IETF Logo Mail Archive

Re: [COSE] Why you shouldn't have your crypto designed by a CEO

Hannes Tschofenig <Hannes.Tschofenig@arm.com> Tue, 11 January 2022 09:46 UTC

Return-Path: <Hannes.Tschofenig@arm.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54F333A2131 for <cose@ietfa.amsl.com>; Tue, 11 Jan 2022 01:46:56 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.9
X-Spam-Level:
X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=FuUJ4/re; dkim=pass (1024-bit key) header.d=armh.onmicrosoft.com header.b=FuUJ4/re
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OWMkvNovPSKJ for <cose@ietfa.amsl.com>; Tue, 11 Jan 2022 01:46:51 -0800 (PST)
Received: from EUR01-DB5-obe.outbound.protection.outlook.com (mail-eopbgr150079.outbound.protection.outlook.com [40.107.15.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 92C6E3A2130 for <cose@ietf.org>; Tue, 11 Jan 2022 01:46:51 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uHe7GjzCvi+snHUoVSo6XxmLjz/LugOvY9raa0qW3Mo=; b=FuUJ4/regMouIhjN25t7ildsrVzVGm4jlhdGqNVEtoYq2QMtDadGYb1xyk/ZKwSlC7NQpLSdiYjs+q7Nbla1muev9HfdkqlAJ/f5gHxJcy25dq6W9QmzsIfrTkKTeX2IiL9yWdxkSpkLxdgE+AGgqJ92GzadiyC5/rpPY8+RH20=
Received: from DU2PR04CA0202.eurprd04.prod.outlook.com (2603:10a6:10:28d::27) by VE1PR08MB4848.eurprd08.prod.outlook.com (2603:10a6:802:a7::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.11; Tue, 11 Jan 2022 09:46:47 +0000
Received: from DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com (2603:10a6:10:28d:cafe::3d) by DU2PR04CA0202.outlook.office365.com (2603:10a6:10:28d::27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.7 via Frontend Transport; Tue, 11 Jan 2022 09:46:47 +0000
X-MS-Exchange-Authentication-Results: spf=pass (sender IP is 63.35.35.123) smtp.mailfrom=arm.com; dkim=pass (signature was verified) header.d=armh.onmicrosoft.com;dmarc=pass action=none header.from=arm.com;
Received-SPF: Pass (protection.outlook.com: domain of arm.com designates 63.35.35.123 as permitted sender) receiver=protection.outlook.com; client-ip=63.35.35.123; helo=64aa7808-outbound-1.mta.getcheckrecipient.com;
Received: from 64aa7808-outbound-1.mta.getcheckrecipient.com (63.35.35.123) by DB5EUR03FT063.mail.protection.outlook.com (10.152.20.209) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.10 via Frontend Transport; Tue, 11 Jan 2022 09:46:47 +0000
Received: ("Tessian outbound f493ab4f1fb8:v110"); Tue, 11 Jan 2022 09:46:47 +0000
X-CR-MTA-TID: 64aa7808
Received: from 35c718cf5142.1 by 64aa7808-outbound-1.mta.getcheckrecipient.com id 74EF2C65-FF82-4077-9584-C1A0DCAC7E6A.1; Tue, 11 Jan 2022 09:46:41 +0000
Received: from EUR05-VI1-obe.outbound.protection.outlook.com by 64aa7808-outbound-1.mta.getcheckrecipient.com with ESMTPS id 35c718cf5142.1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384); Tue, 11 Jan 2022 09:46:41 +0000
