Re: [COSE] COSE Support for AES-CTR and AES-CBC
"Arciszewski, Scott" <scottarc@amazon.com> Wed, 26 October 2022 00:05 UTC
Return-Path: <prvs=291ed131b=scottarc@amazon.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 13E16C14CE26 for <cose@ietfa.amsl.com>; Tue, 25 Oct 2022 17:05:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.176
X-Spam-Level:
X-Spam-Status: No, score=-10.176 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WOFv9Q0EqP7q for <cose@ietfa.amsl.com>; Tue, 25 Oct 2022 17:05:54 -0700 (PDT)
Received: from smtp-fw-6002.amazon.com (smtp-fw-6002.amazon.com [52.95.49.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EEA1AC14F73B for <cose@ietf.org>; Tue, 25 Oct 2022 17:05:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1666742754; x=1698278754; h=from:to:date:message-id:references:in-reply-to: mime-version:subject; bh=MNg1WQWV9gSf641KlVfR8/ngLm2SBI+HaZ1OrQ657Fc=; b=TkfnGAPAUBLNyM1MxZqN+RT6ofHOj0jGxF2mc0YBhbuQtNoq4hLWfimd nkgihdYrih33enm1IXudcE/X3hyIC7lZenJol3oYpnGihjWyvZxf4eaNq FPWs6soh34jEoVFb/havpSfGPoQ3oW5JB7NITioCGnWaWtt9YM9G6sto/ 8=;
X-IronPort-AV: E=Sophos;i="5.95,213,1661817600"; d="scan'208,217";a="259817176"
Thread-Topic: [COSE] COSE Support for AES-CTR and AES-CBC
Received: from iad12-co-svc-p1-lb1-vlan3.amazon.com (HELO email-inbound-relay-iad-1d-10222bbc.us-east-1.amazon.com) ([10.43.8.6]) by smtp-border-fw-6002.iad6.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 26 Oct 2022 00:05:50 +0000
Received: from EX13D26EUC001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1d-10222bbc.us-east-1.amazon.com (Postfix) with ESMTPS id D25492645E2; Wed, 26 Oct 2022 00:05:48 +0000 (UTC)
Received: from EX19D016EUC002.ant.amazon.com (10.252.51.183) by EX13D26EUC001.ant.amazon.com (10.43.164.76) with Microsoft SMTP Server (TLS) id 15.0.1497.42; Wed, 26 Oct 2022 00:05:47 +0000
Received: from EX19D016EUC003.ant.amazon.com (10.252.51.244) by EX19D016EUC002.ant.amazon.com (10.252.51.183) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.15; Wed, 26 Oct 2022 00:05:47 +0000
Received: from EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c]) by EX19D016EUC003.ant.amazon.com ([fe80::9d05:20d9:966f:795c%3]) with mapi id 15.02.1118.015; Wed, 26 Oct 2022 00:05:47 +0000
From: "Arciszewski, Scott" <scottarc@amazon.com>
To: Russ Housley <housley@vigilsec.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Index: AQHY6JCkwnB4caYo1ESOQZL+z8NCda4fy/Zj
Date: Wed, 26 Oct 2022 00:05:47 +0000
Message-ID: <32d84d35531543469a4a196a7b137cb1@amazon.com>
References: <CO1PR00MB13086039D60B9997AE5F5928F54E9@CO1PR00MB1308.namprd00.prod.outlook.com> <SA1PR00MB1310AB40F32B3B2E9FC36D31F5239@SA1PR00MB1310.namprd00.prod.outlook.com>, <ADE35F26-5BF8-4205-A8B5-36C1F55E8207@vigilsec.com>
In-Reply-To: <ADE35F26-5BF8-4205-A8B5-36C1F55E8207@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.43.162.178]
Content-Type: multipart/alternative; boundary="_000_32d84d35531543469a4a196a7b137cb1amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/k6VnQkSNgyD1TsCMQ9DNchmu7vc>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Oct 2022 00:05:55 -0000
Introducing AES-CTR and/or AES-CBC into COSE tokens that already support AES-GCM will open the GCM implementations to new security issues. Namely, potential padding oracle vulnerabilities. At minimum, the Security Considerations section of draft-ietf-cose-aes-ctr-and-cbc-01 needs to call this risk out: Applications that encrypt or decrypt with AES-GCM *MUST NOT* support AES-GCM or AES-CTR with the same cryptographic materials, due to the existence of cross-protocol issues. One way to safeguard users from potential misuse is to use a separate "type" for keys used with unauthenticated encryption modes; similar to how COSE distinguishes MACs from Signatures. Additionally, I'd like to recommend sharing this draft with the CFRG mailing list to ensure it has the appropriate level of oversight from the IETF's cryptography experts. ________________________________ From: COSE <cose-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com> Sent: Tuesday, October 25, 2022 9:40:08 AM To: cose@ietf.org Subject: [EXTERNAL] [COSE] COSE Support for AES-CTR and AES-CBC CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. After draft-ietf-cose-aes-ctr-and-cbc-00 was posted, we got a few very good comments from Ilari. Those were addressed in -01. I am unaware of any open issues, so I think this document is ready for WG Last Call. Russ On Oct 11, 2022, at 12:42 PM, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org<mailto:Michael.Jones=40microsoft.com@dmarc.ietf.org>> wrote: Support was expressed for adoption of this draft by multiple parties and no opposition was expressed. The draft is hereby adopted. Authors, please submit a -00 working group draft based on the current individual draft. -- Mike (for the COSE chairs) From: Mike Jones Sent: Thursday, September 22, 2022 10:20 AM To: cose@ietf.org<mailto:cose@ietf.org> Cc: housley@vigilsec.com<mailto:housley@vigilsec.com> Subject: Call for adoption of CBOR Object Signing and Encryption (COSE): AES-CTR and AES-CBC This note starts a two-week call for adoption of https://datatracker.ietf.org/doc/html/draft-housley-cose-aes-ctr-and-cbc-00 – ending on Thursday, October 6th. Please reply either expressing support for adoption or stating your objections. Thank you, -- Mike (COSE co-chair)
- [COSE] Call for adoption of CBOR Object Signing a… Mike Jones
- Re: [COSE] Call for adoption of CBOR Object Signi… Hannes Tschofenig
- Re: [COSE] Call for adoption of CBOR Object Signi… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Ken Takayama
- Re: [COSE] Call for adoption of CBOR Object Signi… Brendan Moran
- Re: [COSE] Call for adoption of CBOR Object Signi… Emmanuel Baccelli
- [COSE] Call for adoption of CBOR Object Signing a… David Brown
- [COSE] Call for adoption of CBOR Object Signing a… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Prorock
- Re: [COSE] Call for adoption of CBOR Object Signi… Orie Steele
- Re: [COSE] Call for adoption of CBOR Object Signi… Blumenthal, Uri - 0553 - MITLL
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Jones
- [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Zundel, Brent
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Stephen Farrell
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Ilari Liusvaara
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Scott Fluhrer (sfluhrer)
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran