IETF Logo Mail Archive

Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Mike Jones <Michael.Jones@microsoft.com> Fri, 20 July 2018 13:28 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose-reg-review@ietfa.amsl.com
Delivered-To: jose-reg-review@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0152D13101E for <jose-reg-review@ietfa.amsl.com>; Fri, 20 Jul 2018 06:28:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lTJugHCYIZz2 for <jose-reg-review@ietfa.amsl.com>; Fri, 20 Jul 2018 06:28:24 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0115.outbound.protection.outlook.com [104.47.53.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 77DAE13113C for <jose-reg-review@ietf.org>; Fri, 20 Jul 2018 06:28:22 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UYCoh4qaDR3YLUvd4WywO7duBWcdLdgKiMgfRe7X0P4=; b=hylX2Qkfo+uxHMPh6zUnREXvZ+obOoSMQVJlXMhSvULKMVigJXoF7SsGBYjdiJCiOwVeL2f2mv2POko/pO7WFNsd70JnuoHKKm1Z6imZRvBBzwcQ7gLXjdkWQj2/+Mr0IHThP437+OKpLe++klFJ4LJ9odyG22vvlaoGwg6oLg8=
Received: from MW2PR00MB0300.namprd00.prod.outlook.com (52.132.148.31) by MW2PR00MB0409.namprd00.prod.outlook.com (52.132.148.161) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1019.0; Fri, 20 Jul 2018 13:28:18 +0000
Received: from MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::75b7:1894:dd72:4ede]) by MW2PR00MB0300.namprd00.prod.outlook.com ([fe80::75b7:1894:dd72:4ede%9]) with mapi id 15.20.1019.000; Fri, 20 Jul 2018 13:28:18 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Jim Schaad <ietf@augustcellars.com>, 'Rolf Lindemann' <rlindemann@noknok.com>, "rolf@noknok.com" <rolf@noknok.com>, "jose-reg-review@ietf.org" <jose-reg-review@ietf.org>
CC: "jca@zurich.ibm.com" <jca@zurich.ibm.com>, "'Hodges, Jeff'" <jeff.hodges@paypal.com>, "mandyam@qti.qualcomm.com" <mandyam@qti.qualcomm.com>
Thread-Topic: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance
Thread-Index: AdP5OpIcc678paA9S/GwU/X8TbmHegArA4iAAALNfQACHjt4AAMWfTkAAEXlUAAEFEQfwA==
Date: Fri, 20 Jul 2018 13:28:18 +0000
Message-ID: <MW2PR00MB03008933FF90383F8F62EBD8F5510@MW2PR00MB0300.namprd00.prod.outlook.com>
References: <0ab801d3f9ce$40d7cca0$c28765e0$@noknok.com> <00b601d3f9e6$a3928840$eab798c0$@augustcellars.com> <0b9501d3f9f1$d8aa7280$89ff5780$@noknok.com> <044001d4026a$c64de690$52e9b3b0$@augustcellars.com> <00d501d40ec4$ba033be0$2e09b3a0$@noknok.com> <028501d40fdc$611e3b60$235ab220$@augustcellars.com>
In-Reply-To: <028501d40fdc$611e3b60$235ab220$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [2001:67c:1232:144:b451:cffc:cd3a:d087]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MW2PR00MB0409; 6:51l0TAkK1ZYlQZwbMi3FazNuRSfR2/nUFn1q2aEc8oDgUcIcPDaXNfpFoCVW0aaggeAnC4slDRIdXauiZCwzB6bBoJK9ZUzcdhbrw+XrJ0PNYVsQcfI6Z6Nr+2idPuZwraI+sjU6MwJ/uDvVdGtBm9dzG+EpU8qC3qL9HrqR+a8X03Y2wABe3pG2t1jbAEfi8i18AZTCI0DMLiNe16PhrudKQezmYbxXEtUDb30TXe7f7UqZVrPLgXPunFLlp6Y90qOGdET4eYJsf7Eqd/NYhbLVfU2vbl0E5a4KfBi8+x7ziUVqRCxshkR1XGoZ15Jvi7PUo7yXmPgJYy5P3gnu4jlfdAGhHGc6kJ8fXJzoidapaz+w1Gc0dq5clqG72LX3ZLJa5/K+K30VEXNAau+wO/8mv1kJ/Y/WUuzNgGEmHMHsK29olREYKPp7QUWhBD6hcQPdiXSXloT8gGKu76MEDw==; 5:kLsxWn2VpS7bf9apSosWyeyFLpo57YHU12jVdDao0NqNv6XA9r0FDuIJQ8psfFLU75Xs9oGJ7Ix7KHux5Bkr70VAhf6M/vQ0WzFJMXUh43AaxjiTxt/NlfCWhiA7HLsqQndfKjTvr7ynVdtJEODRrOLHjeqUu9BlpP2z2auLPR8=; 7:/B+H4+CStkEc/g1AZdDQv6/YWi8cvPIxouga/HnlopVmPTW9iwBxIkGPsLvZQ9rLUkeD0b/F94HhNeCT7KqOyIU46gOrMqKAsb5NCvufG//LGpY57EjAa0Jd3785rgfeFX0IOiw6Ckp6l6Xsnz9RJV/2Y6hHUP6S1P6243lw37HiNRVN6/Y2e+S2vWuMTUE7+nSMBhiQzF/VooI74NAD/tzrSOUlu5Kfp1L9rIVdOJq/Du5XRMGcigyG8l1Zd/pc
