IETF Logo Mail Archive

Re: [COSE] đź”” WGLC of draft-ietf-cose-webauthn-algorithms

Mike Jones <Michael.Jones@microsoft.com> Mon, 21 October 2019 23:59 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 88D0A120A7E; Mon, 21 Oct 2019 16:59:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ziWJLOOjjF1j; Mon, 21 Oct 2019 16:59:49 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-eopbgr650126.outbound.protection.outlook.com [40.107.65.126]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D072A120A7A; Mon, 21 Oct 2019 16:59:45 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=BlY6hy+/GHGny2xT3LXFcIcO4dyr5o+5Q++urCokbjSWagxbt2qUHG/piV8IsGvSeuqOKT5QkgsXJiKYonBuHHowOefj+P8aWvWkAdWOGoqHzXDOmd4znz3uKaw5Rkj/9x6qfIIQj6Zf9HM0pUdqKxLFVgmizVE+EuNq5gcYYP88g3Sg7WU8KqU+YP+CyN8NKtB2kdeOrScgpuD97igRp6mnPCzOvCwD6RKMG6tSglSB160tq/9/FZrWmTuRoffx7V51HByZmsz3ItGJGoEmTNlFFaOJ4+eJMMy6Oy2vEacFluuq7Gt9/ISHVmNQcBXgJEODbsXe0f9CcxXdOV5vLA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qq/VgH/ugDNtKzCVmhvT/JjjCBlvZV5iK88XGRE9oIE=; b=SmgWlsDyPoLctZRflF6R1W2u3RZw3aFltDj31e+MSTZ867VmTqqUvkfuOVPtn+1r1uWNouniLvBD4vCO2lI4fDhmHV0ZO+7gP0djAIt2m3EHujIBSMCia2AbrXoinyMy8EhtvEwNUF35ajqqL1OtILAem1XeuNyEq5nhfEkWru/Z/vzQf7AcxOErc9typY9O2Fk7RWegtySYa33l2cG7yCbGjdTtL/ZIR80vWdQ4pMxWUvryys/PRjhRzw7fACvJLcM8cZVJY0w2plhWmU7j4ywZo4bNbkX6QLsr8o0yGoerNUm8rUR5RQiIVo7yeUXw6y58bbMzyY2kUgo16mulFg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qq/VgH/ugDNtKzCVmhvT/JjjCBlvZV5iK88XGRE9oIE=; b=f2lFLIv0ItRl8DYyNWLQDlBI0W+ZgGsnnJXSD0S5jgzKGWRzpzzGQc2UIEX6ca7zfzMqdRvmOuBFcaMi214sRiHWt4grJnXWUBrH1rRUsCdf2Z3a60IjLhxw38fh0fmwJVbTshiKTh5hh7xtmJwSuvPmVgokUc7PY7xDFnDGybE=
Received: from BN8PR00MB0563.namprd00.prod.outlook.com (20.179.72.150) by BN8PR00MB0595.namprd00.prod.outlook.com (20.179.73.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2422.0; Mon, 21 Oct 2019 23:59:41 +0000
Received: from BN8PR00MB0563.namprd00.prod.outlook.com ([fe80::e17f:be07:82a2:12db]) by BN8PR00MB0563.namprd00.prod.outlook.com ([fe80::e17f:be07:82a2:12db%9]) with mapi id 15.20.2421.000; Mon, 21 Oct 2019 23:59:41 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'cose' <cose@ietf.org>
CC: "draft-ietf-cose-webauthn-algorithms@ietf.org" <draft-ietf-cose-webauthn-algorithms@ietf.org>
Thread-Topic: [COSE] đź”” WGLC of draft-ietf-cose-webauthn-algorithms
Thread-Index: AQHVbWSlFBVJFlStCEe6sWSpGQx0gacwqvUAgDUjSdA=
Date: Mon, 21 Oct 2019 23:59:40 +0000
Message-ID: <BN8PR00MB05639A215FF3352F58B31F0AF5690@BN8PR00MB0563.namprd00.prod.outlook.com>
References: <CAJFkdRzEF0wh9-H4dDNQeUHVd_VD8KKv1jOJ7BWs+bKN2e6gBQ@mail.gmail.com> <000001d56dc2$e14f20c0$a3ed6240$@augustcellars.com>