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KqXUe7KyLYa6+RPhQNs+wr+cPhcjiG1DugIs/K9tslZs5WOrhD73OFTJ765NSC1FfKm30KOCKtICF2gSkCOIayWAVsqs7sM068+Jd9xELPIEQXDRNMN5kv/pnXjj3fEgp482+Lg8UP/VB6DTfLkYF4kLv1brzfBtg/+phODA/D0FTVKn0i+z7Z6ytFzjyUTuTGtpdarQKatm2tYkh2Xchm/FAhtD7aafrXp1C4Ea7pxc+S8wmokGcpkVfJ+jdNGr0AtOCSYOUMhM49mk+9NLTVJd7AnfNhou+tUHKtgI2eeYXUZohaMxNSEHCFTKHA9kwmjOLaK9kJV5cfb9j3HANQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uHe7GjzCvi+snHUoVSo6XxmLjz/LugOvY9raa0qW3Mo=; b=RL3CHMuh3FFEoIByKGL0be6om/gCCSUGnNd2tuk+dvkv6ELOEtwakDD6Rjrq1vqrAd/HgzGypcYWUhaNeivv+yB4Pj6R1q0Yq+f0mE2TvNwCHQWmZAAeWyDT14BQssIh7pBX6bcR4xvsLN1wYqHU+vE17p9b4+epp+RqPOu65bNyXV6gEj7RhjBBuRIGwWq3Q/OaMG7fSXM54xOq5A9c+rg+7fNR5Vwf5w5BXoUmK6HmFUJKgALxzRVXqfNAYOeu2fRIXTRSTuzHR/uu/pK1eGZaD18fppbO+kZ2vu72NyDOrN30VfKj9FxERJCL2BLqX3Y0s/qxtAR9KJdbIGnk/Q==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=arm.com; dmarc=pass action=none header.from=arm.com; dkim=pass header.d=arm.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=armh.onmicrosoft.com; s=selector2-armh-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=uHe7GjzCvi+snHUoVSo6XxmLjz/LugOvY9raa0qW3Mo=; b=FuUJ4/regMouIhjN25t7ildsrVzVGm4jlhdGqNVEtoYq2QMtDadGYb1xyk/ZKwSlC7NQpLSdiYjs+q7Nbla1muev9HfdkqlAJ/f5gHxJcy25dq6W9QmzsIfrTkKTeX2IiL9yWdxkSpkLxdgE+AGgqJ92GzadiyC5/rpPY8+RH20=
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com (2603:10a6:10:20d::17) by DB7PR08MB3787.eurprd08.prod.outlook.com (2603:10a6:10:33::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4867.11; Tue, 11 Jan 2022 09:46:39 +0000
Received: from DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::ec71:ec1b:a356:3ccb]) by DBBPR08MB5915.eurprd08.prod.outlook.com ([fe80::ec71:ec1b:a356:3ccb%4]) with mapi id 15.20.4867.012; Tue, 11 Jan 2022 09:46:38 +0000
From: Hannes Tschofenig <Hannes.Tschofenig@arm.com>
To: Carsten Bormann <cabo@tzi.org>, cose <cose@ietf.org>
Thread-Topic: [COSE] Why you shouldn't have your crypto designed by a CEO
Thread-Index: AQHYA9f+yq/ibWhmzECVRZDyeggxFKxdlJNw
Date: Tue, 11 Jan 2022 09:46:38 +0000
Message-ID: <DBBPR08MB591571403F26E3A8C0960B17FA519@DBBPR08MB5915.eurprd08.prod.outlook.com>
References: <DC93BD3D-E0F6-464E-8E66-B341205DBC80@tzi.org>
In-Reply-To: <DC93BD3D-E0F6-464E-8E66-B341205DBC80@tzi.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ts-tracking-id: EE0CC77D66AF99499428CD0DF579CD1B.0
x-checkrecipientchecked: true
Authentication-Results-Original: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-MS-Office365-Filtering-Correlation-Id: 935b0dac-258a-4efe-36c9-08d9d4e74909
x-ms-traffictypediagnostic: DB7PR08MB3787:EE_|DB5EUR03FT063:EE_|VE1PR08MB4848:EE_
X-Microsoft-Antispam-PRVS: <VE1PR08MB4848D779C18D46AD19C904C7FA519@VE1PR08MB4848.eurprd08.prod.outlook.com>
x-checkrecipientrouted: true
nodisclaimer: true
x-ms-oob-tlc-oobclassifiers: OLM:10000;OLM:10000;
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam-Untrusted: BCL:0;
X-Microsoft-Antispam-Message-Info-Original: 31Q+du4TUSdLg1BAmF/iy99gaYvzIKiyByyzrPeEPESQk8V/yDwKjMCPVVI4Pt07LQiT6DA2laodb0ZNUP1Xdt1cSgYv5Csjup/fyj01jCK8L0C7J0sUv7bJaJidLTl1w9CU3ZctOMamCnb/CH4NDHTMnzjUT8T/0W6d9Vg+akUN4vFeMPoJmoY0zlRgRx6kroUvBK0nFEU9lRRZZgOooffte5fJZwVopuITS7PWKFaWoE7UAkBNSmh66nFPjNjGz4lqpKv+0i3NSxMXtSRAg4Z30xgyX2ZflJ9Gm+Q1ldHhZS/r8OXl+mAYhvGisKqNOsyG8k2TME3UKpFjlLkJKaCStvsszHOiavpP5eiC88FVFfNS3TCJ8DfQlQQbWVwqrwnQKecgu7sOeDfhsaQ8Qzia12Yhz4RpWBGnyIFZYu4PFhFo7s4simOkpezgnjgJSSwbVC9Pj7vZldqKd5WEQs7vOuiyZ3E1bW9jck2cO1khE3cTp6cAoPnB0pZWCtk+l/0pJa8VcJRbUbqGO6isHXWOnnQ1817Q5pIXDnu5YDEYKv6AhkGQKnc3/Tdl2ReWStNbedZG6hy8WUBrOSj0EtdzMRIsvHlUDFP2a8d1rFp23VHRb3rKT1qRL2oCvm7t8dRRBUq1S5KzUX7VTPDWdg4kAONEDXLaxlgDSo3fInyIG9SshYCD/KBA42hpwEYR8ZBbDvoIK5xfimC81rbV1wDwBL774RB8A9WF2nw5yJ4kPzxuG+33dz/G3IFCoIuzeFnv1FGaS6PYQbQggrypqZT9O0uhhqM83i3qTrsAJr+mo5uGIJb57aCYJxsOOmd5YwcgUWOdOGuS5mGpDG94NBgwyXA2BaAjOyePqUfbp0g=
