[jose] draft-ietf-jose-cfrg-curves
"Jim Schaad" <ietf@augustcellars.com> Wed, 02 March 2016 21:21 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4609E1B3140 for <jose@ietfa.amsl.com>; Wed, 2 Mar 2016 13:21:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.207
X-Spam-Level: *
X-Spam-Status: No, score=1.207 tagged_above=-999 required=5 tests=[BAYES_50=0.8, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bsIqaTbmn-x for <jose@ietfa.amsl.com>; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6B141B313E for <jose@ietf.org>; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 208CE2CA3E; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-jose-cfrg-curves@tools.ietf.org
Date: Wed, 02 Mar 2016 13:21:43 -0800
Message-ID: <036c01d174c9$85313c60$8f93b520$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdFq0tnAfriXZH8ESO+X/2Otz0wGpg==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/0zZOb32n3mpjQsJOjHPf-28R9uE>
Cc: jose@ietf.org
Subject: [jose] draft-ietf-jose-cfrg-curves
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 21:21:46 -0000
Given that there has been a last call on the eddsa draft in CFRG, I would like to get an update to this document. To this end I have re-read the document to provide feedback. I would encourage others to do the same. Section 1 - s/in inter-operable manner/in an interoperable manner/ * As has been discussed on the mailing list by the two of us, I would support narrowing down to having only the one from of the two signature algorithms presented. I think that a brief discussion of the reasons behind this would be appropriate to occur in this section. For the 90% case there is no problem for JOSE not to have an incremental update digest version of the signature algorithm. I will note that currently there is no streaming version of digesting for the W3C web crypto API so it would not be used for any code using that API today. Most content that JOSE signs today is small so again this is not a problem. While there is a new document which will potentially be used for large content, we do not yet know that not having a streaming digest API is a problem. If it because one then this decision can be revisited. However the potential security issues that have been brought up about confusion between the two algorithms is a problem that can be avoided. Section 2 - * After long thought and the brief discussion on the list. I am now of the opinion that eliminating "crv" and using "alg" in its place while a good idea for the signature algorithms, is problematic for the key agreement algorithm set. I would therefore encourage leaving things as it currently stands so we do not need to define a large number of new "crv" values to deal with the cross product of ECDH algorithms and OKP curves. * Given that one can define the set of required parameters, it would not matter if alg was required here and not for some other key type. If you want to mandate it be present, be my guest. Section 3.1.1 * I would agree that it makes sense to have a single algorithm values in many respects. * If one reduces the number of algorithms, does it make sense to go with two different ones - one with no pre-hash and one with pre-hash defined as ... Section 3.2 * The algorithm "Enc" is incorrect. It should be "ECDH-ES" Section 4. * I was surprised to see the comment about an RNG being needed for batch validation. I looked for similar text in the CRFG document and was not able to find it. Jim
- [jose] draft-ietf-jose-cfrg-curves Jim Schaad
- Re: [jose] draft-ietf-jose-cfrg-curves Ilari Liusvaara
- Re: [jose] draft-ietf-jose-cfrg-curves Jim Schaad
- Re: [jose] draft-ietf-jose-cfrg-curves Ilari Liusvaara