IETF Logo Mail Archive

Re: [COSE] COSE Support for AES-CTR and AES-CBC

"Arciszewski, Scott" <scottarc@amazon.com> Wed, 26 October 2022 00:05 UTC

Return-Path: <prvs=291ed131b=scottarc@amazon.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E16C14CE26 for <cose@ietfa.amsl.com>; Tue, 25 Oct 2022 17:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.176
X-Spam-Level:
X-Spam-Status: No, score=-10.176 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOFv9Q0EqP7q for <cose@ietfa.amsl.com>; Tue, 25 Oct 2022 17:05:54 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA1AC14F73B for <cose@ietf.org>; Tue, 25 Oct 2022 17:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1666742754; x=1698278754; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=MNg1WQWV9gSf641KlVfR8/ngLm2SBI+HaZ1OrQ657Fc=; b=TkfnGAPAUBLNyM1MxZqN+RT6ofHOj0jGxF2mc0YBhbuQtNoq4hLWfimd nkgihdYrih33enm1IXudcE/X3hyIC7lZenJol3oYpnGihjWyvZxf4eaNq FPWs6soh34jEoVFb/havpSfGPoQ3oW5JB7NITioCGnWaWtt9YM9G6sto/ 8=;
X-IronPort-AV: E=Sophos;i="5.95,213,1661817600"; d="scan'208,217";a="259817176"
Thread-Topic: [COSE] COSE Support for AES-CTR and AES-CBC
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-10222bbc.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2022 00:05:50 +0000
Received: from EX13D26EUC001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1d-10222bbc.us-east-1.amazon.com (Postfix) with ESMTPS id D25492645E2; Wed, 26 Oct 2022 00:05:48 +0000 (UTC)
Received: from EX19D016EUC002.ant.amazon.com (10.252.51.183) by EX13D26EUC001.ant.amazon.com (10.43.164.76) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 26 Oct 2022 00:05:47 +0000
Received: from EX19D016EUC003.ant.amazon.com (10.252.51.244) by EX19D016EUC002.ant.amazon.com (10.252.51.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.15; Wed, 26 Oct 2022 00:05:47 +0000
Received: from EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c]) by EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c%3]) with mapi id 15.02.1118.015; Wed, 26 Oct 2022 00:05:47 +0000
From: "Arciszewski, Scott" <scottarc@amazon.com>
To: Russ Housley <housley@vigilsec.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Index: AQHY6JCkwnB4caYo1ESOQZL+z8NCda4fy/Zj
Date: Wed, 26 Oct 2022 00:05:47 +0000
Message-ID: <32d84d35531543469a4a196a7b137cb1@amazon.com>
References: <CO1PR00MB13086039D60B9997AE5F5928F54E9@CO1PR00MB1308.namprd00.prod.outlook.com> <SA1PR00MB1310AB40F32B3B2E9FC36D31F5239@SA1PR00MB1310.namprd00.prod.outlook.com>, <ADE35F26-5BF8-4205-A8B5-36C1F55E8207@vigilsec.com>
In-Reply-To: <ADE35F26-5BF8-4205-A8B5-36C1F55E8207@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.43.162.178]
Content-Type: multipart/alternative; boundary="_000_32d84d35531543469a4a196a7b137cb1amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/k6VnQkSNgyD1TsCMQ9DNchmu7vc>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 00:05:55 -0000

Introducing AES-CTR and/or AES-CBC into COSE tokens that already support AES-GCM will open the GCM implementations to new security issues. Namely, potential padding oracle vulnerabilities.

At minimum, the Security Considerations section of draft-ietf-cose-aes-ctr-and-cbc-01 needs to call this risk out: Applications that encrypt or decrypt with AES-GCM *MUST NOT* support AES-GCM or AES-CTR with the same cryptographic materials, due to the existence of cross-protocol issues. One way to safeguard users from potential misuse is to use a separate "type" for keys used with unauthenticated encryption modes; similar to how COSE distinguishes MACs from Signatures.

Additionally, I'd like to recommend sharing this draft with the CFRG mailing list to ensure it has the appropriate level of oversight from the IETF's cryptography experts.

________________________________
From: COSE <cose-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Sent: Tuesday, October 25, 2022 9:40:08 AM
To: cose@ietf.org
Subject: [EXTERNAL] [COSE] COSE Support for AES-CTR and AES-CBC


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


After draft-ietf-cose-aes-ctr-and-cbc-00 was posted, we got a few very good comments from Ilari.  Those were addressed in -01.  I am unaware of any open issues, so I think this document is ready for WG Last Call.

Russ


On Oct 11, 2022, at 12:42 PM, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org<mailto:Michael.Jones=40microsoft.com@dmarc.ietf.org>> wrote:

Support was expressed for adoption of this draft by multiple parties and no opposition was expressed.  The draft is hereby adopted.

Authors, please submit a -00 working group draft based on the current individual draft.

                                         -- Mike (for the COSE chairs)

From: Mike Jones
Sent: Thursday, September 22, 2022 10:20 AM
To: cose@ietf.org<mailto:cose@ietf.org>
Cc: housley@vigilsec.com<mailto:housley@vigilsec.com>
Subject: Call for adoption of CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC

This note starts a two-week call for adoption of https://datatracker.ietf.org/doc/html/draft-housley-cose-aes-ctr-and-cbc-00 – ending on Thursday, October 6th.

Please reply either expressing support for adoption or stating your objections.

                                                       Thank you,
                                         -- Mike (COSE co-chair)

v2.23.0 | Report a Bug | By Email