[jose] Re: To be covered topic? draft-tschofenig-jose-cose-guidance
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 25 July 2024 20:45 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC599C151996; Thu, 25 Jul 2024 13:45:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ucQ_SfoM9TTy; Thu, 25 Jul 2024 13:45:15 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1b.welho.com [83.102.41.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E113C15198C; Thu, 25 Jul 2024 13:45:13 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id CDA7B1C3E1; Thu, 25 Jul 2024 23:45:10 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id 7uutfx9VYQbd; Thu, 25 Jul 2024 23:45:10 +0300 (EEST)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 86520230A; Thu, 25 Jul 2024 23:45:08 +0300 (EEST)
Date: Thu, 25 Jul 2024 23:45:08 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: jose@ietf.org, cose <cose@ietf.org>
Message-ID: <ZqK5VBs9LI8N6KI8@LK-Perkele-VII2.locald>
References: <CAOZByRDn4+NkJis=B10SvNb28cvn2KKFg1ZLOwCE2oCw=Y7bQQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <CAOZByRDn4+NkJis=B10SvNb28cvn2KKFg1ZLOwCE2oCw=Y7bQQ@mail.gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: C3HNBJ6REA3QFFV5EXRYTCT7QJ7E2CTL
X-Message-ID-Hash: C3HNBJ6REA3QFFV5EXRYTCT7QJ7E2CTL
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: To be covered topic? draft-tschofenig-jose-cose-guidance
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/0Mye35W_-VLP-LzqWk1zmJybzwM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Thu, Jul 25, 2024 at 12:55:27PM +0900, Ken Takayama wrote: > Dear JOSE and COSE folks, especially the authors, > > When I read this document, I feel that only key identification is covered. > Here I listed several topics that might be better to be covered, > hoping some of them are helpful to you. > > ## Recommendations for JOSE/COSE Implementers > > These recommendations are mainly for library implementers because > - most implementers of senders and recipients want to use libraries > because they don't want to encode/decode JOSE nor COSE messages > - since library users have less knowledge of the payload wrapper, the > library interfaces should be designed carefully and provide some > security mechanisms Yes, library API design is really important for security. > I assume that the library functions take three arguments to > encode/decode the messages: payload or COSE/JOSE message, key or its > material, and KDF input filled by the senders and recipients. > > [JOSE, COSE] Implement alg parameter for jwk and COSE_Key > - encourage/force the users to use it to avoid misuse of the key > inside the library Then there is middle ground of requiring alg for symmetric keys but not for asymmetric ones. The two seem really different. > [JOSE, COSE] Disable Prohibited/Deprecated algs by default > - enable them only with explicit request from the users > - e.g. flag arguments, splitted functions, compiler options, etc. > - warn users the risk of using them, and navigate users to RFC 9459 for COSE Better yet, don't implement unsafe algorithms at all. "Disabling" algorithms is much harder than it looks. There is litany of CVEs where supposedly "disabled" algorithm rose like zombie from grave. [COSE] How to mitigate the LAMPS attack in implementation. - Ideally, don't implement unauthenticated encryption. -Ilari
- [jose] To be covered topic? draft-tschofenig-jose… Ken Takayama
- [jose] Re: To be covered topic? draft-tschofenig-… Ilari Liusvaara