[jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

Michael Jones <michael_b_jones@hotmail.com> Mon, 21 October 2024 19:47 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BEF5C1CAE71; Mon, 21 Oct 2024 12:47:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.131
X-Spam-Level:
X-Spam-Status: No, score=-1.131 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23_LxNPLPf8r; Mon, 21 Oct 2024 12:47:15 -0700 (PDT)
Received: from CY4PR05CU001.outbound.protection.outlook.com (mail-westcentralusazolkn19010003.outbound.protection.outlook.com [52.103.7.3]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8C94C15198C; Mon, 21 Oct 2024 12:47:15 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=kmPXQz+k7LCy1hNgAJbpNf8UcytlFxdfoIRMDAJYVDEApmFrhzw11UtWFb94UmEVCS36BDodgKXBvoERs1BPV6RoIHuYde+4dvE8kcq7tCQn7L+p++Q8vugZMCHMj2ag6RA5tcInBns61MnFthhwKldl1Uim1o7INGlXO7bZ1HIfoHNW+RhYnQsC/e+Pn6JGTHvaX6Bfa9jWttVuKZ9adqOdWX2VY08+TPm8hNxgo2oHjFjYGITmokzQWxU3X6ayg0yshrE3zqApM8j2q5Mo/s5pQOZibMyBLK9DuQqkveV5zy0aATBk8iuHqUbJF1nLI3JkKLC5S24BAgwDWDAjPQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=vii2nHU5Odt+nNxpV7Lj9H24BmXEWK+IXUEaVDrw0cs=; b=BvglOIOm++mC/v1xLwiQ94xAlpNHgVtVpYRvbkmkKa9bZ0AOsvGOSahQjIELVxly9LQ/Q5UjxNiHQZP6zbLy/YE1w5qIqLoi4EPqgbGZqXqqIIL8Y5fY5zn1Prz2Q2tMs8tIHyJhX31GMJ5g67McTmxqWefW+G+V+xvN7wjM1E1xmeZn4IoliO3dAa4Nsbv+v6FYpMGPyC+F2UdF5fb6IwD5DGa9RBCARqQP091I7PYzXlNvQYPIfFFFUBv6As+DLGslT2oeLRpwDOtpj0vrOf+Ahnpc+XlWFfPy2rHwrFkGZu4IN4ZBLxstUUyfhfRjGQJhQQiHP5WONKu9j7flIw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=vii2nHU5Odt+nNxpV7Lj9H24BmXEWK+IXUEaVDrw0cs=; b=fXKiDIDygc3u6lV9p3+Fpn7Ike+WQc0hVnrYAcDvpj4j/gLzv4+K2vpx/5O+JKrwyfuiyHZthcrLEGZhylTCO8pzxF7fTxud3UZ/c6P/0Fd5esZemxFkI9WWWQ85rJXM7WRiS+CD3vs/pV61xt3r9PjE8ETjTbEBLryGVUugKasn+fBzIMjMhlGFBF8As5uuGJ5ptZ36+imcxcyKV40NK8aALxDZQNTCyFIXln8M7K3RjCyYm4T9osrcDzxROOSHk3nBhDBWPsVd768xWI/OwebtafFLTeHq5MOnBuVTe5GaDU9sSmB5ihNZaxJkO2jccJ/qeE8d+og3dCBeub7NGQ==
Received: from PH0PR07MB9077.namprd07.prod.outlook.com (2603:10b6:510:107::13) by BLAPR07MB7570.namprd07.prod.outlook.com (2603:10b6:208:29d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.29; Mon, 21 Oct 2024 19:47:13 +0000
