IETF Logo Mail Archive

Re: [COSE] [jose] Call for Adoption: draft-jones-jose-fully-specified-algorithms

Manu Sporny <msporny@digitalbazaar.com> Mon, 08 January 2024 14:33 UTC

Return-Path: <msporny@digitalbazaar.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 98628C14F73F for <cose@ietfa.amsl.com>; Mon, 8 Jan 2024 06:33:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digitalbazaar.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bT2Vk16Dai2a for <cose@ietfa.amsl.com>; Mon, 8 Jan 2024 06:33:41 -0800 (PST)
Received: from mail-vs1-xe2e.google.com (mail-vs1-xe2e.google.com [IPv6:2607:f8b0:4864:20::e2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A5590C14F5E7 for <cose@ietf.org>; Mon, 8 Jan 2024 06:33:41 -0800 (PST)
Received: by mail-vs1-xe2e.google.com with SMTP id ada2fe7eead31-4678161e4cfso395141137.3 for <cose@ietf.org>; Mon, 08 Jan 2024 06:33:41 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digitalbazaar.com; s=google; t=1704724420; x=1705329220; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=MSsFWSzOhE78I5N7UU7/xmgoWewkgCpXqbSXhlf0cIw=; b=Jq0g5lyjZw3QMH2O9IIhZmYW/ZirohzjusndePSqMnQ0vXhzI65q0gJmC5M2SANekP UWKxoNz41YYpdnSRpKCaCCmVPPXhNRsMIrGudxfuHQxMpSQHcQ+RnMcKoLKS9t7+J7nL VwkpG8nePs6IbS5rEx1m3K+2XgqjeX/mlIeApb4FvA86nz29ok9sPXUfuK5O5TQS8FM0 M4s1PCR2TizUVZuY3Sr5nFK3i9nJ24nS+vQL4w5C2IUiuFFry4JqeHSV+dzwCr4JP3YF qKilkZ/uz7qVB4haWaswaL4I1sIbtkIoD8EAD1LR3RjGDrI0XgdSJVfdj+CFiIKMASZo jWzw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704724420; x=1705329220; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=MSsFWSzOhE78I5N7UU7/xmgoWewkgCpXqbSXhlf0cIw=; b=DXcGsAw5Rp2xst2AeAqMWcth3xV4hDZ7iGldgmyh5bXWNSSSNpgvxGO0KXNdJ0vCZS KOhfsfA2k0f/brWaKXQAAuBmylOfZgkbmekqPc+zFx3xNl9KiX4786WEECuNCap+DLEu EqhENFxcHEbjVg5cDZV/GsKb+rdTQ3Rv/gKGwNjfVA3pXKEjU13fnLcviaSqF4zsgjGy IdZKXdPGF78EV+3ww5AiXwuiIeRl6tgvJcg5n8Vf9Grx9UrmCJHxsHr3maZDekUd3rCf j27yP7OjainOdzcKQua21GdfhcMfGoFQTkzbuviR0bs1ROEAKBUUzldLXnww+qO2ZYup YOwg==
X-Gm-Message-State: AOJu0YxB8UhWy5aSOFDGg9UnWoGk+BdjsVFsECNbVUn/TR+i4ksi9k9K xUGfHcq7X0MTIlIxKrnBw5/RKKwVrOjdrAHp0+sWHJfFLk+CAQ==
X-Google-Smtp-Source: AGHT+IGyy5mfJ1V9kBZGzvUwFWbZUlHKnvHgVSa8tvm1SGoeeOd1fub8JzKGd8jd86/fJfignuNmLJnKTr0R/qghBZg=
X-Received: by 2002:a05:6122:45a4:b0:4b6:e71d:362d with SMTP id de36-20020a05612245a400b004b6e71d362dmr1350559vkb.18.1704724420248; Mon, 08 Jan 2024 06:33:40 -0800 (PST)
MIME-Version: 1.0
References: <CAN8C-_+jskd04A+owwf=P7xKwDDdmB2qOf37o+teDfx8TVzZHQ@mail.gmail.com> <EF57B98F-FE41-488B-B85E-7F9585790B93@gmail.com>
In-Reply-To: <EF57B98F-FE41-488B-B85E-7F9585790B93@gmail.com>
From: Manu Sporny <msporny@digitalbazaar.com>
Date: Mon, 08 Jan 2024 09:33:03 -0500
Message-ID: <CAMBN2CRJ5o6AMgPY+pxtOD3a=SG2dG3-AJZ7oz7xo1i-otd3wg@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: Orie Steele <orie@transmute.industries>, Karen ODonoghue <kodonog@pobox.com>, jose@ietf.org, cose <cose@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/u11aHySPlcKkexhG8lnZEDK2PFw>
Subject: Re: [COSE] [jose] Call for Adoption: draft-jones-jose-fully-specified-algorithms
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jan 2024 14:33:45 -0000

On Mon, Jan 8, 2024 at 4:19 AM Neil Madden <neil.e.madden@gmail.com> wrote:
> It’s pretty clear that we’re just talking past each other now. I’ve made the points I wanted to make. I don’t think you have addressed any of them, so I still don’t support adoption of this draft.

I found Neil's concerns compelling.

For better or worse, JOSE uses "polymorphic" algorithm identifiers and
that's the way things have worked for a long time. The Working Group
was warned that this was not a good idea at the time, but rough
consensus landed in the "polymorphic" camp and that's what the
ecosystem does today.

Adding more options to support both "polymorphic" and "fully
specified" approaches creates additional complexity that will lead to
interoperability failures. Don't complicate the ecosystem more than it
already is.

I do not support the adoption of this draft for the reasons Neil
mentioned as well as the reasons stated above.

-- manu

-- 
Manu Sporny - https://www.linkedin.com/in/manusporny/
Founder/CEO - Digital Bazaar, Inc.
https://www.digitalbazaar.com/

v2.23.0 | Report a Bug | By Email