In-Reply-To: <000001d56dc2$e14f20c0$a3ed6240$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=c44d03c6-2243-4e34-8e4e-00000af61e5a; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-21T21:14:25Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [75.151.116.174]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a9b1b6b8-c189-4fe6-942c-08d75682bce1
x-ms-office365-filtering-ht: Tenant
x-ms-traffictypediagnostic: BN8PR00MB0595:
x-microsoft-antispam-prvs: <BN8PR00MB0595B8D6B8BAA94790CB148FF5690@BN8PR00MB0595.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0197AFBD92
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(346002)(136003)(376002)(39860400002)(366004)(199004)(189003)(74316002)(7696005)(7736002)(236005)(102836004)(86362001)(6506007)(54896002)(66946007)(66476007)(76116006)(6436002)(11346002)(6306002)(9686003)(229853002)(53546011)(71190400001)(25786009)(66446008)(2906002)(110136005)(66556008)(76176011)(64756008)(3846002)(55016002)(790700001)(6116002)(966005)(14454004)(99286004)(316002)(22452003)(6246003)(26005)(71200400001)(5660300002)(66066001)(10290500003)(33656002)(186003)(4326008)(14444005)(256004)(81156014)(606006)(52536014)(81166006)(8936002)(446003)(486006)(10090500001)(478600001)(476003)(8990500004); DIR:OUT; SFP:1102; SCL:1; SRVR:BN8PR00MB0595; H:BN8PR00MB0563.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: dHN6nzw94REY9BwHbJSVS/bQ2x2NlU+m/5gkaikwodJarHwofZaDp+QDMkXtHuDbO75mdWV2uZKch9PEK4EJjGAQqVJTg0RKIFNfY9ZkrQXh3uBN4/cawz/BfbGu4biglacrpfHlWIF85cb4TvzlH8MGZNzXJmD6Yb31SX6HC9Yh8WXm/6bN1z/qaQQW5qwM76RJjE51RKa/nYRnL2FeQ/VVPAnTb6A/PmpYeBtNtogDWVfeNckXIEcM+odmDvIqPo8MKtAhIvY7q2A0Oj9tEqWhVkWSmNF7Lba+H0CsMIJ/saUo3ldGz1JMUgFuipNiDCeZlBxqTMf8epQxEsyl7O4qfPomp4EIc7LM9MkucE2PUryoxq5RQwy8dY9MkGPouNQVaPGechuNi1XzUgWpkokgz/skiElxgkFVrFYs3cfEw7hnjj/ETs+6aZJFLOhN
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_BN8PR00MB05639A215FF3352F58B31F0AF5690BN8PR00MB0563namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a9b1b6b8-c189-4fe6-942c-08d75682bce1
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2019 23:59:40.9032 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: oAYBQrh0bUtQRHnFT7+winVd/hr0cwGLt9SbJIt0zY1Bd/21pw1e0FsySJMbgNJzInlpDLQ3FJz5dltrZkYPTg==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN8PR00MB0595
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/HbubnKZ9i2nWoNQN-uwGP5Ha2gs>
Subject: Re: [COSE] đź”” WGLC of draft-ietf-cose-webauthn-algorithms
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 21 Oct 2019 23:59:54 -0000