Received: from PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f]) by PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f%5]) with mapi id 15.20.8069.016; Mon, 21 Oct 2024 19:47:13 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHa/23PmRDiICO/FU2GYY+WZ7tKNbKQROPw
Date: Mon, 21 Oct 2024 19:47:13 +0000
Message-ID: <PH0PR07MB9077667AEB45E11B29D50D3AB7432@PH0PR07MB9077.namprd07.prod.outlook.com>
References: <CA+mgmiOEbk9qjDwNTu198QVWAGqcuKNSPd2F-YtngcLZwjunZw@mail.gmail.com> <GVXPR07MB9678C278636D28A01AA85C44898F2@GVXPR07MB9678.eurprd07.prod.outlook.com> <PAXPR07MB88443BE71B6DDC81F845A2BDF49D2@PAXPR07MB8844.eurprd07.prod.outlook.com>
In-Reply-To: <PAXPR07MB88443BE71B6DDC81F845A2BDF49D2@PAXPR07MB8844.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR07MB9077:EE_|BLAPR07MB7570:EE_
x-ms-office365-filtering-correlation-id: 6196dca1-96cf-4545-a5d1-08dcf2092900
x-microsoft-antispam: BCL:0;ARA:14566002|12050799009|8060799006|461199028|8062599003|19110799003|7092599003|15080799006|9400799024|4302099013|3412199025|440099028|10035399004|102099032|56899033|1602099012;
x-microsoft-antispam-message-info: yKSm5NpFpJDoQg9OUw4UfF6grIJAwAIrGZyPblCNeLruUyP/WYr0T7ycDMIgWKTtJ4sEnrBa7xIDjGIDXTIn5/D245+EsLKewjCnWlCnTJnbNimehrwAyJkJ8XM4f9Npxf2iH75Hyk2Kha9RM+oML9zKKpO8X4d6y8MMOi4AyTUGWYxSq9eU4tZaxn3t+hmU58y1LUHkCot3+Ix/fs7zy8n7JVCoA6qoXvVJkgg4wVOKUvlT3IOe9Juy1FNqCcrqgBMmwi22PcrJhCT74dTrHBNbGXO8Wf54b07r6UsI+my4TwuIJJD0E0RpFOOrrmk7fWlFKZhOE64SEleSIW02ehTP1AdjcnQCd8NrPbL+lupmqAHSKVQDw4RtF7R6NRpRFwmGErEqg7NusbJ1MSDkdcZBzsOPvCh75YjDzA5cu6ome9KCzfmIpq05fsgnzPZk5KsJiJzgY6mdkGN20+0B3VfXZN1z2+ETso8ZCD1gxkxlo12uEP3Xu/jzO7jI+aXC7vEi42JkbgOv53QtDmcby/2nsanystQLuhkRVgIJCqvaBR6JD2KRPe7dX6QxfM1GQovDJZMZv+LUOl2oq86Wk+nC/tenYhSXZSivEKDcwcVLB79o7DzSuJXKkQu//o9zvBr6zJcJ7PVqpJTTXtOxD6kIuKAhcxFjy/wtKDyvrEfek/Ge0phZ6huNN6QQr1BMDTiwB01YDfGNPQzr6vEofYsbYxzi+LOaWetyWplDgzOQost7Jf/PvyJ9xs0jKLytfJgmcSJFtRlVXkGp8mI32FRQX97y7E+U6SOvGnaG4/EfuEsIIVhMu6xN0D9QxbX9Pta/Aw8aVs5AogiaLoRfBJqAhHq1FXFCkB4z3laa/0ZvQX91L1FTfqyZQjEFfGL+qPjRDp+72EGRwko/cuTODn4R4Sgr6Trhajc2lnOMBnOBB14EiMRQ71ygTT5Tje+E
