Re: [COSE] FW: [jose] draft-jones-cose-rsa
Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Mon, 09 January 2017 19:49 UTC
Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A87241294F0 for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:49:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rK0P5DApbAbn for <cose@ietfa.amsl.com>; Mon, 9 Jan 2017 11:49:53 -0800 (PST)
Received: from mail-qk0-x229.google.com (mail-qk0-x229.google.com [IPv6:2607:f8b0:400d:c09::229]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 79AAD129551 for <cose@ietf.org>; Mon, 9 Jan 2017 11:49:53 -0800 (PST)
Received: by mail-qk0-x229.google.com with SMTP id s140so129377601qke.0 for <cose@ietf.org>; Mon, 09 Jan 2017 11:49:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4dqOm+gPIdnizbYD2ZD9mj6LICMRcWSK5oqGB3EScwQ=; b=ZoGL3oRxdl2KiZD4dM/yt7BHw+2SgRaj2aV/MP5m1becdHm0nVzvfr1M5W3zroII6B npy6pXvA7Z0wxQ1JVobjIuMfGR7kOHjMrQlIlSzUvtZruOS9JJK3bt0n/iX7JgeXuDZH uewVzYsg9+6802lEdCMScXGrON+HBITta4iH2CptPjPU/k7LmirAwVUfjTajXBiBu5Ff mA2ydmqSlCym/wSFcXAm0U91ldMhAYlqH+KCdzaEUqfupUo0ufkRlZ8C4mT5sb4NOh/e ncCWw6KfQnT+PpoHJTC6e/81cdoqAoZFAFP6aSbHOZn/T4ekwaunk0/k12XuytUPwBbg iLDw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4dqOm+gPIdnizbYD2ZD9mj6LICMRcWSK5oqGB3EScwQ=; b=IRewZOjvPYZnJ8zb7T+5r8eJGj69PfrRRCJMRMH9nId3RXj6gldpHgh9hwodkS0IgU MBuPSCUR77NiNbR8wcRlfkbdtC9sDte2YZcR8WofmhGlFpwytL5iY8ndm+idRZL1LL3w J3U4B8r49XYPg7ZEZjnA20ucKRfA3QJL3Zl4GjC+lQo8VNH3kE4a4PzDoYUtPECfqspu VNAVy3XKVOyRMLSlDj+rEgcDVZJYY0WnxPOjgEYipza9jGm9R4vrxNiLjG/YmaGbqaaQ sgYlKq/r0liv6MNo7q/2C/BYPHnItw08yztjuIBcnejhTJX7iMe7C+51vpukhgV9bifi weDQ==
X-Gm-Message-State: AIkVDXLiudcqOMqNtyed1GBC1qKU0dgQhX/jnRq8B8yBXUPgfrGhNhKN4HZ0ArDwQ4POan++sgLDpec0w2RKMA==
X-Received: by 10.55.9.15 with SMTP id 15mr88210873qkj.118.1483991392627; Mon, 09 Jan 2017 11:49:52 -0800 (PST)
MIME-Version: 1.0
Received: by 10.12.161.101 with HTTP; Mon, 9 Jan 2017 11:49:52 -0800 (PST)
In-Reply-To: <fc7d6964-7f85-5abd-7675-e7f01f9551ba@mit.edu>
References: <012d01d26487$8fb4d080$af1e7180$@augustcellars.com> <009a01d26a3f$7ccc1880$76644980$@augustcellars.com> <fc7d6964-7f85-5abd-7675-e7f01f9551ba@mit.edu>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
Date: Mon, 09 Jan 2017 14:49:52 -0500
Message-ID: <CAHbuEH6UB-Ww=5sGzhJgbEqQtnpQ_y7dvYtgsn=Rrp-+1dooGA@mail.gmail.com>
To: Justin Richer <jricher@mit.edu>
Content-Type: multipart/alternative; boundary="001a114c8472ceb1470545aeab1e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/sp5GLaD02f06LY0ZywS2PfrsXDA>
Cc: Jim Schaad <ietf@augustcellars.com>, cose <cose@ietf.org>
Subject: Re: [COSE] FW: [jose] draft-jones-cose-rsa
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 Jan 2017 19:49:55 -0000
If the work can be done in a WG, that is preferred. On Mon, Jan 9, 2017 at 2:38 PM, Justin Richer <jricher@mit.edu> wrote: > +1 on the CURDLE question. > > -- Justin > > > > On 1/9/2017 1:13 AM, Jim Schaad wrote: > >> I just figure out that I sent this to the wrong list - maybe the names are >> too close together. >> >> -----Original Message----- >>> From: jose [mailto:jose-bounces@ietf.org] On Behalf Of Jim Schaad >>> Sent: Sunday, January 01, 2017 3:34 PM >>> To: draft-jones-cose-rsa@tools.ietf.org >>> Cc: jose@ietf.org >>> Subject: [jose] draft-jones-cose-rsa >>> >>> Comments: >>> >>> 0. Should this be done in curdle rather than as AD sponsored? >>> >>> 1. As per previous mail, remove values assignments in tables 1, 2, and 3 >>> >> unless >> >>> you have cleared them with the appropriate registry experts. I am less >>> >> worried >> >>> about table 4 but you should clear that as well. >>> >>> 2. Kill RSAES-OAP w/ SHA-1. We are not doing SHA-1 currently with any >>> of >>> >> the >> >>> CBOR algorithms. In section 3.1.1.1 - what are the properties that are >>> >> needed >> >>> here for SHA-1 so we can ensure that the statement is true. Also, rename >>> >> this to >> >>> be s/ SHA-1 not w/ Default. There are no defaults for COSE. >>> >>> 3. Text in 3.1.1.1 and 2.1.1 should be more consistent in how it is >>> >> written. >> >>> 4. in the abstract be more specific about which RSA algorithms are being >>> supported. For example, you are not doing 1.5 or KEM. >>> >>> 5. Why does 3.1.1.1 have a size and 2.1.1 not have one. This should be >>> consistent. >>> >>> 6. section 3.1.1.1 should be encryption operation not decryption >>> >> operation. >> >>> 7. Section 3.1.1.1 - this text does not make sense "One potential denial >>> >> of >> >>> service >>> operation is to provide encrypted objects using either abnormally >>> long or oddly sized RSA modulus values." Should probably refer to >>> >> keys >> >>> not encrypted objects. >>> >>> 8. There is a requirement of minimum encoding lengths - what purpose >>> does >>> this serve? Is there a security problem here or is it just a nice to >>> have >>> >> because of >> >>> message size? >>> >>> 9. Missing some security considerations. >>> >>> 10 Section 2.1.1 s/hash functions are not truncated/hash function outputs >>> >> are >> >>> not truncated/ >>> >>> >>> >>> >>> _______________________________________________ >>> jose mailing list >>> jose@ietf.org >>> https://www.ietf.org/mailman/listinfo/jose >>> >> _______________________________________________ >> COSE mailing list >> COSE@ietf.org >> https://www.ietf.org/mailman/listinfo/cose >> > > _______________________________________________ > COSE mailing list > COSE@ietf.org > https://www.ietf.org/mailman/listinfo/cose > -- Best regards, Kathleen
- [COSE] FW: [jose] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Justin Richer
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Kathleen Moriarty
- Re: [COSE] FW: [jose] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Mike Jones
- Re: [COSE] draft-jones-cose-rsa Jim Schaad
- Re: [COSE] draft-jones-cose-rsa Mike Jones