Re: [COSE] FW: [jose] draft-jones-cose-rsa
Justin Richer <jricher@mit.edu> Mon, 09 January 2017 19:38 UTC
Return-Path: <jricher@mit.edu>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8FB40129DC6 for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:38:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.399
X-Spam-Level:
X-Spam-Status: No, score=-7.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-3.199, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Wgne3o97f61U for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:38:35 -0800 (PST)
Received: from dmz-mailsec-scanner-6.mit.edu (dmz-mailsec-scanner-6.mit.edu [18.7.68.35]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D7F6B129DC5 for <cose@ietf.org>; Mon, 9 Jan 2017 11:38:33 -0800 (PST)
X-AuditID: 12074423-25bff70000000d21-31-5873e6b7efa6
Received: from mailhub-auth-3.mit.edu ( [18.9.21.43]) (using TLS with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client did not present a certificate) by (Symantec Messaging Gateway) with SMTP id C3.AD.03361.7B6E3785; Mon, 9 Jan 2017 14:38:32 -0500 (EST)
Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) by mailhub-auth-3.mit.edu (8.13.8/8.9.2) with ESMTP id v09JcVQh005916; Mon, 9 Jan 2017 14:38:31 -0500
Received: from [192.168.128.57] (static-96-237-195-53.bstnma.fios.verizon.net [96.237.195.53]) (authenticated bits=0) (User authenticated as jricher@ATHENA.MIT.EDU) by outgoing.mit.edu (8.13.8/8.12.4) with ESMTP id v09JcTcu013548 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Mon, 9 Jan 2017 14:38:30 -0500
To: Jim Schaad <ietf@augustcellars.com>, 'cose' <cose@ietf.org>
References: <012d01d26487$8fb4d080$af1e7180$@augustcellars.com> <009a01d26a3f$7ccc1880$76644980$@augustcellars.com>
From: Justin Richer <jricher@mit.edu>
Message-ID: <fc7d6964-7f85-5abd-7675-e7f01f9551ba@mit.edu>
Date: Mon, 09 Jan 2017 14:38:26 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.6.0
MIME-Version: 1.0
In-Reply-To: <009a01d26a3f$7ccc1880$76644980$@augustcellars.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFnrIIsWRmVeSWpSXmKPExsUixCmqrbvjWXGEQVO7pMW0rVNZLVZP/87m wOSxcc50No8lS34yBTBFcdmkpOZklqUW6dslcGU8aDnEUvBbqKJzzgrWBsZG/i5GTg4JAROJ ydMnsnQxcnEICbQxSdzqWsMK4WxglPjy6Dg7hHObSeLpxWMsIC3CAsYStye8ZwWxRQQcJVY8 amcHsYUESiW2rPnFCGKzCahKTF/TwgRi8wpYSVxb1AdWzyKgIjFn8mKwelGBGIm365ezQ9QI Spyc+QRsPqeAg8T0lyfA5jAL2ErcmbubGcKWl9j+dg7zBEb+WUhaZiEpm4WkbAEj8ypG2ZTc Kt3cxMyc4tRk3eLkxLy81CJdM73czBK91JTSTYygkGR3Ud7B+LLP+xCjAAejEg/vhknFEUKs iWXFlbmHGCU5mJREeQ12AYX4kvJTKjMSizPii0pzUosPMUpwMCuJ8Po/BcrxpiRWVqUW5cOk pDlYlMR5L2W6RwgJpCeWpGanphakFsFkZTg4lCR49UAaBYtS01Mr0jJzShDSTBycIMN5gIa3 gg0vLkjMLc5Mh8ifYlSUEudNBUkIgCQySvPgekEpI+HtYdNXjOJArwjzfnoCVMUDTDdw3a+A BjMBDY60AxtckoiQkmpgZM8UK647YSxRWB8y9Rfv5tt/VHfMeFHcMaHng6nQlLXszPMb1gcd jdkqtP5Xi8qJT/orGV5vXa/0IVdH5ivP/y4WxcrPQWXiTNPiCnPKozRj/Je4q697v33rx2/r qwKCPNTE9edd9Y5e8fTHzF2GXXbVSTrZXTc6b9164M58Z55kd++zmLt3lViKMxINtZiLihMB 2ZknPfQCAAA=
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/TxjDgp9HBSvQvg3vKTwjt9khBcg>
Subject: Re: [COSE] FW: [jose] draft-jones-cose-rsa
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 19:38:37 -0000
+1 on the CURDLE question. -- Justin On 1/9/2017 1:13 AM, Jim Schaad wrote: > I just figure out that I sent this to the wrong list - maybe the names are > too close together. > >> -----Original Message----- >> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad >> Sent: Sunday, January 01, 2017 3:34 PM >> To: draft-jones-cose-rsa@tools.ietf.org >> Cc: jose@ietf.org >> Subject: [jose] draft-jones-cose-rsa >> >> Comments: >> >> 0. Should this be done in curdle rather than as AD sponsored? >> >> 1. As per previous mail, remove values assignments in tables 1, 2, and 3 > unless >> you have cleared them with the appropriate registry experts. I am less > worried >> about table 4 but you should clear that as well. >> >> 2. Kill RSAES-OAP w/ SHA-1. We are not doing SHA-1 currently with any of > the >> CBOR algorithms. In section 3.1.1.1 - what are the properties that are > needed >> here for SHA-1 so we can ensure that the statement is true. Also, rename > this to >> be s/ SHA-1 not w/ Default. There are no defaults for COSE. >> >> 3. Text in 3.1.1.1 and 2.1.1 should be more consistent in how it is > written. >> 4. in the abstract be more specific about which RSA algorithms are being >> supported. For example, you are not doing 1.5 or KEM. >> >> 5. Why does 3.1.1.1 have a size and 2.1.1 not have one. This should be >> consistent. >> >> 6. section 3.1.1.1 should be encryption operation not decryption > operation. >> 7. Section 3.1.1.1 - this text does not make sense "One potential denial > of >> service >> operation is to provide encrypted objects using either abnormally >> long or oddly sized RSA modulus values." Should probably refer to > keys >> not encrypted objects. >> >> 8. There is a requirement of minimum encoding lengths - what purpose does >> this serve? Is there a security problem here or is it just a nice to have > because of >> message size? >> >> 9. Missing some security considerations. >> >> 10 Section 2.1.1 s/hash functions are not truncated/hash function outputs > are >> not truncated/ >> >> >> >> >> _______________________________________________ >> jose mailing list >> jose@ietf.org >> https://www.ietf.org/mailman/listinfo/jose > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose
- [COSE] FW: [jose] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Justin Richer
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Kathleen Moriarty
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] draft-jones-cose-rsa Mike Jones