Return-Path: <david@alkaline-solutions.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
	by ietfa.amsl.com (Postfix) with ESMTP id 63536C151990;
	Tue, 17 Sep 2024 16:17:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level: 
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5
	tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
	DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
	RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001,
	SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001,
	URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001]
	autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
	header.d=alkaline-solutions.com
Received: from mail.ietf.org ([50.223.129.194])
	by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id tgljAoBPy74o; Tue, 17 Sep 2024 16:17:20 -0700 (PDT)
Received: from mail.alkaline-solutions.com (caesium6.alkaline.solutions
 [157.230.133.164])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature ECDSA (P-256))
	(No client certificate requested)
	by ietfa.amsl.com (Postfix) with ESMTPS id 1B3C0C14CEFC;
	Tue, 17 Sep 2024 16:17:20 -0700 (PDT)
From: David Waite <david@alkaline-solutions.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=alkaline-solutions.com;
	s=dkim; t=1726615039;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 in-reply-to:in-reply-to:references:references;
	bh=kIIJSr2iKWNFJolTFhMOFOwhlDAdqYVE8ERPRJ9i5iA=;
	b=U4qKBPB4Wz9BBkB5WNvNkAg1bTh94kiYXjZYoPmBnx+2y/Y3XLhNKKlcwsbNBwwCozhVR5
	sNwPiH8m3+EoOShk35Xa7tmT7ygo4LNp2GkvuBid+OQUh2wyySn/+tM0ALbUF9Cztl3+D3
	pgwJoDOCRZlXijKWs59/s29EEVXi+y2JeldE7+Ycvq/50Zkonlj20ub7x1GWNkYBcPEsUc
	rPMjceooFa9Fuytlj9P9KLhQgI3QmmlumTy07tNawycP/0q0F7f6uZf+94xhrKbPJi1Aib
	ccyYopF91Qq2SXZFLbH/B5vjF0gZ6eU2qlOcIRvBpcd0RyUMRiUcgVkyu/zy0Q==
Authentication-Results: mail.alkaline-solutions.com;
	auth=pass smtp.mailfrom=david@alkaline-solutions.com
Message-Id: <769754A3-AAD0-4630-AEBC-4A4B0553ACBB@alkaline-solutions.com>
Content-Type: multipart/alternative;
	boundary="Apple-Mail=_01C86386-126E-48C1-8D29-D8017A97F2F4"
Mime-Version: 1.0
Date: Tue, 17 Sep 2024 17:17:07 -0600
In-Reply-To: 
 <GVXPR07MB9678668C56EB63D7453F5E6989652@GVXPR07MB9678.eurprd07.prod.outlook.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
References: 
 <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com>
 <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com>
 <GVXPR07MB9678668C56EB63D7453F5E6989652@GVXPR07MB9678.eurprd07.prod.outlook.com>
X-Spamd-Bar: +
Message-ID-Hash: GXVLJWNCAPELSSQZJZJVCJFIKFOBDSXE
X-Message-ID-Hash: GXVLJWNCAPELSSQZJZJVCJFIKFOBDSXE
X-MailFrom: david@alkaline-solutions.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-jose.ietf.org-0;
 nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size;
 news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>, "cose@ietf.org" <cose@ietf.org>,
 Neil Madden <neil.e.madden@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: =?utf-8?q?=5Bjose=5D_Re=3A_2nd_WGLC_for_draft-ietf-jose-fully-specified-algo?=
 =?utf-8?q?rithms_=28Fully_Specified_Algorithms=29?=
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: 
 <https://mailarchive.ietf.org/arch/msg/jose/BpdCA1CA0eXIJ7_g8L0-H9pwAvI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>


--Apple-Mail=_01C86386-126E-48C1-8D29-D8017A97F2F4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=utf-8



> On Sep 13, 2024, at 1:30=E2=80=AFAM, John Mattsson =
<john.mattsson=3D40ericsson.com@dmarc.ietf.org> wrote:
>=20
> Hi,
>=20
> As an individual, I agree with Neil=E2=80=99s comments.
> =
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/
>=20
> I have also pointed out in a separate mail that the following sentence =
in not true:
>=20
> =E2=80=9DThis is not a problem in practice, because RSA libraries =
accommodate keys of different sizes without having to use different =
code.=E2=80=9D
> =20
> In addition to limitations on key length nlen, it is not uncommon that =
RSA implementations have limitations on the exponent e.

Could you provide more information here? I am only aware of a few =
implementations (notably one included in Microsoft Windows) requiring it =
to be a 32-bit value, not that they mandate 65537 or the like.

>=20
> I have a hard time seeing why RSA domain parameters (nlen, e) and ECC =
domain parameters (p, a, b, G, n, h) are treated completely differently.

JOSE and COSE already only allow named curves to be specified, so =
discussion of custom curve definitions may be getting out of scope here.

Starting early with domain parameters being specified meant that RSA =
implementations were expected to be able to operate over a range of =
parameters for interoperability. There are also expectations that you =
can evaluate the RSA parameters at runtime for appropriateness (such as =
e needing to be odd)

Starting early with pre-defined curves meant that a select set of curves =
were often built into software, that was put into firmware, and =
sometimes even used to design silicon. I do not know of a way to =
evaluate the properties/safety of a custom curve at runtime.

