[COSE] Harmonizing COSE/JOSE algorithms
Anders Rundgren <anders.rundgren.net@gmail.com> Thu, 27 May 2021 13:56 UTC
Return-Path: <anders.rundgren.net@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A3A83A0D19 for <cose@ietfa.amsl.com>; Thu, 27 May 2021 06:56:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2wrvYQtoGD-w for <cose@ietfa.amsl.com>; Thu, 27 May 2021 06:56:18 -0700 (PDT)
Received: from mail-wm1-x330.google.com (mail-wm1-x330.google.com [IPv6:2a00:1450:4864:20::330]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E69003A0D18 for <cose@ietf.org>; Thu, 27 May 2021 06:56:17 -0700 (PDT)
Received: by mail-wm1-x330.google.com with SMTP id z130so271920wmg.2 for <cose@ietf.org>; Thu, 27 May 2021 06:56:17 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=from:subject:to:message-id:date:user-agent:mime-version :content-transfer-encoding:content-language; bh=cWTVuS7YIcWk9pjKhS/SgMJgy5MeLwaFSiDpNMgnWR0=; b=DXLR7eRp7WlHWjKyKMVU5VHoYCVMqegpmlXqOtz4q7LT3v5crm/fDr67W6Ygh4M2Jc tnX8OEzhXc1FaBjHww59fu157URsdA0dINAcWEMc/OWIX8HMPQiAZYrZ+Qxx636Pcbiy Ymgo+CphFdPrzlNuzlMKWFu1iut7l0CWqoOcHRkxFY9ecGimC+kICu0E3PEc8peCu98Z wdyOY+WJ4ICgmPxCcBgrQPSkiQaCf4z7VtsikyN6k0kS6Zjv/gbmj7CZS9/aks8aL+/t xOWwBDK3dz2EwW9ykqEfWyVd+QCZdPl9PsBHKpIWVeP2viPXzRFziwxgYXin0GZ6b2U5 knEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:subject:to:message-id:date:user-agent :mime-version:content-transfer-encoding:content-language; bh=cWTVuS7YIcWk9pjKhS/SgMJgy5MeLwaFSiDpNMgnWR0=; b=KsJO13dFXRE/FYvVE/V2MwNI0n+QW5piAciJzBb6OfPghmdKGnNFkr34kxY1NAJR83 e7q0ECccpr2IbOSIPx8nS/M8jrGmtL3j75bNpUbPPClTZ3AHmmbs/nSdVq8zVCmKaSDU qQmv1/jTnCpRHWwhEVZNqL2T3mpAAkdvgoj2JZZ4tdKaIZ/Ey1LxRV2qkVMrHY05o+Nl VCeoJ8akOzH5tV+GfnrmT++wEovuqJlBSS+bsqbMd9Z1YLWpcVqf6M67RsmQghpNYX3s trnF9TNLzmIU3sMTSaaaMyzIEVwllXJwrX1wKbWEIrueQOSX2V0d0xt9fNhc57XS97WU FCkw==
X-Gm-Message-State: AOAM531hf0zYjE8PLrynbKPJ/G46crLLpbGt8+CmS2fdb95zfiyvkdNy 47DZHzywDIUM/MyAfm4kD3Xw/viX1ao=
X-Google-Smtp-Source: ABdhPJxiSISlwQ9RQU+oAl1idwxG1Y+1Bc2Vctl7VFHbA/8ltPZCOhOsJqSYuDWlHDyWGULeCyCQpQ==
X-Received: by 2002:a1c:1bd8:: with SMTP id b207mr1198145wmb.80.1622123774890; Thu, 27 May 2021 06:56:14 -0700 (PDT)
Received: from [192.168.1.67] (25.131.146.77.rev.sfr.net. [77.146.131.25]) by smtp.googlemail.com with ESMTPSA id f20sm3679451wmh.41.2021.05.27.06.56.13 for <cose@ietf.org> (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Thu, 27 May 2021 06:56:14 -0700 (PDT)
From: Anders Rundgren <anders.rundgren.net@gmail.com>
To: cose@ietf.org
Message-ID: <6d3aabc7-9760-3ee3-6cce-dbdf591e82dd@gmail.com>
Date: Thu, 27 May 2021 15:56:11 +0200
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:78.0) Gecko/20100101 Thunderbird/78.10.2
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/n4Iz-y4A6BqTAoV0QIRJIUMTdZI>
Subject: [COSE] Harmonizing COSE/JOSE algorithms
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 27 May 2021 13:56:20 -0000
Hi List, I'm currently working with a project using both JOSE and COSE crypto. It is was a bit surprising finding that they do not only use different structures, but different algorithms as well. The RFC made me even more confused since it on https://datatracker.ietf.org/doc/html/rfc8152#section-12.5.1 talks about a "Concat KDF" which is not mentioned anywhere else : +-----------+-------+---------+------------+--------+---------------+ | Name | Value | KDF | Ephemeral- | Key | Description | | | | | Static | Wrap | | +-----------+-------+---------+------------+--------+---------------+ | ECDH-ES + | -29 | HKDF - | yes | A128KW | ECDH ES w/ | | A128KW | | SHA-256 | | | Concat KDF | | | | | | | and AES Key | | | | | | | Wrap w/ | | | | | | | 128-bit key | That is, " ECDH-ES+A128KW" is not identical to the JOSE algorithm with the same name. The COSE version does NOT use the Concat KDF, right? Why is it mentioned? Looking at Jim's COSE sample code makes it more clear, he names it ECDH_ES_HKDF_256_AES_KW_128(-29, 0, 0) https://github.com/cose-wg/COSE-JAVA/blob/master/src/main/java/COSE/AlgorithmID.java#L52: which seems more logical. Question: would it be worthwhile to in some way address this in https://datatracker.ietf.org/doc/draft-ietf-cose-rfc8152bis-algs/ ? For my own project I intend to let JOSE/COSE use the same and thus extended set of algorithms. Would it be possible upgrading the IANA registries or will I have to use proprietary identifiers? Thanx, Anders
- [COSE] Harmonizing COSE/JOSE algorithms Anders Rundgren