Thanks for your review, Jim.  Responses are inline, prefixed by “Mike>”.

                                                       -- Mike

From: Jim Schaad <ietf@augustcellars.com>
Sent: Tuesday, September 17, 2019 6:46 PM
To: 'cose' <cose@ietf.org>
Cc: draft-ietf-cose-webauthn-algorithms@ietf.org
Subject: RE: [COSE] đź”” WGLC of draft-ietf-cose-webauthn-algorithms

I start this review by copying forward all of my comments on draft-jones-cose-additional-algorithms-00

1.  I was surprised that there are two algorithms still in the WebAuthn document that are not included here.  Is that intentional and what is the plan forward for them? This one was addressed



2.  The title of the document is not descriptive in terms of a standalone sentence on what this document is doing.  It should be more specific on the algorithms.  The new title is fine except for the fact that WebAuthn is not expanded to anything.



3.  Abstract:  A list of the algorithms being processed in this document would be reasonable.  Based on the current text, the abstract would need to be re-written as soon as the algorithms are registered because they would then be registered and thus the specification is not necessary.  It would also be slightly odd in the event that the CTAP or WebAuthn protocols are updated to add new algorithms as they would not be in this document.  (See issue #1.)  No Change



Mike> Understood.  I’ll reword so that the text remains correct after the IANA registrations have been performed.



4.  Section 1:  See abstract comment.  No change



Mike> Ditto



5.  Section 2: The recommended column needs to be added to the table.  No change



Mike> I assume the column you’re talking about is the one requested in the next comment.



6.  Section 2:  The discussion on what is and is not recommended and why belongs in this section not in the security considerations.  No change



Mike> OK, I can add an “Implementation Requirements” column, paralleling the treatment in https://tools.ietf.org/html/rfc7518#section-3.1.



7.  Section 2: You are missing some checks that should be done on signing and verification.  Look at the standard text at the end of sections in RFC 8152 for a pattern.  You might also want to add a check on lengths of keys both for a maximum and a minimum length.  No change



Mike> Key size considerations for the RSA algorithms are already covered in https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-01#section-5.1.  For ES256K, I can say that the X and Y values for the public key must both be exactly 256 bits.  What are the specific checks you wanted added?  I couldn’t tell which sections of RFC 8152 you were referring to.  Also, note that between draft-jones-00 and draft-ietf-01, the descriptions of the use of hash functions were beefed up, in response to other comments received.



8.  Section 3:  This should not be the first use of JOSE and COSE and therefore the expansions here make no sense.  That should be in the introduction.  No change



Mike> I’ll look into expanding abbreviations on first uses and not on subsequent uses.



9. Section 3.1:  I have only rarely seen this curve as P-256K, it is almost always referred to as secp256k1.  I would ask that this be changed in the COSE representation.  I am agnostic about what should be in the JOSE representation.  Fixed



10. Section 3.1:  I don't understand the reason for the last paragraph in the section.  It seems to me that this should just refer to all of the items defined for EC2 in COSE.  No Change



Mike> OK



11. Section 3.1:  Is there a recommendation on using compressed vs non-compressed points?  No change



Mike> I will state that uncompressed point representations are to be used for JWKs, as a compressed representation for key type “EC” is not defined.  And I will state that the uncompressed must also be used for CWKs, as I don’t know that the Galois y² = x³ + 7 finite field form used with secp256k1 is amenable to compression.  (However, if the CRFG or other experts tell me that it is, I will also allow for the compressed representation with COSE.)



12.  Section 3.1:  You need to talk about if this is going to be IETF recommended or not.   (And why)  No change



Mike> https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-01#section-4.1 has it being recommended.  I will describe why in the next version, as requested.



13.  Section 3.2:  I don't understand what this section is doing.  If you are really defining a new signature algorithm, then that should be noted as part of the requirements in section 3.1 on the key.  If you are not defining a new signature algorithm then this section makes zero sense.  (You are not saying what the hash algorithm is.)  Both options are reasonable.  This is partly dealt with:



Mike> This is intentionally exactly parallel to RFC 7518, which defines the “ES256” algorithm identifier to be used with the “P-256” curve.  In this case, it is defining the “ES256K” algorithm identifier to be used with the “secp256k1” curve.



