Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Jim Schaad <ietf@augustcellars.com> Tue, 12 June 2018 16:31 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose-reg-review@ietfa.amsl.com
Delivered-To: jose-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41A21130E31 for <jose-reg-review@ietfa.amsl.com>; Tue, 12 Jun 2018 09:31:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.889
X-Spam-Level:
X-Spam-Status: No, score=-1.889 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ayx28AfXSiIU for <jose-reg-review@ietfa.amsl.com>; Tue, 12 Jun 2018 09:31:17 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CB8BB12D949 for <jose-reg-review@ietf.org>; Tue, 12 Jun 2018 09:31:16 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Tue, 12 Jun 2018 09:28:16 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: <rolf@noknok.com>, <jose-reg-review@ietf.org>
CC: <jca@zurich.ibm.com>, <mbj@microsoft.com>, "'Hodges, Jeff'" <jeff.hodges@paypal.com>
References: <0ab801d3f9ce$40d7cca0$c28765e0$@noknok.com> <00b601d3f9e6$a3928840$eab798c0$@augustcellars.com> <0b9501d3f9f1$d8aa7280$89ff5780$@noknok.com>
In-Reply-To: <0b9501d3f9f1$d8aa7280$89ff5780$@noknok.com>
Date: Tue, 12 Jun 2018 09:31:08 -0700
Message-ID: <044001d4026a$c64de690$52e9b3b0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0441_01D40230.19F02000"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQGeHCvjivkU/KJfI12hng9o59W1hwHTHdwiAVBOYimkr4BakA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose-reg-review/DHnmCuWFqP6HGVwsijfmK8nQZbQ>
Subject: Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance
X-BeenThere: jose-reg-review@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "The JSON Web Algorithm standard \(RFC 7518\) establishes this email list for designated experts to discuss proposed changes, additions, and removals to the set of algorithms in the JSON Object Signing and Encryption \(JOSE\) registry, http://www.iana.org/assignments/jose." <jose-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose-reg-review/>
List-Post: <mailto:jose-reg-review@ietf.org>
List-Help: <mailto:jose-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jun 2018 16:31:24 -0000

Sorry about the delay, I got pulled into some other work and forgot that I
had not sent a message.

 

One of the things that I would like to see would be the definition of a key
structure as well.  I don't believe that you can use any of the current ones
based on how things work.  Think about people who would use this algorithm
in other protocols and need to transfer the root of trust as well.

 

I would like to verify that there is a requirement that the key size and
hash size are combined together as a fixed pair and not uncoupled as done
with the ECDSA algorithms where any sized key structure can be used with a
specific hash and applications can be further restrictions as necessary.  If
this is not the case, should the key set be made explicit rather than
implicit in the algorithm name?

 

 

 

From: Rolf Lindemann <rlindemann@noknok.com>; 
Sent: Friday, June 1, 2018 2:45 PM
To: 'Jim Schaad' <ietf@augustcellars.com>;; rolf@noknok.com;
jose-reg-review@ietf.org
Cc: jca@zurich.ibm.com; mbj@microsoft.com; 'Hodges, Jeff'
<jeff.hodges@paypal.com>;
Subject: AW: [Jose-reg-review] Request to register JOSE algorithms for the
FIDO Alliance

 

Please see https://eprint.iacr.org/2015/1246 for that.

 

That is the reference included in the IANA considerations section of the
document (see
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#iana-considerations>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#iana-considerations)

 

Von: Jim Schaad [mailto:ietf@augustcellars.com] 
Gesendet: Freitag, 1. Juni 2018 22:25
An: rolf@noknok.com <mailto:rolf@noknok.com> ; jose-reg-review@ietf.org
<mailto:jose-reg-review@ietf.org> 
Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com
<mailto:mbj@microsoft.com> ; 'Hodges, Jeff'
Betreff: RE: [Jose-reg-review] Request to register JOSE algorithms for the
FIDO Alliance

 

Are there any crypto analysis papers that I can peruse in case I am
interested?

 

From: Jose-reg-review <jose-reg-review-bounces@ietf.org
<mailto:jose-reg-review-bounces@ietf.org> > On Behalf Of Rolf Lindemann
Sent: Friday, June 1, 2018 10:31 AM
To: jose-reg-review@ietf.org <mailto:jose-reg-review@ietf.org> 
Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com
<mailto:mbj@microsoft.com> ; 'Hodges, Jeff' <jeff.hodges@paypal.com
<mailto:jeff.hodges@paypal.com> >
Subject: [Jose-reg-review] Request to register JOSE algorithms for the FIDO
Alliance

 

Hi,

 

The FIDO Alliance would like to register the following algorithms in the
IANA "JSON Web Signature and Encryption Algorithms" registry:

1. "ED256", see
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#iana-considerations>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#iana-considerations

2. "ED512", see
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#iana-considerations>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#iana-considerations

3. "ED638", see
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#iana-considerations>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#iana-considerations

4. "ED256-2", 

    - Name "ED256-2"

    - Algorithm Description: ECDAA algorithm based on ECC_BN_DSD_P256 (
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#bib-DevScoDah2007>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#bib-DevScoDah2007) curve using SHA256 algorithm.

    - Algorithm Usage Locations: "alg", i.e. used with JWS.

    - JOSE Implementation Requirements: optional

    - Change Controller: FIDO Alliance,  <https://fidoalliance.org/contact/>
https://fidoalliance.org/contact/ 

    - Sections 3. FIDO ECDAA Attestation (
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#fido-ecdaa-attestation>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#fido-ecdaa-attestation) and 4. FIDO ECDAA Object Formats
and Algorithm Details (
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#fido-ecdaa-object-formats-and-algorithm-details>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#fido-ecdaa-object-formats-and-algorithm-details) of
[FIDOEcdaaAlgorithm].

    - Algorithm Analysis Document(s):
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#bib-FIDO-DAA-Security-Proof>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#bib-FIDO-DAA-Security-Proof 

("ED256-2" should have also been in the IANA Considerations section but
isn't due to a clerical error.)

 

These names are related to cryptographic algorithms for Direct Anonymous
Attestation.  The relevant details are described in
<https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v
2.0-id-20180227.html#iana-considerations>
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2
.0-id-20180227.html#iana-considerations. 

The algorithms were developed by Jan Camenisch of IBM (cc'ed) - a
cryptographic expert.  They are in production use in FIDO deployments.

 

Kind regards,

     Rolf Lindemann