Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance
Jim Schaad <ietf@augustcellars.com> Fri, 29 June 2018 19:08 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose-reg-review@ietfa.amsl.com
Delivered-To: jose-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 42DF4130E85 for <jose-reg-review@ietfa.amsl.com>; Fri, 29 Jun 2018 12:08:22 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.89
X-Spam-Level:
X-Spam-Status: No, score=-1.89 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qIW2k2urjYpW for <jose-reg-review@ietfa.amsl.com>; Fri, 29 Jun 2018 12:08:16 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F253D130F33 for <jose-reg-review@ietf.org>; Fri, 29 Jun 2018 12:08:15 -0700 (PDT)
Received: from Jude (104.129.192.187) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Fri, 29 Jun 2018 12:04:05 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: 'Rolf Lindemann' <rlindemann@noknok.com>, rolf@noknok.com, jose-reg-review@ietf.org
CC: jca@zurich.ibm.com, mbj@microsoft.com, "'Hodges, Jeff'" <jeff.hodges@paypal.com>
References: <0ab801d3f9ce$40d7cca0$c28765e0$@noknok.com> <00b601d3f9e6$a3928840$eab798c0$@augustcellars.com> <0b9501d3f9f1$d8aa7280$89ff5780$@noknok.com> <044001d4026a$c64de690$52e9b3b0$@augustcellars.com> <00d501d40ec4$ba033be0$2e09b3a0$@noknok.com>
In-Reply-To: <00d501d40ec4$ba033be0$2e09b3a0$@noknok.com>
Date: Fri, 29 Jun 2018 12:06:38 -0700
Message-ID: <028501d40fdc$611e3b60$235ab220$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0286_01D40FA1.B4C11110"
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AQGeHCvjivkU/KJfI12hng9o59W1hwHTHdwiAVBOYikBl6c25AIbSxG2pKwk2UA=
X-Originating-IP: [104.129.192.187]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose-reg-review/Mzhdgouc9f2IO--_RmKfNsnlWZs>
Subject: Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance
X-BeenThere: jose-reg-review@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "The JSON Web Algorithm standard \(RFC 7518\) establishes this email list for designated experts to discuss proposed changes, additions, and removals to the set of algorithms in the JSON Object Signing and Encryption \(JOSE\) registry, http://www.iana.org/assignments/jose." <jose-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose-reg-review/>
List-Post: <mailto:jose-reg-review@ietf.org>
List-Help: <mailto:jose-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Jun 2018 19:08:23 -0000
From: Rolf Lindemann <rlindemann@noknok.com> Sent: Thursday, June 28, 2018 11:45 AM To: 'Jim Schaad' <ietf@augustcellars.com>; rolf@noknok.com; jose-reg-review@ietf.org Cc: jca@zurich.ibm.com; mbj@microsoft.com; 'Hodges, Jeff' <jeff.hodges@paypal.com> Subject: AW: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance Hi Jim, Regarding your first question: > One of the things that I would like to see would be the definition of a key structure as well. I guess you are referring to the structure of the public keys (only). Is that correct? In the referenced document (i.e. https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#object-encodings), we define algorithms to encode the keys (e.g. ECPoint2ToB, ECPointToB). The ECDAA issuer public keys consist of two values (typically denoted as X and Y) both of type ECPoint2 and hence would be serialized/encoded according to the definition of ECPoint2ToB. Is this what you are looking for? [JLS] I am looking for a JOSE key structure which would require defining a couple of things. While I realize that you don't need it, it might also be useful to have the private key fields defined as well for the purposes of doing things like writing test cases such I have at https://github.com/jimsch/Examples.git You might have a good case for not needing one, but I would like to here what it is in that case. Regarding your second question: > I would like to verify that there is a requirement that the key size and hash size are combined together as a fixed pair and not uncoupled as done with the ECDSA algorithms where any sized key structure can be used with a specific hash and applications can be further restrictions as necessary. If this is not the case, should the key set be made explicit rather than implicit in the algorithm name? Yes, hash algorithm and signature algorithm are paired. So we specify the following: a. ED256: FIDO ECDAA algorithm based on TPM_ECC_BN_P256 [TPMv2-Part4] curve using SHA256 hash algorithm. b. ED512: ECDAA algorithm based on ECC_BN_ISOP512 [ISO15946-5] curve using SHA512 algorithm. c. ED638: ECDAA algorithm based on TPM_ECC_BN_P638 [TPMv2-Part4] curve using SHA512 algorithm. d. ED256-2: ECDAA algorithm based on ECC_BN_DSD_P256 (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#bib-DevScoDah2007) curve using SHA256 algorithm. [JLS] Reading my last sentence, I see that I got my text backwards. Should the Curve be part of the name rather than implicit so that there would be no mistakes. The use of ED256-2 seems to be an odd name that does not necessarily provide good information. Jim Kind regards, Rolf Von: Jim Schaad [mailto:ietf@augustcellars.com] Gesendet: Dienstag, 12. Juni 2018 18:31 An: rolf@noknok.com <mailto:rolf@noknok.com> ; jose-reg-review@ietf.org <mailto:jose-reg-review@ietf.org> Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com <mailto:mbj@microsoft.com> ; 'Hodges, Jeff' Betreff: RE: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance Sorry about the delay, I got pulled into some other work and forgot that I had not sent a message. One of the things that I would like to see would be the definition of a key structure as well. I don't believe that you can use any of the current ones based on how things work. Think about people who would use this algorithm in other protocols and need to transfer the root of trust as well. I would like to verify that there is a requirement that the key size and hash size are combined together as a fixed pair and not uncoupled as done with the ECDSA algorithms where any sized key structure can be used with a specific hash and applications can be further restrictions as necessary. If this is not the case, should the key set be made explicit rather than implicit in the algorithm name? From: Rolf Lindemann <rlindemann@noknok.com <mailto:rlindemann@noknok.com> > Sent: Friday, June 1, 2018 2:45 PM To: 'Jim Schaad' <ietf@augustcellars.com <mailto:ietf@augustcellars.com> >; rolf@noknok.com <mailto:rolf@noknok.com> ; jose-reg-review@ietf.org <mailto:jose-reg-review@ietf.org> Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com <mailto:mbj@microsoft.com> ; 'Hodges, Jeff' <jeff.hodges@paypal.com <mailto:jeff.hodges@paypal.com> > Subject: AW: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance Please see https://eprint.iacr.org/2015/1246 for that. That is the reference included in the IANA considerations section of the document (see <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#iana-considerations> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#iana-considerations) Von: Jim Schaad [mailto:ietf@augustcellars.com] Gesendet: Freitag, 1. Juni 2018 22:25 An: rolf@noknok.com <mailto:rolf@noknok.com> ; jose-reg-review@ietf.org <mailto:jose-reg-review@ietf.org> Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com <mailto:mbj@microsoft.com> ; 'Hodges, Jeff' Betreff: RE: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance Are there any crypto analysis papers that I can peruse in case I am interested? From: Jose-reg-review <jose-reg-review-bounces@ietf.org <mailto:jose-reg-review-bounces@ietf.org> > On Behalf Of Rolf Lindemann Sent: Friday, June 1, 2018 10:31 AM To: jose-reg-review@ietf.org <mailto:jose-reg-review@ietf.org> Cc: jca@zurich.ibm.com <mailto:jca@zurich.ibm.com> ; mbj@microsoft.com <mailto:mbj@microsoft.com> ; 'Hodges, Jeff' <jeff.hodges@paypal.com <mailto:jeff.hodges@paypal.com> > Subject: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance Hi, The FIDO Alliance would like to register the following algorithms in the IANA "JSON Web Signature and Encryption Algorithms" registry: 1. "ED256", see <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#iana-considerations> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#iana-considerations 2. "ED512", see <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#iana-considerations> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#iana-considerations 3. "ED638", see <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#iana-considerations> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#iana-considerations 4. "ED256-2", - Name "ED256-2" - Algorithm Description: ECDAA algorithm based on ECC_BN_DSD_P256 ( <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#bib-DevScoDah2007> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#bib-DevScoDah2007) curve using SHA256 algorithm. - Algorithm Usage Locations: "alg", i.e. used with JWS. - JOSE Implementation Requirements: optional - Change Controller: FIDO Alliance, <https://fidoalliance.org/contact/> https://fidoalliance.org/contact/ - Sections 3. FIDO ECDAA Attestation ( <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#fido-ecdaa-attestation> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#fido-ecdaa-attestation) and 4. FIDO ECDAA Object Formats and Algorithm Details ( <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#fido-ecdaa-object-formats-and-algorithm-details> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#fido-ecdaa-object-formats-and-algorithm-details) of [FIDOEcdaaAlgorithm]. - Algorithm Analysis Document(s): <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#bib-FIDO-DAA-Security-Proof> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#bib-FIDO-DAA-Security-Proof ("ED256-2" should have also been in the IANA Considerations section but isn't due to a clerical error.) These names are related to cryptographic algorithms for Direct Anonymous Attestation. The relevant details are described in <https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v 2.0-id-20180227.html#iana-considerations> https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2 .0-id-20180227.html#iana-considerations. The algorithms were developed by Jan Camenisch of IBM (cc'ed) - a cryptographic expert. They are in production use in FIDO deployments. Kind regards, Rolf Lindemann
- Re: [Jose-reg-review] Request to register JOSE al… Jim Schaad
- Re: [Jose-reg-review] Request to register JOSE al… Rolf Lindemann
- Re: [Jose-reg-review] Request to register JOSE al… Jim Schaad
- [Jose-reg-review] Request to register JOSE algori… Rolf Lindemann
- Re: [Jose-reg-review] Request to register JOSE al… Jim Schaad
- Re: [Jose-reg-review] Request to register JOSE al… Rolf Lindemann
- Re: [Jose-reg-review] Request to register JOSE al… Mike Jones