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 51064878-30ff-432d-8c84-08d5ee44a7ec
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989117)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600067)(711020)(4618075)(2017052603328)(7193020); SRVR:MW2PR00MB0409;
x-ms-traffictypediagnostic: MW2PR00MB0409:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <MW2PR00MB04094D99434B1CDF64E09BCDF5510@MW2PR00MB0409.namprd00.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(252895345309445)(28532068793085)(278428928389397)(89211679590171)(166708455590820)(190921409247199)(21748063052155)(104084551191319);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(8211001083)(2017102700009)(2017102701064)(6040522)(2401047)(8121501046)(5005006)(2017102702064)(20171027021009)(20171027022009)(20171027023009)(20171027024009)(20171027025009)(20171027026009)(2017102703076)(3231311)(944501410)(52105095)(2018427008)(93006095)(93001095)(10201501046)(3002001)(6055026)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123560045)(20161123562045)(20161123558120)(6072148)(201708071742011)(7699016); SRVR:MW2PR00MB0409; BCL:0; PCL:0; RULEID:; SRVR:MW2PR00MB0409;
x-forefront-prvs: 073966E86B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(366004)(396003)(136003)(346002)(376002)(189003)(199004)(50944005)(2900100001)(81156014)(46003)(966005)(790700001)(6116002)(81166006)(6436002)(25786009)(72206003)(236005)(9686003)(33656002)(53546011)(53936002)(55016002)(6306002)(10290500003)(54896002)(478600001)(4326008)(229853002)(97736004)(2501003)(5660300001)(19609705001)(8936002)(7736002)(6246003)(5250100002)(93886005)(10090500001)(68736007)(2906002)(106356001)(105586002)(74316002)(11346002)(316002)(446003)(99286004)(54906003)(606006)(554214002)(110136005)(76176011)(186003)(14454004)(2201001)(86362001)(102836004)(22452003)(7696005)(8990500004)(8676002)(14444005)(256004)(486006)(86612001)(476003)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:MW2PR00MB0409; H:MW2PR00MB0300.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: ds/A/BtLXe540GVxj/SOSBOQnQr2IKPJGu6mPb2bJYQUFk/4RilD07T8vqje2k9HSW1J3SZF9nwSRoUjiflQQigU0I63ILkit56DRKN8pr/w85xCHELxk6a9zV/fr/g4fU2fhSPr83/8cuyyEZp1PbG+XI+KIy61Ukqql7FT8Vz73oicDjvSjjESZHIVVoAQPIddI2kElu8n521MfwCNSvoV/O4Kgt07O2H4mWF1EMCGlnVFix0mHzJCtvtUo+htZfOezyK6rxPj8Y8cDKEhXDgEyPwEOZ+lxuIfK+S8gcSDUkKsCXwOR0iqaUp4jcj4MB4L5FkP+z47JH88EMO9ooSoN8T036gQlCSnfCtsbiY=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_MW2PR00MB03008933FF90383F8F62EBD8F5510MW2PR00MB0300namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 51064878-30ff-432d-8c84-08d5ee44a7ec
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Jul 2018 13:28:18.3146 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW2PR00MB0409
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose-reg-review/9AdygY7EEfb_zh0FzZj50QoqVWI>
Subject: Re: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance
X-BeenThere: jose-reg-review@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: "The JSON Web Algorithm standard \(RFC 7518\) establishes this email list for designated experts to discuss proposed changes, additions, and removals to the set of algorithms in the JSON Object Signing and Encryption \(JOSE\) registry, http://www.iana.org/assignments/jose." <jose-reg-review.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose-reg-review/>
List-Post: <mailto:jose-reg-review@ietf.org>
List-Help: <mailto:jose-reg-review-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose-reg-review>, <mailto:jose-reg-review-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 20 Jul 2018 13:28:28 -0000