X-Forefront-Antispam-Report-Untrusted: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DBBPR08MB5915.eurprd08.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(26005)(66556008)(8676002)(38070700005)(966005)(71200400001)(66946007)(55016003)(9686003)(66476007)(7696005)(64756008)(5660300002)(508600001)(6506007)(53546011)(66446008)(2906002)(83380400001)(316002)(8936002)(33656002)(110136005)(38100700002)(86362001)(122000001)(52536014)(76116006)(186003)(16873001); DIR:OUT; SFP:1101;
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB7PR08MB3787
Original-Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=arm.com;
X-EOPAttributedMessage: 0
X-MS-Exchange-Transport-CrossTenantHeadersStripped: DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id-Prvs: 5b3a4893-f485-4b73-dc02-08d9d4e743ce
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: mCOuJg44cj6gC9Skho+sdV1c4eFT4ahN4y08lycu8hYl/y/3oH2CHYMXtj4rq8HSdBpiMDKaQ7nt3pd4Mk+JRLcIsBvT5w32lBaLrO2tnhawQDMYFUdhlnfucsLd5cIzaeSUhFPUI/zuKt4VpH0UEv/5V/jS1joKNaRpL41uDURqpvqhY1g5PCR7fp/2NT6cjD2my57lnPlM95Q8umt9ADXzdIjRiASwE7STQiKtIN5AySCXkf03DXkrFVGnfjWpt0uxS96IS/ZE9aAclVuEHpFxz3Cy1gCCZ8KXtU0HNUYsh2oNAiuYymfFNEfB7SPzL2p2ZUJzOBJg88A+EiEt3D/YpfEoWHdr6zand1iOIWc0Mq3pQ7n/1kqznnwj+5+P9U9A0YseFVyPGpYJnyZo2RIQI2vaJuGg8a6V/ZS2VnrdINAOAj3C91gKeUJvbDD7PHzt+ods22gCjgZpRSmFpc2jSOhIymE2WeDAdMtr70gBbsfTJm3gntfzeyjIp8OB9ssOKUUI8CYxTeflZnLF2eelBM/l5Z296X69rCqoDNAvOEXSmald+Xmmh++kaJi8nVT75e9Yu01/ssU6yQMp6FE+ufF27jtRil+DEvG76/Z3LQwVVbRiHVWVU1++xvXBcp5Rg2Lpmz1iBsc9BSYl+RZwkpj6wufEQDuxqozxj0T54tq7g1PUTeEMgsv4StqdIPhV63qxMe/GHqYoz9qHooRBVhU+6CUa4oSRRi16ytRNNFN953CJpsb3RmBkBF7Z40dEIrl3p7Cf9UJ4f987GVXDP3IcS78HAQPg1TG+z/Vf2Re5/lGkJYlSTmBoSCrMMHulD1kR1cz9Sh5M9oRbrqQ/teQ8XbR0P+loAZtsaqHFSVr2sX+XTSDBT5hU8O7/3xYF/nNY3BrXwUF7Z2eiUk6xzH12piZHj6cYTDE/gDA=
X-Forefront-Antispam-Report: CIP:63.35.35.123; CTRY:IE; LANG:en; SCL:1; SRV:; IPV:CAL; SFV:NSPM; H:64aa7808-outbound-1.mta.getcheckrecipient.com; PTR:ec2-63-35-35-123.eu-west-1.compute.amazonaws.com; CAT:NONE; SFS:(4636009)(46966006)(36840700001)(40470700002)(33656002)(83380400001)(110136005)(316002)(5660300002)(52536014)(86362001)(81166007)(356005)(47076005)(336012)(70206006)(966005)(8936002)(36860700001)(508600001)(53546011)(6506007)(2906002)(7696005)(186003)(8676002)(26005)(9686003)(82310400004)(70586007)(55016003)(40460700001)(16873001); DIR:OUT; SFP:1101;
X-OriginatorOrg: arm.com
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 11 Jan 2022 09:46:47.7354 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 935b0dac-258a-4efe-36c9-08d9d4e74909
X-MS-Exchange-CrossTenant-Id: f34e5979-57d9-4aaa-ad4d-b122a662184d
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=f34e5979-57d9-4aaa-ad4d-b122a662184d; Ip=[63.35.35.123]; Helo=[64aa7808-outbound-1.mta.getcheckrecipient.com]
X-MS-Exchange-CrossTenant-AuthSource: DB5EUR03FT063.eop-EUR03.prod.protection.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Anonymous
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: VE1PR08MB4848
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/OT5iXS1Xnnm7Dtepw3mhcO_qV6c>
Subject: Re: [COSE] Why you shouldn't have your crypto designed by a CEO
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Jan 2022 09:47:00 -0000

