[jose] Re: WGLC for draft-ietf-jose-fully-specified-algorithms
Michael Jones <michael_b_jones@hotmail.com> Tue, 09 July 2024 20:41 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 990EFC151525 for <jose@ietfa.amsl.com>; Tue, 9 Jul 2024 13:41:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CguPxgp00HUi for <jose@ietfa.amsl.com>; Tue, 9 Jul 2024 13:41:23 -0700 (PDT)
Received: from BN8PR05CU002.outbound.protection.outlook.com (mail-eastus2azolkn19011036.outbound.protection.outlook.com [52.103.12.36]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8080EC14F694 for <jose@ietf.org>; Tue, 9 Jul 2024 13:41:23 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=XKXWuHAfp9RQQWELxlZflb9JS12/ncVCZfc8jb9NYS9MLshCXeUz6yyQ1n6KCC8OqYjPTsqPx6E7BNmkltHFsYVFd1YD/fSlyAnjLFgrMshjWKZBmSX8kfBhaotDUY9s/FJae9JeUd4xdkjYjx7cvZHhkoeO4/yXCFAp7uIakQ7BW0rgQEEJ7ggsteLtTp/Qj17yWse2duk7EUcYJbFcMBmefk5BOxzZk/eJ1jsmuxP9lkZxcHxkRKY36wXmZ5KF7Zq0xQxHsUtydIBXuVyxIIp7bwJ+G3PKLujW1d/JsNsAZ0LuVoY+At3rDebZDCP/HA6YfsRBjN3jA1Itqtseqg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vjyoT5MdNf0FQjHoMBc7Uc0FKBOUAKcsyx9+3WBqtB0=; b=ZIyam0FPSC2mLN9UXajnxW/aB/PTSqBfeL0HE+79g0lyXPQnIUnYUSBFrNdW2OXbg4a4ZHLp+VcDhiHkVhLMs+Mp9Kn938P3Tv7+2W8t8XQ3yin5AivNiqpPwTtj47c0cvTKYUVSVhMGVs0/Q9w0HHFYk/uM10dpkPRJg3OJgav1gkA5KND9a86Gm91alFKez0yqBLiOfvbdCt0bD9TcQiX/FkrsdIvz/U5mo3Ne1A8fanY9zQtLTxxQJN1u2yyZv8gSz5xJiewTOokUELD4QYBxDodlWo3B5mB9bpk9mg11rDDocfIY1PKz+D/qOCJffNEcu+PXlcIfKEUQUr3/7A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vjyoT5MdNf0FQjHoMBc7Uc0FKBOUAKcsyx9+3WBqtB0=; b=cVk6eLX9qHso5HdwzhvTXiPPrbt1F7oJe+O5mS2fQpeAPAkdKTDiSQJApy83TVbLNyrOWUSfRBEIw2TjiFKzGET/x4F1sdhralIiWcnVhdpCFo8cPSQT14IQpGC3KGFfvnVRaHWh4xNw6KlBceo4+Ok2Ov1jFWH8SDeuRGujzFtCMeN2+dBBmkXlF/w8nCme1N//yNPu/YLNlUmulPpsBPX1SIubG+qieyrUMYeMVLMdeqDrLYFcl5PN3sArYnk4qEGJf2ywudXtnGGwA49iSPBjVGNdM4vdVsVuZJLrc/jk+CNRtuj9+IVVqofkwnE+RLejJRwuKFxFvd1wYGxA+g==
Received: from PH0PR02MB7430.namprd02.prod.outlook.com (2603:10b6:510:b::9) by DM8PR02MB8022.namprd02.prod.outlook.com (2603:10b6:8:17::10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7762.19; Tue, 9 Jul 2024 20:41:20 +0000
Received: from PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::67ac:16c1:95b5:fcdc]) by PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::67ac:16c1:95b5:fcdc%6]) with mapi id 15.20.7741.033; Tue, 9 Jul 2024 20:41:20 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] Re: WGLC for draft-ietf-jose-fully-specified-algorithms
Thread-Index: AQHaq6bnGM6ASz5Juk6OPkQPYvLslrHvG8XA
Date: Tue, 09 Jul 2024 20:41:20 +0000
Message-ID: <PH0PR02MB7430790D843D782524A0BEECB7DB2@PH0PR02MB7430.namprd02.prod.outlook.com>
References: <78A999A1-7010-4FD6-A0AB-493EF1D91BF6@gmail.com> <14C7D4BA-9E3A-406E-A3EC-9223249BC4F1@gmail.com> <Zjn0koMlXJ6saoB8@LK-Perkele-VII2.locald>
In-Reply-To: <Zjn0koMlXJ6saoB8@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [+o64SOnBcobCWgaYIZ3f+SlN+RQrThDD]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR02MB7430:EE_|DM8PR02MB8022:EE_
x-ms-office365-filtering-correlation-id: 88f261ff-593a-4b42-e779-08dca0577d35
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|8060799006|12050799003|461199028|6040799006|56899033|4302099013|3412199025|440099028|1602099012|102099032;