[Adding Giri, since he expressed interest in these registrations]

From: Jim Schaad <ietf@augustcellars.com>
Sent: Friday, June 29, 2018 3:07 PM
To: 'Rolf Lindemann' <rlindemann@noknok.com>; rolf@noknok.com; jose-reg-review@ietf.org
Cc: jca@zurich.ibm.com; Mike Jones <Michael.Jones@microsoft.com>; 'Hodges, Jeff' <jeff.hodges@paypal.com>
Subject: RE: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance



From: Rolf Lindemann <rlindemann@noknok.com<mailto:rlindemann@noknok.com>>
Sent: Thursday, June 28, 2018 11:45 AM
To: 'Jim Schaad' <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; rolf@noknok.com<mailto:rolf@noknok.com>; jose-reg-review@ietf.org<mailto:jose-reg-review@ietf.org>
Cc: jca@zurich.ibm.com<mailto:jca@zurich.ibm.com>; mbj@microsoft.com<mailto:mbj@microsoft.com>; 'Hodges, Jeff' <jeff.hodges@paypal.com<mailto:jeff.hodges@paypal.com>>
Subject: AW: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Hi Jim,

Regarding your first question:
> One of the things that I would like to see would be the definition of a key structure as well.
I guess you are referring to the structure of the public keys (only).  Is that correct?
In the referenced document (i.e. https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#object-encodings), we define algorithms to encode the keys (e.g. ECPoint2ToB, ECPointToB).  The ECDAA issuer public keys consist of two values (typically denoted as X and Y) both of type ECPoint2 and hence would be serialized/encoded according to the definition of ECPoint2ToB.
Is this what you are looking for?

[JLS] I am looking for a JOSE key structure which would require defining a couple of things.  While I realize that you don't need it, it might also be useful to have the private key fields defined as well for the purposes of doing things like writing test cases such I have at https://github.com/jimsch/Examples.git You might have a good case for not needing one, but I would like to here what it is in that case.



Regarding your second question:
> I would like to verify that there is a requirement that the key size and hash size are combined together as a fixed pair and not uncoupled as done with the ECDSA algorithms where any sized key structure can be used with a specific hash and applications can be further restrictions as necessary.  If this is not the case, should the key set be made explicit rather than implicit in the algorithm name?

Yes, hash algorithm and signature algorithm are paired.  So we specify the following:

  1.  ED256: FIDO ECDAA algorithm based on TPM_ECC_BN_P256 [TPMv2-Part4] curve using SHA256 hash algorithm.
  2.  ED512: ECDAA algorithm based on ECC_BN_ISOP512 [ISO15946-5] curve using SHA512 algorithm.
  3.  ED638: ECDAA algorithm based on TPM_ECC_BN_P638 [TPMv2-Part4] curve using SHA512 algorithm.
  4.  ED256-2: ECDAA algorithm based on ECC_BN_DSD_P256 (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#bib-DevScoDah2007) curve using SHA256 algorithm.

[JLS] Reading my last sentence, I see that I got my text backwards.  Should the Curve be part of the name rather than implicit so that there would be no mistakes.  The use of ED256-2 seems to be an odd name that does not necessarily provide good information.

