[jose] Re: [COSE] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

Michael Jones <michael_b_jones@hotmail.com> Mon, 21 October 2024 19:50 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C6321C1840C6; Mon, 21 Oct 2024 12:50:14 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.23
X-Spam-Level:
X-Spam-Status: No, score=-1.23 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VF8UvTal2aPU; Mon, 21 Oct 2024 12:50:14 -0700 (PDT)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11olkn2085.outbound.protection.outlook.com [40.92.20.85]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 60EBFC215121; Mon, 21 Oct 2024 12:50:00 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=rs39l4oG/6AcMo8uhyQgH48aSjDjqtxky2jsOKvajiZmL2d+IluUTLpGbe75mfy+tgRX6G13PpMogEGPqMgZtV9XNCLrgPFM7cETCYK7p8lIgHIe507HBAceKoOmeOq+IX83W4CvI/PBWiouvrk0+f5xcqr/Z47xnNFhRoYXrd24pvieGUkpoW4GKuBNa19LgPMX3UgezBYNZVRWY/UZmPi1nx1aI6lr0/NwsRyXBu/wFlO2AYsdnk2JgBySHultUzZHeRx2HY5dhEWSYlV/aHN+mJxMmmhoZWbRbMkkZLRXrBawlL2FFaEKzVfJDJrjX7IAqGQDiOvoiOMhEBpiQA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U8o7RSBaCithWb40EW/KSJefH5R0tHRTkvaOrrpWgsU=; b=xaE3eEiWC+vRvWGuwmxZ19bPg/3N5O+E8Q3PzBeJcXqIUgPVWNl1LPC35lVzsstD0zUpigGWZNh5yGb4IO19Gbron0G5UqqxLMa4xJgKyOmv3wW+GLkv/RxMeKFiO0+NxQWaVxNXI/zcWnhCopErG90NWniekD4awvwU1WxwxpsN+HpZIjbMrkJTREfeHsnYjdHxnG+vvwBZm5NnCJT7X4VdgueviJpxKGRBZ1pa9frddVTtohlKb5ddemofXov87awyUdYPgqoZyi3xK1qCZxQv3Xrxgr/wrOYq+eCBnXh2pePxXJHJh7gOlSTFf5A4jo+vSctu396uIMXFQIzNWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U8o7RSBaCithWb40EW/KSJefH5R0tHRTkvaOrrpWgsU=; b=T9rJhF4FmFERmeEiT1Vf62xwgaOQ7w0+8Slw4/EoT7uD3LEZP0SEXzTiuujjlouH5urfL8mpS+5pA51Rsp0I0qEue4pv/vQV6bOUg49Gm4Jo5gzpGHdw4Ndm7MbVmu46heKFDEWHx/2RTeupDyL58K1+Y4eCHuC0H+pOIMoST4zH2QDe1n62kVISXEPZfpp5nj4LyZOxZnyFomyzskydlwd2ZY1HwUqZ4wv8mQpW3IQ08QThSpLnyaJJh5FJ7mf4E6HcwAF1N0bbTJ/ncogf3gjhThM/JBV35AKAQdmxOWeSA8uEC72HNR4+NZASzV/rG4Q3K9aVJL9WN8ms8MyC1Q==
Received: from PH0PR07MB9077.namprd07.prod.outlook.com (2603:10b6:510:107::13) by DM6PR07MB7306.namprd07.prod.outlook.com (2603:10b6:5:219::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.28; Mon, 21 Oct 2024 19:49:58 +0000
Received: from PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f]) by PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f%5]) with mapi id 15.20.8069.016; Mon, 21 Oct 2024 19:49:58 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Thread-Topic: [COSE] Re: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHbCVfLrOsGQh+YckCo3D0Cfvrf57KRmJpQ
Date: Mon, 21 Oct 2024 19:49:58 +0000
Message-ID: <PH0PR07MB90775B24073F8964AC9DC9D4B7432@PH0PR07MB9077.namprd07.prod.outlook.com>
References: <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com> <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com> <GVXPR07MB9678668C56EB63D7453F5E6989652@GVXPR07MB9678.eurprd07.prod.outlook.com> <769754A3-AAD0-4630-AEBC-4A4B0553ACBB@alkaline-solutions.com>
In-Reply-To: <769754A3-AAD0-4630-AEBC-4A4B0553ACBB@alkaline-solutions.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR07MB9077:EE_|DM6PR07MB7306:EE_
x-ms-office365-filtering-correlation-id: 4337c75d-481e-4023-0d6b-08dcf2098b4f
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|8062599003|8060799006|9400799024|12050799009|15080799006|7092599003|461199028|440099028|3412199025|4302099013|10035399004|102099032|1602099012;
