Re: [jose] RFC 8037 "alg" quirkiness
Jim Schaad <ietf@augustcellars.com> Sun, 20 September 2020 07:07 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 73F783A0CB5 for <jose@ietfa.amsl.com>; Sun, 20 Sep 2020 00:07:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kPKh2j12FOx6 for <jose@ietfa.amsl.com>; Sun, 20 Sep 2020 00:07:54 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B3423A0BFD for <jose@ietf.org>; Sun, 20 Sep 2020 00:07:54 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sun, 20 Sep 2020 00:07:29 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: jose@ietf.org
References: <1a84f81d-c7bd-9961-9f5c-e6c358fc1095@gmail.com> <039901d68ed6$2ed27ba0$8c7772e0$@augustcellars.com> <83d038c3-f475-6d17-0d57-946a6ce889c5@gmail.com>
In-Reply-To: <83d038c3-f475-6d17-0d57-946a6ce889c5@gmail.com>
Date: Sun, 20 Sep 2020 00:07:27 -0700
Message-ID: <03b701d68f1c$b4266640$1c7332c0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIRfeCT23E7ULVkfNVtfdFMcnJlbAIxEG8fAYgYAyqo3XRFMA==
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/9NPaKMPkQPREWOvx9n50Up2clcQ>
Subject: Re: [jose] RFC 8037 "alg" quirkiness
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 20 Sep 2020 07:07:56 -0000
-----Original Message----- From: Anders Rundgren <anders.rundgren.net@gmail.com> Sent: Saturday, September 19, 2020 11:25 PM To: Jim Schaad <ietf@augustcellars.com>; jose@ietf.org Subject: Re: [jose] RFC 8037 "alg" quirkiness On 2020-09-20 00:42, Jim Schaad wrote: > Jumping back to the start. It seems that your mail system generates duplicates. FWIW, here is how the quirk manifests itself in my JOSE library: JSONObjectWriter setSignatureAlgorithm(JSONObjectWriter joseObject, SignatureAlgorithms signatureAlgorithm) { return joseObject.setString("alg", signatureAlgorithm.isOkp() ? "EdDSA" : signatureAlgorithm.getAlgorithmId()); } [JLS] This draft will soon render this code incorrect. https://datatracker.ietf.org/doc/draft-ietf-lwig-curve-representations/ Presumably few cryptographic API's accept "EdDSA" as a signature algorithm. You could indeed have used "EdDSA" as signature algorithm in RFC 8410 but you did not and IMO you did the right choice. Anyway, navigating in crypto-land is often a bit challenging: https://mail.openjdk.java.net/pipermail/security-dev/2020-August/022348.html I've made my point, nothing more to add on my side :) Anders > > -----Original Message----- > From: jose <jose-bounces@ietf.org> On Behalf Of Anders Rundgren > Sent: Saturday, August 29, 2020 11:58 PM > To: jose@ietf.org > Subject: [jose] RFC 8037 "alg" quirkiness > > I have just implemented support for Edwards curves in my JSON library. > > Although it is certainly not a deal-breaker I find the use of "EdDSA" > as a generic Edwards algorithm identifier rather quirky since it > departs from the other JWS algorithms: > https://tools.ietf.org/html/rfc8037#appendix-A.4 > > [JLS] I do not find this at all in consistent with the way that the > other signature algorithms were handled, but that may just be me. For > the ECDSA algorithms, the size of the hash is specified because it > could be variable across the different curve sizes. So you can do > ECDSA with SHA-512 and P-256. The requirement to specify the hash was > needed to bring the number of options down to just those that are fixed by the curve. > > [JLS] For EdDSA, the hash function is fixed by the curve. This would > change if different hash functions where allowed for the same curve > but I do not believe that this where ever be in danger of happening > because it was strongly argued that a single hash function was the > correct approach. Since there was not a need to specify the hash > function independent of the key, there was no need to specify an EdDSA > with SHA-512 and an EdDSA with > SHAKE-256 it was not done. > > Jim > > > For curiosity reasons I took a peek at the initial draft which has (in > my > opinion...) a more logical solution: > https://tools.ietf.org/html/draft-liusvaara-jose-cfrg-curves-00#append > ix-A.4 > > May I ask why this change was performed? > > For JSF (JSON Signature Format) I will stick to the "00" scheme which > also permits use of ed25519ph and friends if needed: > https://mobilepki.org/jsf-lab/home > > thanx, > Anders > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose >
- Re: [jose] RFC 8037 "alg" quirkiness Neil Madden
- [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Ilari Liusvaara
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Neil Madden
- Re: [jose] RFC 8037 "alg" quirkiness Ilari Liusvaara
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Benjamin Kaduk
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Jim Schaad
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Jim Schaad
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren
- Re: [jose] RFC 8037 "alg" quirkiness Jim Schaad
- Re: [jose] RFC 8037 "alg" quirkiness Anders Rundgren