  1.  Step 1 is incorrect in terms of COSE, it is not the payload that is signed.

Mike> I’ll revise the description here to align with correct COSE terminology.


  1.  The new signature algorithm is being defined without motivation.  There should be text describing why this is ES256K and not ES256 (ECDSA with SHA-256).  I do note that there may be different text being described here for JOSE than for COSE.

Mike> “ES256” is defined by RFC 7518 to be always used with the P-256 curve.  A different algorithm identifier is therefore required to use with secp256k1.  This is by design.  And the use of identifiers is being kept intentionally parallel between JOSE and COSE.


  1.  Please include text related to deterministic ECDSA in this text.

Mike> What do you want this text to say?  I’m reluctant to use the text at https://tools.ietf.org/html/rfc8152#section-8.1, which says that “implementations SHOLUD use a deterministic algorithm”, which is misleading, in that it implies that there are many such algorithms that could be used.  In fact, exactly one is being specified.


  1.  Text similar to the end of section 2.1 in draft-ietf-cose-rfc8152bis-algs should be included to nail things down tighter


Mike> Are you talking about the text starting “When using a COSE key for this algorithm, the following checks are made:”?  Are you requesting those same checks?



14. Section 3.2:  If this is a new signature algorithm then it should say what curves it operates with.  Else there should be an addition of the algorithms that are legal in section 3.1 Done, but see comment 13



15.  Section 4.1 - The correct term is 'provisional' not 'temporary'. Not of sufficient importance to worry about.  However you can just use the provisional numbers without any comment or TBD given they are assigned.



16. Section 5.4 - So if somebody changes the crv value, is there any way to tell the difference?  If so then that should be described here.  No change


Mike> The way that you can tell that the “crv” value has been changed is that “crv” parameter will have a different value.  That’s so simple as to be practically tautological and not worth explicitly saying.  I’m guessing you want me to say something else, but I don’t know what it is.



17.  Section 5.3 - This text seems to be self-contradictory.  If you MUST NOT use it, then how can you then use it?  How does an implementation know when it is or is not acceptable practice to use this?  No change


Mike> I will add the description agreed to in the on-list conversation with Neil Madden.

New Items:

18.  FIDO2 not expanded on first use in abstract and introduction.   Ditto for WebAuthn, COSE,


Mike> Will do

19.  Abstract does not refer to JSON – should it?


Mike> I’ll look into editorially where to best introduce JSON.

20.  Should be pointing to the current drafts and not to RFC 8152 in this document.


Mike> I’ll plan to update this specification once the bis versions are RFCs.  But there’s no need to take a normative dependence on the new versions, as this spec uses nothing new being introduced by them.

21.  Given that the algorithms in section 2 are already defined in JOSE, there should be text that this section only applies to COSE so there is no confusion.


Mike> Sure

Jim


From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> On Behalf Of ivaylo petrov
Sent: Tuesday, September 17, 2019 7:31 AM
To: cose <cose@ietf.org<mailto:cose@ietf.org>>
Subject: [COSE] đź”” WGLC of draft-ietf-cose-webauthn-algorithms

Dear all,

This message starts the Working Group Last Call on the draft-ietf-cose-webauthn-algorithms [1].

The working group last call will run for **two weeks**, ending on
October 1, 2019.

Please review and send any comments or feedback to the working group. Even if your feedback is "this is ready", please let us know.

Thank you,

- Matthew and Ivaylo
COSE Chairs

[1]: https://datatracker.ietf.org/doc/draft-ietf-cose-webauthn-algorithms/<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-cose-webauthn-algorithms%2F&data=02%7C01%7CMichael.Jones%40microsoft.com%7Cb65306e054df4a68cc4b08d73bda0c93%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C1%7C637043680013925141&sdata=MpyFQf0Mdxd6PEXtNUJJLJBjSDWGacfLnCIEsMBTqhg%3D&reserved=0>

v2.23.0 | Report a Bug | By Email