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: of3KqMzjLjeKf0VCZH7BGrO9KTuUUlCrN4L3sCSnYb6S7CU5LrRovwELpRZwK7YNFE9SUn+gpeJe9/cWa1AJNMdIHSptF1ph+IOlWFsYCt7ZMZ0UtgjTmlrjZBsX5/Og4UG1w9bb19smRN7KiVkM3L0KCfi/w2epjfmPdFdr4v90oTvlMcwufgN5WeCASg4DYDc2rh7D1STJsIhUqhVfSINB5G3ymrlDtsPdw/+ESmLvc4965dwJ+NBFGS/BL7YBRJzGHUeTMOo884I+zuJ5pMQGPmkrnzZ1ANzom9ANrSvSD6Q47vmbK3CD+hflQofeG3PjyyrHDY2llmxpFEKhliObe1xQSpsKsJd9JBQuh9j3qUNsKOZbyKC71MSn6dsF9o0Chy9e70B2SEFmmB8TX4SLJbLjky4ToXia6VIBR30c+nGkjhLt6BGOlowTbpF88YPxRsKkzyhNIb0LI41WGMX6ifWGaLq5kaHGLrxcKNv0rEL+93KOv5uydSoTaObK2zGLA5l1t+3R8Fi33nYQgCnWqvr2jAEkgOxoLAaoQcRYOmABI7oMHYwjqJdIAiqi7k584o2S2/b3Koz9cpU2iJeamVAiLihVzJQbmzwtTlVxM2BrtzDsmdllB/jaa83/M8aiNCfUMuqbD62hLo7Y8Zp6jyZdVZoym2+3OPH/avL51uo0F6mFhhvAlkcYyGe8XxM+eiUxmAR7fDxJ9+m/5j80Z9zJvgsyQX/HEjncYFqvzotWuNoj0CpOtb5jSP3ampxErZhhIVfTPQL8hgq1Yyl51SDKcBbJHLT2VuMJORG3U2AAwBnXD8A3ZA4TAHSEJ+MH9N1/ds/hHke1ZleOgrPREO1H/r0OEbXcpUz/y4Iza1dSSXC51WrXizqpHLLuZYJ4wc6e/0EUjyC6HZZzLx+HIon7I/3r7tlEf+YGO5Hwsd16o4jRxrxDvuVk5p5gs/sAtgzD/0yIx7EuDSLqoBzdq2C2o9Ahymj+DPKXhM6g/7ZjTclkt7jji0Sv9xLwXLjsMNp8lgvT8myqpvprnSI9X/VuhlZMAmVYj0rd7Tht1rzPhio7StIVDG137P00NmxgeX/5rZ5xs9i3MbtAtLTZ6++IZycwdtqVnsaU8uPpw3M6vkgEVR+k6pJaTBCscbC6uzZrK87GJHrDpgZC1B/tz+wA/USlaxh1zkE1pYeArOx4AhGfP12/7Ob401owPpBEJ9jJJFE3LxjmKA7scTYegRZrtmeWJCyEjBUNGL+zS3znbnup1tIxFzQXHf9HqoPoUBxSvEzIieTOiOeRKqrm0w/nIM758pl2hfkOrFP4NrI2DkmR5NAdQJEP8Uw6
Content-Type: multipart/alternative; boundary="_000_PH0PR07MB9077667AEB45E11B29D50D3AB7432PH0PR07MB9077namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7741-18-msonline-outlook-99cdb.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR07MB9077.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 6196dca1-96cf-4545-a5d1-08dcf2092900
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2024 19:47:13.5409 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BLAPR07MB7570
Message-ID-Hash: 5PZSTR2FGD44NTJZR7YPOAWLGR3UAQ5R
X-Message-ID-Hash: 5PZSTR2FGD44NTJZR7YPOAWLGR3UAQ5R
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/-VxgATj9UVaRej35-KCBASY0_YM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Thanks for your comments, Göran.  See the updates to the specification in https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-06.html.  My replies are inline below, prefixed by "Mike>".

