[COSE] Issue #37 - Use the JOSE key_ops terms
"Jim Schaad" <ietf@augustcellars.com> Sat, 07 November 2015 06:27 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3F5DD1A049A for <cose@ietfa.amsl.com>; Fri, 6 Nov 2015 22:27:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4dk5AO1kk8XA for <cose@ietfa.amsl.com>; Fri, 6 Nov 2015 22:27:37 -0800 (PST)
Received: from smtp3.pacifier.net (smtp3.pacifier.net [64.255.237.177]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7A371A0393 for <cose@ietf.org>; Fri, 6 Nov 2015 22:27:37 -0800 (PST)
Received: from hebrews (unknown [210.160.37.27]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp3.pacifier.net (Postfix) with ESMTPSA id BFEBC38EF0 for <cose@ietf.org>; Fri, 6 Nov 2015 22:27:36 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: cose@ietf.org
Date: Sat, 07 Nov 2015 15:24:51 +0900
Message-ID: <047b01d11925$0444d800$0cce8800$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdEZHgG5HAXCBmEuRzaei5RysxNH0A==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/cose/rgGSTk3VbQTnHzYGu5e_uFG-QaI>
Subject: [COSE] Issue #37 - Use the JOSE key_ops terms
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 Nov 2015 06:27:39 -0000
The key_ops were added for the use by WebCrypto group, it is not clear that they did a good job in defining them. Some question that I would like responses to are: 1. I there ever a case when one would do derive_bits but not do derive_key, and vice versa. 2. If one is using a polyfill in the WebCrypto group in order to have a non-suported key, one needs to have the derive_bits option set. However, this would most likely not be set if one thinks it is going to only be used for deriving keys. Should this be an options which is not support? Derive key can only be used to generate keys that are supported in native code but not for new polyfill algorithms. 3. Not clear that this is a place where size is an issue. It would mostly be an issue if there is a statement that key_ops should be placed in the ephemeral key structure. I would note that it is not clear that it is legal in WebCrypto to have key_ops on a public key. Do people believe that we should make a statement about providing a key_ops or ephemeral keys? 4. Do people believe that we should worry about the size of keys in other locations. Specifically, key_ops is currently an array but potentially could be an array or a single entry. Is this something that needs to be done? Jim