Re: [COSE] draft-jones-cose-rsa
Mike Jones <Michael.Jones@microsoft.com> Fri, 10 March 2017 06:20 UTC
Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8EBEA12940B for <cose@ietfa.amsl.com>; Thu, 9 Mar 2017 22:20:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Me5mTq7efqAL for <cose@ietfa.amsl.com>; Thu, 9 Mar 2017 22:20:11 -0800 (PST)
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (mail-bl2nam02on0120.outbound.protection.outlook.com [104.47.38.120]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6584A127A90 for <cose@ietf.org>; Thu, 9 Mar 2017 22:20:11 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=St13N/Jf1fmiUZ1wo8I3/W58FHYVmqtdxyXDS73+WGI=; b=ZyFPn9BGGd07macSCIBgewaMlmtKUxCZZASeJq3HobCSzxjuYxgeYjQghkdHcf1BIljKk8YbiudWbqpHQO49WLvGK/wxogCfaaa3QICkWobbLqYl30gcsccgmITX9so+Z3OZAHxiKu5aHegG0aMHGHf4HTm6eWBuhwp/z5dM7gU=
Received: from CY4PR21MB0504.namprd21.prod.outlook.com (10.172.122.14) by CY4PR21MB0501.namprd21.prod.outlook.com (10.172.122.11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.947.0; Fri, 10 Mar 2017 06:20:09 +0000
Received: from CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) by CY4PR21MB0504.namprd21.prod.outlook.com ([10.172.122.14]) with mapi id 15.01.0947.007; Fri, 10 Mar 2017 06:20:09 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: draft-jones-cose-rsa
Thread-Index: AdJt8A6WCR6ocoRXTl2j84aobKNTqQAOYB4ACs3QYgA=
Date: Fri, 10 Mar 2017 06:20:09 +0000
Message-ID: <CY4PR21MB0504AFDE373BDF1C9F3DD09CF5200@CY4PR21MB0504.namprd21.prod.outlook.com>
References: <BN3PR03MB235550B5FC35228818245197F5780@BN3PR03MB2355.namprd03.prod.outlook.com> <047c01d26e29$90adf600$b209e200$@augustcellars.com>
In-Reply-To: <047c01d26e29$90adf600$b209e200$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: augustcellars.com; dkim=none (message not signed) header.d=none;augustcellars.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.93.167]
x-ms-office365-filtering-correlation-id: 52dfa398-a1da-4975-6624-08d4677d80c7
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(22001)(48565401081); SRVR:CY4PR21MB0501;
x-microsoft-exchange-diagnostics: 1; CY4PR21MB0501; 7:uv8xjjWVy4oTFRyyvcnspWRN+dxJN39x1jtY3qc2WjIZcUltrmWQQ4i050rWdw2KOdukm8+S32qwX1NDaoVzUy4KWt44ywLtaYIkIP7Y1gNc7w1L3aBmY6pA3/lEk6clr8O51Q6TNa40ejdqRDE1/xrVXzjLqQgw2QGefKUgHjvDd6DWcuxGz4Jdw31x/Qfr/7NYR71nypCBKB4UxCOK8nd7fwmdnBfoSBokZCXHcG5RKwx0NdT/ldOnM2dyZCTh0YH3zxg9iUL2zrl+fgBVrFQ/+SJNCC1b7cqDx6al6wR9nWmHjq1ZoDPFfhM7/472kombhlSrmPaAABadCMsxTlCkYudVuT9bCIsYLBzBNCI=
x-microsoft-antispam-prvs: <CY4PR21MB05018D6E8BF5165C460D0CD2F5200@CY4PR21MB0501.namprd21.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040375)(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026)(61426038)(61427038)(6041248)(20161123558025)(20161123564025)(20161123560025)(20161123555025)(20161123562025)(6072148); SRVR:CY4PR21MB0501; BCL:0; PCL:0; RULEID:; SRVR:CY4PR21MB0501;
x-forefront-prvs: 02426D11FE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(39840400002)(39850400002)(39410400002)(39450400003)(43784003)(377454003)(13464003)(8990500004)(5005710100001)(6246003)(55016002)(53546006)(229853002)(76176999)(86612001)(8936002)(38730400002)(236005)(77096006)(6506006)(25786008)(33656002)(2900100001)(790700001)(66066001)(6116002)(19609705001)(50986999)(2950100002)(3846002)(189998001)(122556002)(102836003)(2501003)(99286003)(81166006)(4326008)(3280700002)(9686003)(8676002)(74316002)(7736002)(230783001)(53936002)(54356999)(86362001)(2906002)(6306002)(54896002)(5660300001)(10290500002)(6436002)(7696004)(3660700001); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR21MB0501; H:CY4PR21MB0504.namprd21.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_CY4PR21MB0504AFDE373BDF1C9F3DD09CF5200CY4PR21MB0504namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Mar 2017 06:20:09.3635 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR21MB0501
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/pCTMieivJmkkcTeqT_MoU44sW0c>
Cc: "draft-jones-cose-rsa@tools.ietf.org" <draft-jones-cose-rsa@tools.ietf.org>
Subject: Re: [COSE] draft-jones-cose-rsa
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2017 06:20:13 -0000
Draft -02 incorporates the issue resolutions discussed below. Thanks again for taking the time to do a thorough review, Jim. Replies describing specific resolutions applied follow inline.