Jim


Kind regards,
   Rolf

Von: Jim Schaad [mailto:ietf@augustcellars.com]
Gesendet: Dienstag, 12. Juni 2018 18:31
An: rolf@noknok.com<mailto:rolf@noknok.com>; jose-reg-review@ietf.org<mailto:jose-reg-review@ietf.org>
Cc: jca@zurich.ibm.com<mailto:jca@zurich.ibm.com>; mbj@microsoft.com<mailto:mbj@microsoft.com>; 'Hodges, Jeff'
Betreff: RE: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Sorry about the delay, I got pulled into some other work and forgot that I had not sent a message.

One of the things that I would like to see would be the definition of a key structure as well.  I don't believe that you can use any of the current ones based on how things work.  Think about people who would use this algorithm in other protocols and need to transfer the root of trust as well.

I would like to verify that there is a requirement that the key size and hash size are combined together as a fixed pair and not uncoupled as done with the ECDSA algorithms where any sized key structure can be used with a specific hash and applications can be further restrictions as necessary.  If this is not the case, should the key set be made explicit rather than implicit in the algorithm name?



From: Rolf Lindemann <rlindemann@noknok.com<mailto:rlindemann@noknok.com>>
Sent: Friday, June 1, 2018 2:45 PM
To: 'Jim Schaad' <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; rolf@noknok.com<mailto:rolf@noknok.com>; jose-reg-review@ietf.org<mailto:jose-reg-review@ietf.org>
Cc: jca@zurich.ibm.com<mailto:jca@zurich.ibm.com>; mbj@microsoft.com<mailto:mbj@microsoft.com>; 'Hodges, Jeff' <jeff.hodges@paypal.com<mailto:jeff.hodges@paypal.com>>
Subject: AW: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Please see https://eprint.iacr.org/2015/1246 for that.

That is the reference included in the IANA considerations section of the document (see https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerations)

Von: Jim Schaad [mailto:ietf@augustcellars.com]
Gesendet: Freitag, 1. Juni 2018 22:25
An: rolf@noknok.com<mailto:rolf@noknok.com>; jose-reg-review@ietf.org<mailto:jose-reg-review@ietf.org>
Cc: jca@zurich.ibm.com<mailto:jca@zurich.ibm.com>; mbj@microsoft.com<mailto:mbj@microsoft.com>; 'Hodges, Jeff'
Betreff: RE: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance

Are there any crypto analysis papers that I can peruse in case I am interested?

From: Jose-reg-review <jose-reg-review-bounces@ietf.org<mailto:jose-reg-review-bounces@ietf.org>> On Behalf Of Rolf Lindemann
Sent: Friday, June 1, 2018 10:31 AM
To: jose-reg-review@ietf.org<mailto:jose-reg-review@ietf.org>
Cc: jca@zurich.ibm.com<mailto:jca@zurich.ibm.com>; mbj@microsoft.com<mailto:mbj@microsoft.com>; 'Hodges, Jeff' <jeff.hodges@paypal.com<mailto:jeff.hodges@paypal.com>>
Subject: [Jose-reg-review] Request to register JOSE algorithms for the FIDO Alliance


Hi,



The FIDO Alliance would like to register the following algorithms in the IANA "JSON Web Signature and Encryption Algorithms" registry:

1. "ED256", see https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerations

2. "ED512", see https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerations

3. "ED638", see https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerations

4. "ED256-2",

    - Name "ED256-2"

    - Algorithm Description: ECDAA algorithm based on ECC_BN_DSD_P256 (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#bib-DevScoDah2007) curve using SHA256 algorithm.

    - Algorithm Usage Locations: "alg", i.e. used with JWS.

    - JOSE Implementation Requirements: optional

    - Change Controller: FIDO Alliance, https://fidoalliance.org/contact/

    - Sections 3. FIDO ECDAA Attestation (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#fido-ecdaa-attestation) and 4. FIDO ECDAA Object Formats and Algorithm Details (https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#fido-ecdaa-object-formats-and-algorithm-details) of [FIDOEcdaaAlgorithm].

    - Algorithm Analysis Document(s): https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#bib-FIDO-DAA-Security-Proof

("ED256-2" should have also been in the IANA Considerations section but isn't due to a clerical error.)



These names are related to cryptographic algorithms for Direct Anonymous Attestation.  The relevant details are described in https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerations.

The algorithms were developed by Jan Camenisch of IBM (cc'ed) - a cryptographic expert.  They are in production use in FIDO deployments.



Kind regards,

     Rolf Lindemann

v2.23.0 | Report a Bug | By Email