                                                                -- Mike

From: Göran Selander <goran.selander=40ericsson.com@dmarc.ietf.org>
Sent: Thursday, September 5, 2024 1:30 AM
To: cose@ietf.org; jose@ietf.org
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

(About target audience:  This draft is proposing to deprecate algorithms in the COSE IANA registry. It would be great if it by default was circulated also on the COSE WG mailing list to enable a timely discussion among those affected.)

Mike> Agreed

With reference to a previous thread on this topic:
https://www.mail-archive.com/cose@ietf.org/msg03799.html
The term "deprecated" is still used in this draft with a different meaning compared to RFC8996 and RFC9325. It doesn't help that you in this document point out that you are using the word with a different meaning that people are used to, very much fewer people will read this document than those that stumble on the term used in registries and understand it from other contexts.

Moreover, this overload of terminology is actually  unnecessary:

Section 4.4
> The terms "Deprecated" and "Prohibited" as used by JOSE and COSE registrations are currently undefined.

So, in fact this provides a unique opportunity to disambiguate and avoid the otherwise inevitable confusion that will come up over and over again arising from the use of the same term with different meanings. A number of perfectly good alternative terms were suggested in the referenced mail thread.

Mike> Yes, there were not definitions of "Deprecated" and "Prohibited" previously in the specifications, but I will observe that the use of both terms in RFC 7518 makes the distinction pretty clear in context based on the plain English meanings of the terms.  "Prohibited" means that an algorithm must not be used.  "Deprecated" means that an alternative algorithm should be used, when possible.  The specification clearly and consistently defines both of those terms in a way that's applicable to both JOSE and COSE.

Mike> Furthermore, and I consider this a big plus. these definitions don't require any changes to existing JOSE or COSE registrations.  Nor do they require defining new terms that were not already in use.  Many of the other terminology proposals don't share these advantages, which is why we went with this one.  I'll also observe that some reviewers explicitly thanked us for the clear terminology definitions.

Moreover, for systems that makes use of the COSE IANA registry and specifies algorithms with enough parameters to make them completely determined, for example EDHOC cipher suites, there is no need to change or abandon the use of the current algorithms. Hence the recommendation ("SHOULD") in the definition does not apply to such systems, and that circumstance should be stated as an exception to the recommendation.

Mike> We added text describing circumstances in which it makes sense to continue using deprecated algorithms, per your suggestion.

In summary


  *   use a different term
  *   make it clear that current algorithms may be used in case a separate specification adds the necessary information to make them fully specified


Göran


From: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:john.mattsson=40ericsson.com@dmarc.ietf.org>>
Date: Thursday, 22 August 2024 at 11:10
To: cose@ietf.org<mailto:cose@ietf.org> <cose@ietf.org<mailto:cose@ietf.org>>
Subject: [COSE] FW: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Forwarding to the COSE list as the document updates both RFC 8152 and RFC 9053.

Cheers,
John

From: Karen ODonoghue <kodonog@pobox.com<mailto:kodonog@pobox.com>>
Date: Wednesday, 21 August 2024 at 16:12
To: JOSE WG <jose@ietf.org<mailto:jose@ietf.org>>
Subject: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
JOSE working group members,

This email initiates a second working group last call for the Fully
Specified Algorithms document:
https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7C4d5ca1448df945ce272908dcc1eb446e%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638598463418037480%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=lC1d%2Bvw9fTh%2FG2brNNztghIYFbp4pnGwjqvfN%2Bbqrn8%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/>

The authors have updated the draft based on WGLC comments and
discussions at IETF 120, and the chairs have polled the working group
about the readiness for WGLC. Seeing no opposition, we've decided to
proceed with a second WGLC.

Please review the document in detail and reply to this message
(keeping the subject line intact) with your opinion on the readiness
of this document for publication and any additional comments that you
have.

This will be a three week WGLC. Please submit your responses by 13
September 2024.

Thank you,
Karen (for the JOSE WG chairs)

_______________________________________________
jose mailing list -- jose@ietf.org<mailto:jose@ietf.org>
To unsubscribe send an email to jose-leave@ietf.org<mailto:jose-leave@ietf.org>