IETF Logo Mail Archive

Re: [COSE] COSE Support for AES-CTR and AES-CBC

"Arciszewski, Scott" <scottarc@amazon.com> Thu, 27 October 2022 17:52 UTC

Return-Path: <prvs=292251758=scottarc@amazon.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6B1E0C14F74C for <cose@ietfa.amsl.com>; Thu, 27 Oct 2022 10:52:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.18
X-Spam-Level:
X-Spam-Status: No, score=-10.18 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y8NeF0GWr57p for <cose@ietfa.amsl.com>; Thu, 27 Oct 2022 10:52:31 -0700 (PDT)
Received: from smtp-fw-80006.amazon.com (smtp-fw-80006.amazon.com [99.78.197.217]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 465F0C14F693 for <cose@ietf.org>; Thu, 27 Oct 2022 10:52:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1666893152; x=1698429152; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=PeNermf+B2Gisqr8ztUC/2+vktiRU92j5UuAqBuO8JU=; b=LEaw5iF8b0gr435wQIeT8gX51bQYDQ5fN4f5SApv5MRVqUu7Q10Tl+O8 x+jgMksTHiLMTHcOzh/co1Hap0NHwts1GZOLEgFC5w6k4eYv3U2ZtXKi8 aAky5dNEOseVkZxlA4kn6QJ4wSlCnzswPtEMeg0+KrMrXcnJcY1hn9QFD I=;
X-IronPort-AV: E=Sophos;i="5.95,218,1661817600"; d="scan'208,217";a="145080829"
Thread-Topic: [COSE] COSE Support for AES-CTR and AES-CBC
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-m6i4x-366646a6.us-east-1.amazon.com) ([10.25.36.210]) by smtp-border-fw-80006.pdx80.corp.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 27 Oct 2022 17:52:29 +0000
Received: from EX13D45EUC002.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan2.iad.amazon.com [10.40.163.34]) by email-inbound-relay-iad-1a-m6i4x-366646a6.us-east-1.amazon.com (Postfix) with ESMTPS id 17ECDA3D99; Thu, 27 Oct 2022 17:52:26 +0000 (UTC)
Received: from EX19D016EUC002.ant.amazon.com (10.252.51.183) by EX13D45EUC002.ant.amazon.com (10.43.164.25) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Thu, 27 Oct 2022 17:52:25 +0000
Received: from EX19D016EUC003.ant.amazon.com (10.252.51.244) by EX19D016EUC002.ant.amazon.com (10.252.51.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.15; Thu, 27 Oct 2022 17:52:25 +0000
Received: from EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c]) by EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c%3]) with mapi id 15.02.1118.015; Thu, 27 Oct 2022 17:52:25 +0000
From: "Arciszewski, Scott" <scottarc@amazon.com>
To: "Zundel, Brent" <brent.zundel=40avast.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Index: AQHY6hrmxhpNxb2w10SzArOT2vCIgq4ihVD/
Date: Thu, 27 Oct 2022 17:52:25 +0000
Message-ID: <a69db82e96374a36b1f7164da3c5556e@amazon.com>
References: <CAGi82uNOmJJdO2HKcE8M491Vv_PLgk8J8vvfsEE88CMZkmALmw@mail.gmail.com>
In-Reply-To: <CAGi82uNOmJJdO2HKcE8M491Vv_PLgk8J8vvfsEE88CMZkmALmw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.43.62.229]
Content-Type: multipart/alternative; boundary="_000_a69db82e96374a36b1f7164da3c5556eamazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/gHOYCIkgwytr-VvgH9a0DPBdMYU>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 Oct 2022 17:52:32 -0000

Thank you for this additional context about IANA and JOSE. I find it very helpful.

________________________________
From: COSE <cose-bounces@ietf.org> on behalf of Zundel, Brent <brent.zundel=40avast.com@dmarc.ietf.org>
Sent: Thursday, October 27, 2022 8:43:46 AM
To: cose@ietf.org
Subject: RE: [EXTERNAL][COSE] COSE Support for AES-CTR and AES-CBC


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Having only recently become aware of this thread, I apologize for the lateness of this, but feel compelled to share my concerns as well.

While it is true that AES-CTR and AES-CBC have been included in RFCs for years, I would like to direct the attention of folks to the IANA registry for JOSE, where AES-CBC and AES-CTR are marked as 'Prohibited' for JOSE Implementations.

I don't understand going to the effort of defining AES-CTR and AES-CBC for CBOR when these modes are already recognized elsewhere as bad enough to prohibit.

--
Brent Zundel
Principle Crypto Engineer - Avast

v2.23.0 | Report a Bug | By Email