x-microsoft-antispam-message-info: 2gvvp8S/hmkX+rVF9inh6XCt/vJl35CL2eNIFHPIhDbwogk9TqYUZtBy0Um05xGRlBtamRlnbhx7+GRSBShoB9Q2FzFMei+zdgL1oK7RnxJw2MxpAUKlxmfkJPTxWkMcgn98fZdJ9Yr7nD1cKt4MANRexqizWdy6FxCdXTadiqjiyLA9d7tSqbzChBYZ12o6Ri8Thdc9rzetGtjUy5V2FUDI9R0NQlBVLr2nFj1HVD8wWEUgpI+o/6nIWKmkrQgi7ue/httkYs68Y/CYmbIVhrGzzzVuMdmWr86DL1xmNmlyrCDF5+LlsHH9iqLlfeH10QeP3J7m17Nco94PmOihWz/1PlhWXccNWboKnOAxAH+DPRPIQdyCLxh31w5mmdM9zxflOFtezipX22aJFlnf/7cfvhVB3bFZLWjHiJVGcGAxPE4qN3rnNUNVUSOxV+xTgvHa/pZ8xo5pVNFmMGQsN08/vxxBLBMGeRBvv7PPnNE2EOqk+hFY0+I7E1B4PuDLl77W5OECciImSM/a/V1IWXPEiXtIlG83dUeFeuo8RrRY7BLkPr+2o0DzVJNbtbiTrOs3LxV5wa3EFH+Pa9bz7Ti9PHvXvJtPlYwBXttHDXLBtrKrFqlnf8kDBCohkU8IzjZ/T//Rs54IOBLKKxpvUDjEx2PCCbn55yi1ZXPwIK4dvGUNlf4AGKo3rBLH2/FPeCdbmbfNIRUCYcpJpo7D8jv1AbB2SpqA0W+dTyYqfe8y7zcba8NQ29DIjNY/XzFDO8ZIhcAdeNA4dD23exdUHKuRZm5qVdvPzUUt3PPYD1LW8PNVlQtcJ0QLRtrX2+Ce4hIoDalmnDdDlqSKFNHKmpUHyD3K+jBzj1F7GjrMbIH8JZvnrULPIjPk/8eMjyjoCBr6135Wy0BXRozRrHwdhtW5hCtkvt+lVgW9x4/ll8WBxgamqb3Q658N1yZDBhRjEgkwU3FfbL4PoyxLcwHCg04nfva5kXEcauNopjVmpMw=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: jvUCjWkQS6CFCN0FpYgEnJ/edlULQfSMENVh/y/gv1V7vBHEjjW8cgXQ7UQfxkT+/cW8mlz/qGRT0xolQ0nVtNFMfGeIKBeQ+5SuA1B/bs5kh3rStufdrJQ6lKuda8jH3FtQjNGw50hKIZoRwdsR5YE2w1xHJiS9t3PRshEbU2glbIZzXA2WWUJu7plYzq8CHtkG4346pQ0IUGAuWUTZKkQQ7YP4zR6UOBk/SBInQNeK99L1E8SYzWuUmJfn96nmP66tRfc/MPTIbw7GLmjwZsxomLuD8sa9OI1tXffMVDgFKhAQ3L9/FCneLRHDGZJm2nl1L1AO8GmM8cpCRj34My1MOTmAvsZkMJ5QB8npe+AizgMQjyd4u23oq9v7i+icKwK8iVs20v2z1yuzWVNGe78vXHlMRPAn8zTjFarkKUoKmUuOlRLK7YpfWtO6bZgil/H3n7AM4h3BRS4GhXrT/J5ON2aAZxemIrrJifHkAqVc7f1itk0HDRUOrSMpSd/1g0Sshopo4pTznCcThy2L1JdUv4VoxX3t8J1yjPm4GuEnOoY3kAx8vg7cTSDvziC6B4zj81DRvPcLhk37ScmzyVwnrIBpbL49RzwqbnWQESQEfIfpKJgCMD9+gIJWAG5u5FngKd5P2T57oV4O04a4+bkbO6YbgRpwaSsUs1KBQvg8Q3i8LabR0JRcLm7SDCSGo3DocJp84PWb6TB5CWFOZKSJ34HboQfyTzZqV+znMmHDAZZUH52JHYEri8HS4idMNLQqUxJ5Hf/cBLYaydnU70tc56kZxKep2+u10WwnjsKqd9cFeclM8f6b81idrSkePUuFAZm5dQa7mnWMcAdcOzIzFrB2mrVjcPb+YoMA6dlrE+7HBqSr0feaEkKz7Ygnj/wx3zNZnGhXdwj/cKpIVuzL5yETATc/DsljTfjKdH7uuOlCQ/kIIONWfvvQOORfIFVGdUdSQy/3/xEsTOwJ2tfG66fN3UgGGwpuVPnShC5g0hSozKVvHNhd63htzAJclyUkXc1Xqe/8kDqsQBCA9Gkh/ttk5kSKU8VDOs6jQEheoYwdrkdOuQ/64Y2BIQCsM4seW3IURkoB4POUlm60F41YhEVf/LKcMHgndjFbV8AWSh+b5a+PZJGb6mvkuLB8xPz5pH1gw1hJnhe3DWo4hynKfgx6UB3TwThMBgECo/t1NRS81QlyM1nTz4zNlUXSAvGuQJFYfPpKnG9Ck1nheBFmmr86foYmrCWUPLayyJ2O28pNcbMl4Scs4ZIpay9YaIyPo8diCbzbMgk5BjBfRwp/LZq72ZGJoDSMRv3YDda2RncR06bxszpRxvDJHi+w
Content-Type: multipart/alternative; boundary="_000_PH0PR07MB90775B24073F8964AC9DC9D4B7432PH0PR07MB9077namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7741-18-msonline-outlook-99cdb.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR07MB9077.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 4337c75d-481e-4023-0d6b-08dcf2098b4f
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2024 19:49:58.5480 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR07MB7306
Message-ID-Hash: FAQSLRGDLYDOPV7JQ4736M2ASKMVNOXA
X-Message-ID-Hash: FAQSLRGDLYDOPV7JQ4736M2ASKMVNOXA
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>, "cose@ietf.org" <cose@ietf.org>, Neil Madden <neil.e.madden@gmail.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [jose] Re: [COSE] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/3Ul88LtDrckLQFHZJLAKj-1JX_g>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Thanks for your clarifying observations, DW.  See the updated text on RSA in https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-06.html that incorporates information received during the WGLC.