x-microsoft-antispam-message-info: p24nh8j5FNVndLgjRjj7H7wPmV6OzGSgrg7N8m3JgKQ8aP9lT/TDWcNSXrZmyRs2yEXXYFHnL53He4MxOSkrjesbZn2EB7Ix9KTlyMHiDGzT7X7qlV9BQdpqYKzq+mVZP0qcyLByLf06FNd3XVtendYf6ssjW40P0aYgfgdGBxuAaR9RFmtJ7THutpd6kNSR2/cDU7BS465iYwQ1exLD2Bd6ViME84bHrhRGj2v9GtpB5KET2TJRAZBa+oPPAfyGl7GEYY25mA/nz9YD9y6bqT5JdFgEvoAftYAQWmtjD0jN1Dv01l66YWI7hxHRZbzVhff+xhTqBEP4xPbHg+9IaCsr7YgikUE3oIz1st+gUgfI0INzpfg3VOSW7ELduVQto6SWY1rhxvROcyY9dK6viIyGtdkEN72ff5LvJ8fqAx5znLcf+HODtDa5Qfzwx9UNfx4Cddp4g4aqLqCGYP0sCeA3NgivrSHATbOXCJ0RUFF60Wp6OAZj55YlPYNIN03lsu46CjfxdsKyJBhLrLRfeYe/lMAZhppT0vEmzWKywU8ArgymMjFO0xuhPXYERQujZJiSywjtpE/MP+ldkmFRjuU0z63FhZNqHZxUaTEPJ1zW0wSHyi+ekwKENQ2OS+gDLfMZWV6egnUZVejjq3rwNmxZkMpNWM+K8OlV0I9Sgx8nV5hROj5x3y9kpj7RCwlWXGEh00cRv3BzF1AtAtGMKYJ8lUvysIvCu1xYede3HD5+FbiYmF0ShLh/JtkiJlU4OycYcKu/Mv9kQYPK5DpM8huEkXEqghqZ/EMgMEnqbc0IcAuiwxUZmqvVmelbcwoC
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: efXKIuo1UQU2oKzG2nk02y1tjKdmS0RR3ss7hiAOBrsvy1iq/B+H890LUURc43Tg73YAI3t9GP1d2L4U0gdKoMHewfCRYMqB8X6MYqsNEIFqu5dbGlLG25tqW/9DbMQTDW7w7DA/brL+REUouND042E8MdlzH/gcIzeAS586IdM4S0g8naxNmBbDcDEQ/jaeUWn9TtT/byV/ZSrf0k07LC1LL9P/pfHYYhhIgthar76l/jUf+okG0wgyIN+CRZJmFasb3LMmZdQAxvHdvt4ii/KGjeOLLv5DhUayFu3rIbg8EoBp1/ho88tZfkG0NwbzrlNxL5GrWEyCMvrnyNnvP8IIhQALBnLzR2z8PKqgfLs/KfbQxWNm3MZA9zJTGhobBNOMyuY6W0BY4G1vbVRqQdiCvQ4Kg/vOgN1TV9w9T2/tHLb//1QtjHNbF5eVUKtvyCkUh8Bx8XzoFGcYn8WzAGuCDjgEUDS9GZtf5XbeUPCvWZjJEiSD5jdx5xwAqu6DnMjvAaWkIFnXjfZ2ZVo50ZdL76zU/+7ZzXUStlXJ4rEMHwzdjNgSL7eX6/p7OfzGh44SOwZ8fyFl9vg84/m6bEXkxOmSx01MkckvhrecmYPgdV22bcWGwPoN93N6iVoQcL09SvSqEJ+dElHfR82F2nhT5kWitEKi9KZhd01Vxz2p/5pv79bMnulnv4xlwyi7r9ecTrJFQYyD11jb8VcDLJO0o/pSNfTb9Obz/iqWKI98clpAqxoCykPXdAQEj+nkm6oeVwe75nJtxpDIqgEdNeHqUgbJmRQz5sfBL7SgcDv6uD9+QmI76nOeRjwdxlkgCdPC1PtZ/EC1I2nKDVusSR5ZiJ6afUdsfm8Z2e9xzqJLRbuIIpqjxEBzKdmbCYRewK7TW1w7SpqiY41VvFSF7CL5EFuaWjRk0LwAqLelFKMAK4rJ2e/NnyTbnARMvYUE0+UBsdZxOldq509cUdXno8n1EHh2REKaH8sPIThllcRg4hkZ8rcXHsFafRvbXFvGDxJLAJzuAhP/sBc+dLHs64RvokWAf7z65vTwAZGnagPV5EUZO+ioygkbd8cidZsfSUbg/FKGoq+Q5635Pe4jVGQH1EjXKCsoUaJFvV5I5g66W0cOf7pz7+XNVbUTXC/hRkHBy0d3xnM69LfJpnUhqRPrnUN8SNkvs9VMbskPA+QFxYnynZ2CGZGWA33HIhO+eNMOrf0d/eha20SXcgMNi+AvGkNYQTakNez9luWgdMc=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7719-20-msonline-outlook-0f88b.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR02MB7430.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 88f261ff-593a-4b42-e779-08dca0577d35
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 09 Jul 2024 20:41:20.2541 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM8PR02MB8022
Message-ID-Hash: QGZ35VEGDXERRBZSP7UR6W4PTD4CIG2P
X-Message-ID-Hash: QGZ35VEGDXERRBZSP7UR6W4PTD4CIG2P
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: WGLC for draft-ietf-jose-fully-specified-algorithms
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/-SBBdEzzl3OcNON-GvXjcUlAIyk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
Thanks for your WGLC feedback, Ilari. The authors have attempted to incorporate it in draft -03. Here's a few points specific to your comments: Text was added to https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-03.html#name-algorithms-for-signing-with on the ability to register key-size-specific RSA algorithms in the future, if needed. The text on KEMs was removed, since it wasn't applicable to any currently registered polymorphic algorithms. And of course, a lot of the new text in -03 addresses fully-specified