?= =?utf-8?B?dHg0Vm8zdE91TGVQSE1ReUJQZ1JLaFpjVzNrOVc3eE5SUnJsVjZ0cFB4OCtU?= =?utf-8?B?UE41ZW9uZVczeFRRVzY0dmZyVVRKQWU5VjNRVVdFS29vcDVRTHNDdEsrT20r?= =?utf-8?B?RkZDWW1yVFM2VHlkM1cybG94TlBkQnRFd2NZbTVIbXhPTmZSS3lrOVdUV0Fo?= =?utf-8?B?V2NMenMreGxXclhleWFqR0VoQWdCTTA3N2oxY3A2VE9kUXZGS1BRTXdVZWJ3?= =?utf-8?B?SXlucXFtVzExbWVIcFlJZ21yT05WSC9Bb3BEYW96andMV2tLMDJFaXhKWTU2?= =?utf-8?B?c1lwMnpycXNEc1BxbnZuNjYwVDNUV3JGYVZOTW5qUHBNclBUMzNHSTZlZWFy?= =?utf-8?B?b0lCSFhYMXEzTUp4M3RWVTJMWk9EOG5zOXM1S0FDNDNEOWtHSXYzd05YVDdR?= =?utf-8?B?ZEsxU3hvQzN6dWxaSTVsNzExRW9GM0J3OTJJVC84MHhaZHhaT0dxVXVpQ3hu?= =?utf-8?B?VmNERDBheXp6Vnd5SklReUZOMlJmL21zcW9pbnM2NndQWlZpdU5GRXFkUnZV?= =?utf-8?B?L2xrZ3A0c3BqTlJzQWRQS2dNM2MvWXRwZTdUOHV5NnFZdi9GMkFDTzJWcld1?= =?utf-8?B?YVpjbVVCejVaZ25vNmlZbDhQazRNbjhjcGlHWUZNVlFrR2kyclhuWWVSTUY4?= =?utf-8?B?c2JOK1BXTVRIamlvTkRJTXVjUVl5L1cwcG1VSTNpNTdaU1VhSllpY1Y1MjBL?= =?utf-8?B?aWhqU1FjWUdoNzlOT2JTbXIxeUlOZW1pUGp1TDJJWUs1ZmVJL1JRL250UDdS?= =?utf-8?B?ZVBCYWxRUFh4ZUQ3U1AvbVg4V000c3ArN29wLzE1a0hLZ3drODFxRTdJVUdZ?= =?utf-8?B?K2NxQkhqTU9tUGFSUzg1RmxqOFM4SmJMeXpZZEh5akJTY3UrYVIzVTVUUXhB?= =?utf-8?B?SU9uVXJpdFBBVTlKWHdHbXhieUt6ODRzdE4rZVh2VUdIOVpFWXNCcnY5LzdT?= =?utf-8?B?V3I1cVorNGlSQXRuSUN1Y1NBZkxEUHJvT1FQVWFSMCtYV3NCYXdXQ29qUGVn?= =?utf-8?B?ekphZzAycUowTVJwNnhhM2dUVUNUdU9tY3pidmNYL3RkWEoxUWJQSXZ4bHJS?= =?utf-8?B?Ryt3eFNWQ0FTOEV3VytHbzArUmlqamZzSFFrTEVpRk5rRnJKTC9FVThMWnVy?= =?utf-8?B?eE5OQnJjcmdPdmxYc21oeEJzVElxaytlZzI3d2huT25XcDkyRlNEcDdVcXps?= =?utf-8?B?SGdiclQ2dVhleThweGU5WWY1U2NhSFNsaVR0R1BRM01KWnJ5SEk3ZEpaQzJX?= =?utf-8?B?Mkt3Y2w3K1hKY3NxN1cyYTk4RDFrWUs2c3lLY3dYZkwzYWUrNDFBV0puN0ZY?= =?utf-8?B?bG5QY0xsS0U4L3huTnRtNEJQUEM5ckxXbThKcE8vaU5GN0dnaEd2eHI0UmtW?= =?utf-8?B?aGZnVUVPOXdvL0k5WWNhQnNvZ1BFN2tiRHdUVG9UcFBYQXdxQmZ6UUJzSEpO?= =?utf-8?B?cU1vdndVSFlTQVdlckIrMnNkc2RJaDhINnY4NlBDYWVVRGZac3RsYkdhc3ly?= =?utf-8?B?bzM2REppVWdWc3lvRHRZbGpNWXRicVNLZldNdGZXYlk3KzRDNkN4bUJXallR?= =?utf-8?B?OFk4RjJBSVRnZFRZWEtHRnhzcDZoaE12NmloK0hnK1RrbXN0T0dHNFFCY3NS?= =?utf-8?Q?1d2seaLDYYAvYDNvWI3Vb7yI6lj7fsK6PnJA9If?=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-ID: <945AE59144E19342816275B681604E48@eurprd07.prod.outlook.com>
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0702MB3674.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 61b1aff5-5afd-42b0-61d1-08d8d8bcfd21
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Feb 2021 12:09:08.3220 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +OKCc94S0z1SJ07kXh+9XymgdtSNdSfi7Xl+orx1qnwP/zOxMeF1Fy6WHCgsj49zknK+JG0HtYBshUwJlI8I8gW4Qs34fTppDadTv9vYx9U=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB2411
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/ELiOc-ED9IoaFhR5d9FS7KBC-vc>
Subject: [COSE] Registration of encryption only COSE algorithms
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Feb 2021 12:09:13 -0000

Hi all,

We have another request for COSE algorithm assignment that doesn't fit into the existing scheme. FIDO alliance wants to register encryption only (not authenticated encryption) algorithms.

As far as I can see, the intent is to achieve authenticated encryption but with the use of separate legacy encryption algorithms together with already registered MAC algorithms. The specification seem to focus on encrypt-then-mac with an example of a COSE_Encrypt0 wrapped in a COSE_Mac0, but mac-then-encrypt is also mentioned. There are no security considerations about either in the specification.

Previously, there was a similar request to register legacy algorithm from FIDO alliance resulting in the allocation of  code points for secp256k1 and certain RSA algorithms for COSE together with the accompanying RFC 8812 specifying how to use COSE with these algorithms including security considerations.

Considering the known issues with separate encryption and MAC, should we for the same reason request an analogous IETF specification also in this case? 

Göran