IETF Logo Mail Archive

Re: [COSE] FW: [jose] draft-jones-cose-rsa

Justin Richer <jricher@mit.edu> Mon, 09 January 2017 19:38 UTC

Return-Path: <jricher@mit.edu>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB40129DC6 for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:38:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wgne3o97f61U for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:38:35 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7F6B129DC5 for <cose@ietf.org>; Mon, 9 Jan 2017 11:38:33 -0800 (PST)
X-AuditID: 12074423-25bff70000000d21-31-5873e6b7efa6
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id C3.AD.03361.7B6E3785; Mon, 9 Jan 2017 14:38:32 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v09JcVQh005916; Mon, 9 Jan 2017 14:38:31 -0500
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v09JcTcu013548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 9 Jan 2017 14:38:30 -0500
To: Jim Schaad <ietf@augustcellars.com>, 'cose' <cose@ietf.org>
References: <012d01d26487$8fb4d080$af1e7180$@augustcellars.com> <009a01d26a3f$7ccc1880$76644980$@augustcellars.com>
From: Justin Richer <jricher@mit.edu>
Message-ID: <fc7d6964-7f85-5abd-7675-e7f01f9551ba@mit.edu>
Date: Mon, 09 Jan 2017 14:38:26 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <009a01d26a3f$7ccc1880$76644980$@augustcellars.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrIIsWRmVeSWpSXmKPExsUixCmqrbvjWXGEQVO7pMW0rVNZLVZP/87m wOSxcc50No8lS34yBTBFcdmkpOZklqUW6dslcGU8aDnEUvBbqKJzzgrWBsZG/i5GTg4JAROJ ydMnsnQxcnEICbQxSdzqWsMK4WxglPjy6Dg7hHObSeLpxWMsIC3CAsYStye8ZwWxRQQcJVY8 amcHsYUESiW2rPnFCGKzCahKTF/TwgRi8wpYSVxb1AdWzyKgIjFn8mKwelGBGIm365ezQ9QI Spyc+QRsPqeAg8T0lyfA5jAL2ErcmbubGcKWl9j+dg7zBEb+WUhaZiEpm4WkbAEj8ypG2ZTc Kt3cxMyc4tRk3eLkxLy81CJdM73czBK91JTSTYygkGR3Ud7B+LLP+xCjAAejEg/vhknFEUKs iWXFlbmHGCU5mJREeQ12AYX4kvJTKjMSizPii0pzUosPMUpwMCuJ8Po/BcrxpiRWVqUW5cOk pDlYlMR5L2W6RwgJpCeWpGanphakFsFkZTg4lCR49UAaBYtS01Mr0jJzShDSTBycIMN5gIa3 gg0vLkjMLc5Mh8ifYlSUEudNBUkIgCQySvPgekEpI+HtYdNXjOJArwjzfnoCVMUDTDdw3a+A BjMBDY60AxtckoiQkmpgZM8UK647YSxRWB8y9Rfv5tt/VHfMeFHcMaHng6nQlLXszPMb1gcd jdkqtP5Xi8qJT/orGV5vXa/0IVdH5ivP/y4WxcrPQWXiTNPiCnPKozRj/Je4q697v33rx2/r qwKCPNTE9edd9Y5e8fTHzF2GXXbVSTrZXTc6b9164M58Z55kd++zmLt3lViKMxINtZiLihMB 2ZknPfQCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/TxjDgp9HBSvQvg3vKTwjt9khBcg>
Subject: Re: [COSE] FW: [jose] draft-jones-cose-rsa
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 19:38:37 -0000

+1 on the CURDLE question.

  -- Justin


On 1/9/2017 1:13 AM, Jim Schaad wrote:
> I just figure out that I sent this to the wrong list - maybe the names are
> too close together.
>
>> -----Original Message-----
>> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
>> Sent: Sunday, January 01, 2017 3:34 PM
>> To: draft-jones-cose-rsa@tools.ietf.org
>> Cc: jose@ietf.org
>> Subject: [jose] draft-jones-cose-rsa
>>
>> Comments:
>>
>> 0.  Should this be done in curdle rather than as AD sponsored?
>>
>> 1.  As per previous mail, remove values assignments in tables 1, 2, and 3
> unless
>> you have cleared them with the appropriate registry experts.  I am less
> worried
>> about table 4 but you should clear that as well.
>>
>> 2.  Kill RSAES-OAP w/ SHA-1.  We are not doing SHA-1 currently with any of
> the
>> CBOR algorithms.  In section 3.1.1.1 - what are the properties that are
> needed
>> here for SHA-1 so we can ensure that the statement is true.  Also, rename
> this to
>> be s/ SHA-1 not w/ Default.  There are no defaults for COSE.
>>
>> 3.  Text in 3.1.1.1 and 2.1.1 should be more consistent in how it is
> written.
>> 4. in the abstract be more specific about which RSA algorithms are being
>> supported.  For example, you are not doing 1.5 or KEM.
>>
>> 5.  Why does 3.1.1.1 have a size and 2.1.1 not have one.  This should be
>> consistent.
>>
>> 6.  section 3.1.1.1 should be encryption operation not decryption
> operation.
>> 7.  Section 3.1.1.1 - this text does not make sense "One potential denial
> of
>> service
>>     operation is to provide encrypted objects using either abnormally
>>     long or oddly sized RSA modulus values."   Should probably refer to
> keys
>> not encrypted objects.
>>
>> 8.  There is a requirement of minimum encoding lengths - what purpose does
>> this serve?  Is there a security problem here or is it just a nice to have
> because of
>> message size?
>>
>> 9. Missing some security considerations.
>>
>> 10 Section 2.1.1 s/hash functions are not truncated/hash function outputs
> are
>> not truncated/
>>
>>
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose

v2.23.0 | Report a Bug | By Email