encryption algorithms, including registering a small number of fully-specified ECDH algorithms for JOSE and COSE. Finally, thank you for your observation that this work is about improving interoperability. I agree. Thanks again, -- Mike -----Original Message----- From: ilariliusvaara@welho.com <ilariliusvaara@welho.com> Sent: Tuesday, May 7, 2024 2:30 AM To: jose@ietf.org Subject: [jose] Re: WGLC for draft-ietf-jose-fully-specified-algorithms On Mon, May 06, 2024 at 02:40:32PM +0100, Neil Madden wrote: > So the draft needs to be substantially rewritten to reflect what it is > actually now proposing. It also, ironically, needs to flesh out what > “fully-specified” means, because that description is very vague. > (eg it seems key sizes do not need to be specified, but curves do, and > it refers to KDFs and other things that are not in scope). Perhaps > rewrite it as a more focused draft saying that *elliptic curve > signature* algorithms should specify the curve specifically. I find the distinction between "fully-specified" and "polymorphic" clear. It is about if "alg" value alone is enoguh to specify the cryptographic operation the layer performs. For RSA, it is still the same formula regardless how many bits e, d and n have, so RSA key size does not factor in. Thus, RS256 can be fully specified regardless of lacking key size. And I think most RSA verifiers should be able to deal with any key size multiple of 8 bits between 2048 and 8192 bits. However, there are flawed RSA key generators that can generate keys with one less bit than intended (e.g., product of two 1024-bit primes might only be 2047-bit). For EdDSA, there is huge difference between Ed25519 and Ed448, so those are definitely different crpytographic operations. For ECDSA, one could argue if curve factors into cryptographic operation performed or not. However, for each curve, there is single preferred hash function, and anything else gives interoperability problems. E.g., P-256 should always go with SHA256. So those should still be treated together. However, there is at least one place where the document itself seems to get get confused about this: Section 6.3, which applies incorrect implication. What fully-specified means for KEMs is "alg" implying all the parameters of the KEM (i.e., the KEM is fixed-parameter). This has nothing to do with any KDF, which might not even exist (e.g., Kyber/ML-KEM), or even if it does, it is an internal detail of the KEM. > The entirety of section 3.3 should also be removed, or else > substantially rewritten to reflect that the advice doesn’t apply to > encryption algorithms. I would delete it. Yeah, that needs to be scoped to apply to signatures only. Then section 5 might also need adjustment. However, the prohibition on algorithms interacting should remain, as having algorithms interact with one another in any sort of new ways is very bad idea (it makes complexity absolutely explode, and can easily cause nasty interoperability problems that are not readily apparent). > Section 6.2 says it is not sure what to do, suggesting the draft isn’t > ready for WGLC. That looks to be leftover from scoping this down to just signatures. > The security considerations in section 7 are nonsense. How does an > attacker get to “choose algorithms” with current EdDSA? Yeah, this does not reduce attack surface, it increases it, by allowing implementations not consider key subtypes. And doing exactly that has caused criticial vulnerabilities in the past. This stuff is not about security, it is about interoperability. -Ilari _______________________________________________ jose mailing list -- jose@ietf.org To unsubscribe send an email to jose-leave@ietf.org
