IETF Logo Mail Archive

[jose] draft-ietf-jose-cfrg-curves

"Jim Schaad" <ietf@augustcellars.com> Wed, 02 March 2016 21:21 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4609E1B3140 for <jose@ietfa.amsl.com>; Wed, 2 Mar 2016 13:21:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.207
X-Spam-Level: *
X-Spam-Status: No, score=1.207 tagged_above=-999 required=5 tests=[BAYES_50=0.8, LOCALPART_IN_SUBJECT=1.107, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1bsIqaTbmn-x for <jose@ietfa.amsl.com>; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B6B141B313E for <jose@ietf.org>; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: jimsch@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 208CE2CA3E; Wed, 2 Mar 2016 13:21:44 -0800 (PST)
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-jose-cfrg-curves@tools.ietf.org
Date: Wed, 02 Mar 2016 13:21:43 -0800
Message-ID: <036c01d174c9$85313c60$8f93b520$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AdFq0tnAfriXZH8ESO+X/2Otz0wGpg==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/0zZOb32n3mpjQsJOjHPf-28R9uE>
Cc: jose@ietf.org
Subject: [jose] draft-ietf-jose-cfrg-curves
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 02 Mar 2016 21:21:46 -0000

Given that there has been a last call on the eddsa draft in CFRG,  I would
like to get an update to this document.  To this end I have re-read the
document to provide feedback.  I would encourage others to do the same.

Section 1 -
s/in inter-operable manner/in an interoperable manner/

*  As has been discussed on the mailing list by the two of us, I would
support narrowing down to having only the one from of the two signature
algorithms presented.  I think that a brief discussion of the reasons behind
this would be appropriate to occur in this section.   For the 90% case there
is no problem for JOSE not to have an incremental update digest version of
the signature algorithm.  I will note that currently there is no streaming
version of digesting for the W3C web crypto API so it would not be used for
any code using that API today.  Most content that JOSE signs today is small
so again this is not a problem.  While there is a new document which will
potentially be used for large content, we do not yet know that not having a
streaming digest API is a problem.  If it because one then this decision can
be revisited.  However the potential security issues that have been brought
up about confusion between the two algorithms is a problem that can be
avoided.

Section 2 -

* After long thought and the brief discussion on the list.  I am now of the
opinion that eliminating "crv" and using "alg" in its place while a good
idea for the signature algorithms, is problematic for the key agreement
algorithm set.  I would therefore encourage leaving things as it currently
stands so we do not need to define a large number of new "crv" values to
deal with the cross product of ECDH algorithms and OKP curves.

* Given that one can define the set of required parameters, it would not
matter if alg was required here and not for some other key type.  If you
want to mandate it be present, be my guest.

Section 3.1.1

* I would agree that it makes sense to have a single algorithm values in
many respects.  

* If one reduces the number of algorithms, does it make sense to go with two
different ones - one with no pre-hash and one with pre-hash defined as ...

Section 3.2

*  The algorithm "Enc" is incorrect.  It should be "ECDH-ES"

Section 4.

*  I was surprised to see the comment about an RNG being needed for batch
validation.  I looked for similar text in the CRFG document and was not able
to find it.

Jim

v2.23.0 | Report a Bug | By Email