                                                                -- Mike

From: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>
Sent: Tuesday, September 17, 2024 4:17 PM
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: JOSE WG <jose@ietf.org>; cose@ietf.org; Neil Madden <neil.e.madden@gmail.com>
Subject: [COSE] Re: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)




On Sep 13, 2024, at 1:30 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org<mailto:john.mattsson=40ericsson.com@dmarc.ietf.org>> wrote:

Hi,


As an individual, I agree with Neil’s comments.
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/

I have also pointed out in a separate mail that the following sentence in not true:

”This is not a problem in practice, because RSA libraries accommodate keys of different sizes without having to use different code.”

In addition to limitations on key length nlen, it is not uncommon that RSA implementations have limitations on the exponent e.

Could you provide more information here? I am only aware of a few implementations (notably one included in Microsoft Windows) requiring it to be a 32-bit value, not that they mandate 65537 or the like.




I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain parameters (p, a, b, G, n, h) are treated completely differently.

JOSE and COSE already only allow named curves to be specified, so discussion of custom curve definitions may be getting out of scope here.

Starting early with domain parameters being specified meant that RSA implementations were expected to be able to operate over a range of parameters for interoperability. There are also expectations that you can evaluate the RSA parameters at runtime for appropriateness (such as e needing to be odd)

Starting early with pre-defined curves meant that a select set of curves were often built into software, that was put into firmware, and sometimes even used to design silicon. I do not know of a way to evaluate the properties/safety of a custom curve at runtime.

<snip>

-DW