<snip>

-DW=

--Apple-Mail=_01C86386-126E-48C1-8D29-D8017A97F2F4
Content-Transfer-Encoding: quoted-printable
Content-Type: text/html;
	charset=utf-8

<html><head><meta http-equiv=3D"content-type" content=3D"text/html; =
charset=3Dutf-8"></head><body style=3D"overflow-wrap: break-word; =
-webkit-nbsp-mode: space; line-break: after-white-space;"><br =
id=3D"lineBreakAtBeginningOfMessage"><div><br><blockquote =
type=3D"cite"><div>On Sep 13, 2024, at 1:30=E2=80=AFAM, John Mattsson =
&lt;john.mattsson=3D40ericsson.com@dmarc.ietf.org&gt; wrote:</div><br =
class=3D"Apple-interchange-newline"><div><meta charset=3D"UTF-8"><div =
class=3D"WordSection1" style=3D"page: WordSection1; caret-color: rgb(0, =
0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; =
font-variant-caps: normal; font-weight: 400; letter-spacing: normal; =
text-align: start; text-indent: 0px; text-transform: none; white-space: =
normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; =
text-decoration: none;"><div style=3D"margin: 0cm; font-size: 12pt; =
font-family: Aptos, sans-serif;"><span lang=3D"SV" style=3D"font-size: =
11pt;">Hi,<br><br><o:p></o:p></span></div><div style=3D"margin: 0cm; =
font-size: 12pt; font-family: Aptos, sans-serif;"><span lang=3D"EN-US" =
style=3D"font-size: 11pt;">As an individual, I agree with Neil=E2=80=99s =
comments.<br></span><span style=3D"font-size: 11pt;"><a =
href=3D"https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4Y=
zghA/" style=3D"color: blue; text-decoration: =
underline;">https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgH=
bG4YzghA/</a></span><span lang=3D"EN-US" style=3D"font-size: =
11pt;"><br><br>I have also pointed out in a separate mail that the =
following sentence in not true:<br><i><br>=E2=80=9D</i></span><i><span =
style=3D"font-size: 11pt;">This is not a problem in practice, because =
RSA libraries accommodate</span></i><i><span style=3D"font-size: =
11pt;"><span =
class=3D"Apple-converted-space">&nbsp;</span></span></i><i><span =
style=3D"font-size: 11pt;">keys of different sizes without having to use =
different code.</span></i><i><span lang=3D"EN-US" style=3D"font-size: =
11pt;">=E2=80=9D</span></i><i><span style=3D"font-size: =
11pt;"><o:p></o:p></span></i></div><div style=3D"margin: 0cm; font-size: =
12pt; font-family: Aptos, sans-serif;"><span style=3D"font-size: =
11pt;"><o:p>&nbsp;</o:p></span></div><div style=3D"margin: 0cm; =
font-size: 12pt; font-family: Aptos, sans-serif;"><span lang=3D"EN-US" =
style=3D"font-size: 11pt;">In addition to limitations on key length<span =
class=3D"Apple-converted-space">&nbsp;</span><i>nlen</i>, it is not =
uncommon that RSA implementations have limitations on the exponent<span =
class=3D"Apple-converted-space">&nbsp;</span><i>e.<br></i></span></div></d=
iv></div></blockquote><div><br></div>Could you provide more information =
here? I am only aware of a few implementations (notably one included in =
Microsoft Windows) requiring it to be a 32-bit value, not that they =
mandate 65537 or the like.</div><div><br><blockquote =
type=3D"cite"><div><div class=3D"WordSection1" style=3D"page: =
WordSection1; caret-color: rgb(0, 0, 0); font-family: Helvetica; =
font-size: 12px; font-style: normal; font-variant-caps: normal; =
font-weight: 400; letter-spacing: normal; text-align: start; =
text-indent: 0px; text-transform: none; white-space: normal; =
word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: =
none;"><div style=3D"margin: 0cm; font-size: 12pt; font-family: Aptos, =
sans-serif;"><span lang=3D"EN-US" style=3D"font-size: =
11pt;"><i><br><o:p></o:p></i></span></div><div style=3D"margin: 0cm; =
font-size: 12pt; font-family: Aptos, sans-serif;"><span lang=3D"EN-US" =
style=3D"font-size: 11pt;">I have a hard time seeing why RSA domain =
parameters (<i>nlen, e)</i><span =
class=3D"Apple-converted-space">&nbsp;</span>and ECC domain =
parameters<span class=3D"Apple-converted-space">&nbsp;</span><i>(p, a, =
b, G, n, h)</i><span class=3D"Apple-converted-space">&nbsp;</span>are =
treated completely differently. =
</span></div></div></div></blockquote><div><br></div><div>JOSE and COSE =
already only allow named curves to be specified, so discussion of custom =
curve definitions may be getting out of scope =
here.</div><div><br></div><div>Starting early with domain parameters =
being specified meant that RSA implementations were expected to be able =
to operate over a range of parameters for interoperability. There are =
also expectations that you can evaluate the RSA parameters at runtime =
for appropriateness (such as e needing to be =
odd)</div><div><br></div><div>Starting early with pre-defined curves =
meant that a select set of curves were often built into software, that =
was put into firmware, and sometimes even used to design silicon. I do =
not know of a way to evaluate the properties/safety of a custom curve at =
runtime.</div><div><br></div><div>&lt;snip&gt;</div><div><br></div><div>-D=
W</div></div></body></html>=

--Apple-Mail=_01C86386-126E-48C1-8D29-D8017A97F2F4--