Re: [jose] Comments on draft-liusvaara-jose-cfrg-curves-00
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 23 December 2015 06:47 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 821161ACD38 for <jose@ietfa.amsl.com>; Tue, 22 Dec 2015 22:47:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.91
X-Spam-Level:
X-Spam-Status: No, score=-1.91 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RLtE1RfnVjoi for <jose@ietfa.amsl.com>; Tue, 22 Dec 2015 22:47:01 -0800 (PST)
Received: from welho-filter1.welho.com (welho-filter1.welho.com [83.102.41.23]) by ietfa.amsl.com (Postfix) with ESMTP id 177BC1ACD37 for <jose@ietf.org>; Tue, 22 Dec 2015 22:47:00 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id F2CE025B; Wed, 23 Dec 2015 08:46:58 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id ndmEFpqcB9Ae; Wed, 23 Dec 2015 08:46:58 +0200 (EET)
Received: from LK-Perkele-V2 (87-92-35-116.bb.dnainternet.fi [87.92.35.116]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 7D44C138; Wed, 23 Dec 2015 08:46:58 +0200 (EET)
Date: Wed, 23 Dec 2015 08:46:53 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Jim Schaad <ietf@augustcellars.com>
Message-ID: <20151223064653.GA24022@LK-Perkele-V2.elisa-laajakaista.fi>
References: <00e001d13d1b$09519d50$1bf4d7f0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <00e001d13d1b$09519d50$1bf4d7f0$@augustcellars.com>
User-Agent: Mutt/1.5.24 (2015-08-30)
Sender: ilariliusvaara@welho.com
Archived-At: <http://mailarchive.ietf.org/arch/msg/jose/E3FtulnsqybQA4vDnwDaqor37Pk>
Cc: jose@ietf.org
Subject: Re: [jose] Comments on draft-liusvaara-jose-cfrg-curves-00
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Dec 2015 06:47:05 -0000
On Tue, Dec 22, 2015 at 04:44:09PM -0800, Jim Schaad wrote:
> Here are some comments on the current draft.
>
> * Abstract: The abstract needs to be expanded to include the names of the
> algorithms that are being included here. (Note that references in an
> abstract are not considered kosher so don't do that.) You need to be able
> to read the abstract without the rest of the document and be able to decide
> if it is the correct document.
Did add the algorithm names.
> * Section 1: Putting a reference to the new algorithms in the first
> sentence would be a reasonable edit. I would also probably at least
> consider putting the set of algorithms here by name. Think of reading the
> introduction in 10 years when a new set of algorithms has been created.
Did add the algorithm names and references.
> * Section 1: The IETF does not have the concept of extending documents.
> Documents generally fall into the categories of a) stand alone, b) updates
> an existing document, c) obsoletes and existing document. The second
> paragraph either should be removed or re-phrased. Possibly something along
> the lines of "This document defines the conventions to be used in the
> context of [JWA] and [JWK]." Although I am not sure that I even care for
> that.
Changed the prhrasing to be in line with that.
> * Section 1.2: I am not sure that this qualifies as being notation. I
> would probably change the title
Moved it to section 1 (it is just one paragraph).
> * Section 2: In response to a question that you had asked earlier on the
> list, but which I did not respond to at the time. I believe that you could
> define any of the existing parameter to be a required parameter for a new
> key type. You would need to have a good justification for doing so, but it
> would be possible to define 'alg' as a required parameter for the key type
> 'OKP'. Having to do simple checks for things like
> {"kty":"OKP","crv":"Ed25519", "alg":"Ed25519p", "x":"...."} as being
> illegal seems problematic.
OHOH, merging the things may cause problems with X25519 and X448. Since
those are used with ECDH-ES, which currently seems to be used with 4
algorithms (direct keying and 3x AES-KW with different keysizes).
OTOH, the other types have just one algorithm they work with.
> * Section 2: You have introduced the term 'subtype of the key' without
> making it clear where this term is coming from. This is not a field in the
> registry as seems to be implied by the text.
Since OKP is a new keytype, I thought I need to define fields for it.
Noticed that IANA considerations has a typo: It still refers to "algorithm
group" instead of "key subtype" (I changed the terminology at some point,
but that got left).
> * Section 2: If you don't like the terms crv and x, perhaps you should
> seriously think about using different names for these fields. That is the
> feeling I am getting from the Note in this section.
The draft originally did use different names, but various people in the
WG wanted those to be "crv" and "x", damn what that impiles about the
meaning.
> * Section 3.1.1: For formatting I would remove the colons in the table.
Removed in internal copy.
> * Section 3.1.1: The table is a bit confusing given that all of the columns
> have the same value. Without a better description of the headers I don't
> find it to be very useful.
This is artifact of having different alg values for what is logically the
same operation with different keys.
> * Section 3.1.1: I think that I have a real problem with the concept of all
> of the parameters of a signature algorithm being defined by the "crv" field
> rather than the "alg" field. This seems to be a real misuse of what crv
> currently represents. If you do combine things into one algorithm I would
> really do some renaming of the key fields. (See note above on use of 'alg'
> instead of 'crv'.)
See above.
> * Section 3.1.2 and 3.1.3: Yes - I like the fact that there is not a full
> description of the signature processing here!!!
I only put in what goes where. There aren't a lot of values invovled.
> * Section 3.2 - what is the 'alg' parameter supposed to be here? It is not
> in the table. (See above notes on the table.)
AFAICT: "enc", "ECDH-ES+A128KW", "ECDH-ES+A192KW" or "ECDH-ES+A256KW"
(which are the ECDH-ES -type things).
> * Section 3.2.1 - You need to specify what the KDF to be used is.
Standard ECDH-ES KDF processing from JWA. I added a reference to JWA
section 4.6.2 in internal copy.
> * Section 4 - s/information what key/information about what key/
Fixed on internal copy.
-Ilari
- [jose] Comments on draft-liusvaara-jose-cfrg-curv… Jim Schaad
- Re: [jose] Comments on draft-liusvaara-jose-cfrg-… Anders Rundgren
- Re: [jose] Comments on draft-liusvaara-jose-cfrg-… Ilari Liusvaara
- Re: [jose] Comments on draft-liusvaara-jose-cfrg-… Ilari Liusvaara
- [jose] Std Java key representation of OKP in draf… Vladimir Dzhuvinov
- Re: [jose] Std Java key representation of OKP in … Anders Rundgren
- Re: [jose] Std Java key representation of OKP in … Vladimir Dzhuvinov
- Re: [jose] Std Java key representation of OKP in … Anders Rundgren
- Re: [jose] Std Java key representation of OKP in … Vladimir Dzhuvinov