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Neil Madden
- [jose] WGLC for draft-ietf-jose-fully-specified-a… Karen ODonoghue
- Re: [jose] WGLC for draft-ietf-jose-fully-specifi… Anders Rundgren
- Re: [jose] WGLC for draft-ietf-jose-fully-specifi… Neil Madden
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Gabe Cohen
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Carsten Bormann
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Neil Madden
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Ilari Liusvaara
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Prorock
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Daniel Fett
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Ilari Liusvaara
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Roland Hedberg
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Ilari Liusvaara
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Michael Jones
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Anders Rundgren
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Tim Bray
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Vladimir Dzhuvinov
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Filip Skokan
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Roland Hedberg
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Oliver Terbu
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… David Waite
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… David Waite
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Göran Selander
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… John Mattsson
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: [Lake] Re: WGLC for draft-ietf-jose-fu… Carsten Bormann
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Leif Johansson
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Giuseppe De Marco
- [jose] "Ed25519 not recommended" Re: WGLC for dra… Anders Rundgren
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Stephen Farrell
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Brian Campbell
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Jeremy O'Donoghue
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Anders Rundgren
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Brian Campbell
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Simo Sorce
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Neil Madden
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Brian Campbell
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… John Mattsson
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Neil Madden
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Anders Rundgren
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Brian Campbell
- [jose] Re: "Ed25519 not recommended" Re: WGLC for… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… John Mattsson
- [jose] Re: [COSE] Re: [Lake] Re: WGLC for draft-i… Michael Jones
- [jose] Re: WGLC for draft-ietf-jose-fully-specifi… Karen ODonoghue