-- Mike
From: Jim Schaad [mailto:ietf@augustcellars.com]
Sent: Friday, January 13, 2017 9:47 PM
To: Mike Jones <Michael.Jones@microsoft.com>; cose@ietf.org
Cc: draft-jones-cose-rsa@tools.ietf.org
Subject: RE: draft-jones-cose-rsa
From: Mike Jones [mailto:Michael.Jones@microsoft.com]
Sent: Friday, January 13, 2017 2:55 PM
To: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; cose@ietf.org<mailto:cose@ietf.org>
Cc: draft-jones-cose-rsa@tools.ietf.org<mailto:draft-jones-cose-rsa@tools.ietf.org>
Subject: RE: draft-jones-cose-rsa
Thanks for taking the time to write this up, Jim. Responses are inline below.
-----Original Message-----
From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad
Sent: Sunday, January 01, 2017 3:34 PM
To: draft-jones-cose-rsa@tools.ietf.org<mailto:draft-jones-cose-rsa@tools.ietf.org>
Cc: jose@ietf.org<mailto:jose@ietf.org>
Subject: [jose] draft-jones-cose-rsa
Comments:
0. Should this be done in curdle rather than as AD sponsored?
I had requested AD sponsorship because of how simple the draft is. It registers a few numbers in registries being created by the COSE Messages draft and defines the layout of RSA keys (in a way that's completely parallel to the JOSE layout, but using CBOR rather than JSON). It uses no new algorithms. It didn't seem to rise to the occasion of needing a working group - especially when there remain COSE WG members such as Jim willing to take the time to give constructive feedback.
[JLS] Getting people to from this old WG list can still be done even if it is done in a different working group. That is what the idea of cross posting is all about. Both individuals who have made substantive comments are on both mailing lists anyway so doing in a different group does not close out either of them. The amount of time a draft takes to finish depends as much on you as a chair for most steps. It is possible that the Curdle group would not want the draft, but asking is still reasonable.
[mbj] I seem to be getting useful feedback by posting the COSE list, as Kathleen had suggested.
1. As per previous mail, remove values assignments in tables 1, 2, and 3 unless you have cleared them with the appropriate registry experts. I am less worried about table 4 but you should clear that as well.
I looked for the designated experts to consult with but the IANA COSE registries don't seem to have been created yet, nor have the experts been publicly named. Once they are, I will certainly consult with them. I don't plan to remove the values since having proposed assignments is more useful to implementers than having none.
[JLS] For interop testing - that is what the private values are for.
[mbj] I have left the proposed values in place, pending discussions with the designated experts, once they are announced.
2. Kill RSAES-OAP w/ SHA-1. We are not doing SHA-1 currently with any of the CBOR algorithms. In section 3.1.1.1 - what are the properties that are needed here for SHA-1 so we can ensure that the statement is true. Also, rename this to be s/ SHA-1 not w/ Default. There are no defaults for COSE.
RSAES-OAEP with the default parameters defined in Section A.2.1 of RFC 3447 is included for the same reason that it is in RFC 7518 - because it's the mostly widely implemented set of OAEP parameter choices, facilitating interoperation of implementations. Particularly given that RSAES-PKCS1-v1_5 is not included, RSA interop considerations lead to the decision to retain this algorithm.
In the next revision, I will be clear that the defaults come from RFC 3447.
[JLS] There is absolutely no reason to even say that default values exist here. COSE does not have the concept of defaults. Not having SHA-1 does not seem to be a problem for PSS, why would it be a problem here?
[mbj] As promised, I am now even clearer that they are RFC 3447-specified defaults. The JOSE implementation experience with RSA-OAEP-SHA256 is that it's not available on many development platforms, whereas RSA-OAEP is. Enabling implementers to use the defaults has interop benefits for COSE, just like it did for JOSE.
3. Text in 3.1.1.1 and 2.1.1 should be more consistent in how it is written.
Suggestions for specific textual additions and/or changes would be helpful here.
[mbj] I have completely reworked and consolidated the Security Considerations in ways intended to address this feedback.
4. in the abstract be more specific about which RSA algorithms are being supported. For example, you are not doing 1.5 or KEM.
OK - will do
[mbj] Done
5. Why does 3.1.1.1 have a size and 2.1.1 not have one. This should be consistent.
I agree with this suggestion. I'll make sure that the minimum size applies to all uses of RSA algorithms.
[mbj] Addressed as part of restructuring the security considerations.
6. section 3.1.1.1 should be encryption operation not decryption operation.
OK
[mbj] It now says "cryptographic operation", because the guidance now applies to signatures as well as encryption.
7. Section 3.1.1.1 - this text does not make sense "One potential denial of service
operation is to provide encrypted objects using either abnormally
long or oddly sized RSA modulus values." Should probably refer to keys
not encrypted objects.
OK
[mbj] Done (in reworked text)
8. There is a requirement of minimum encoding lengths - what purpose does this serve? Is there a security problem here or is it just a nice to have because of message size?
This is there for the same reason that it is present for JWKs - to facilitate interoperation of implementations by having a standard representation for each key, rather enabling a multiplicity of different representations to be used - which could cause interop problems.
[JLS] Not sold.
[mbj] Having a standard representation also reduces the variance in data formats that implementations have to parse, potentially improving interop. Also, having a canonical representation has proven useful for JOSE. I will likely prove useful for COSE for the same reasons.
9. Missing some security considerations.
Specific suggested text would be appreciated, as always.
[mbj] What would you like to see added?
10 Section 2.1.1 s/hash functions are not truncated/hash function outputs are not truncated/
Agreed
[mbj] Done
Thanks again,
-- Mike
- [COSE] FW: [jose] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Justin Richer
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Kathleen Moriarty
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] draft-jones-cose-rsa Mike Jones