Hi Carsten,

it is annoying that engineers create alternative solutions primarily for their own marketing benefit (with collateral damage). However, this is not a new development. We even see this happening inside the IETF as well. How often do we have the situation where someone wants to gain a marketing benefit by writing a new spec that serves the same purpose as an existing one?

Referring to proprietary specifications as "standards" is not new either.

There is no change to the JOSE / COSE specs that would convince this company to use them because they anticipate business benefits from developing something from scratch.

Ciao
Hannes

-----Original Message-----
From: COSE <cose-bounces@ietf.org> On Behalf Of Carsten Bormann
Sent: Friday, January 7, 2022 4:03 PM
To: cose <cose@ietf.org>
Subject: [COSE] Why you shouldn't have your crypto designed by a CEO

In the IETF we focus on making building blocks, which are then used to create products and deployments.

Personally, I generally focus on creating quality building blocks and try to ignore whether those ultimately lead to design wins or not.

But I can’t help seeing a whole little industry creep up that is interested in creating alternative building blocks that appear to be of interest to the creators so they can attain control over them and perform rent seeking from that control.

This is, of course, an old game in standardization, but it is reaching new heights in the area of standards for signing things.

Under the guise of writing tutorials about this subject field, IETF building blocks are disparaged and the “new” wares are peddled instead.  Within the bubbles created by this, it may seem the IETF standards are done with and the “alternatives” can be presented as the way to go.

Marketing is a necessary component of technology development, but it should not be built out of hatchet jobs and, er, alternative facts.

For those looking for an example, try exhibit [1].  After a brief tutorial (which is always welcome), various approaches are discussed.  JOSE (with JWS and JWT) is correctly presented as the “elephant in the room”, but then immediately disqualified because of the single misfeature that JOSE stores the algorithm identifier with the signature.  The author mentions RFC 8725, but either hasn’t read it or doesn’t want to mention that this immediately deflates his only(!) argument against JOSE.

Note that exhibit [1] is from August 2021, but doesn’t even mention COSE.  Probably because COSE is a convincing successor to JOSE in the space he is targeting, with implementations out there that have taken lessons from early JOSE implementations.
Instead, the piece presents [2] as evidence that “PASETO is progressing toward an IETF standard”, but then quickly deflects any potential response that it isn’t, by saying "it is important to note that [IETF] acceptance does not really matter from a security perspective" ([2] itself says the same thing in other words as well).  Of course, he later argues against crypto agility, “any of the SHA-2 functions are fine. Pick one and use it everywhere, don’t try to design in agility at the protocol level”.

I’m going to spare you from further analysis of this pamphlet and will only add [3] as a link offering a probably explanation why this piece was written.

I’m wondering whether we (the set of individuals interested in this, certainly not the WG as an IETF construct) need do to more in offering factual material to the channels that are being used for this “marketing”.

Grüße, Carsten

[1]: https://dlorenc.medium.com/signature-formats-9b7b2a127473
[2]: https://github.com/paseto-standard/paseto-rfc
[3]: https://chainguard.dev/posts/2021-10-07-introducing-chainguard

_______________________________________________
COSE mailing list
COSE@ietf.org
https://www.ietf.org/mailman/listinfo/cose
IMPORTANT NOTICE: The contents of this email and any attachments are confidential and may also be privileged. If you are not the intended recipient, please notify the sender immediately and do not disclose the contents to any other person, use it for any purpose, or store or copy the information in any medium. Thank you.

v2.29.0 | Report a Bug | By Email | System Status