[jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

John Mattsson <john.mattsson@ericsson.com> Fri, 13 September 2024 07:30 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 488B6C180B53; Fri, 13 Sep 2024 00:30:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.156
X-Spam-Level:
X-Spam-Status: No, score=-7.156 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XMtpjiOpUBCr; Fri, 13 Sep 2024 00:30:05 -0700 (PDT)
Received: from EUR03-VI1-obe.outbound.protection.outlook.com (mail-vi1eur03on2063.outbound.protection.outlook.com [40.107.103.63]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEFC0C14F5F5; Fri, 13 Sep 2024 00:30:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=ncHs1r44l1LEVPMvIGCHGSTejhJkVl3GJzjRCNxVnRyqPPOL84QuEEOdndVaFD4rjItHST1Sq6ZOQPPLxnUsKNuq5jA4AZG840DFvgX8mCBtLZoc0B5Usw1YPOSM9p79pZVsD9uxprfSl8/ShkvRHp7IlGj6PocO6FelfHQgtOpXvBHoIiAAYzWS7370GCzaxfRyJ3dohSIw/h/iWw9KchNKXN45O+bp0IaLFDV2E1+Iluwv8ZpfoiJObjamtF++hPkGYnblQvJpZGmF9GgKNaL1NLCvd3IQttOHX++Tr7NQwlKM3R8GRrF+hkrC9ZFF7QzfiYtNMBzOHvTFOBoQgw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LA0fwmQPcQyAJBC2sZV6Jd5Wt9gOINzIBFBGTm1XZPo=; b=Xpk//PKt4p3ri/FRjnX/czlgOkglJDC3w5dtETjZrGT7vHsHiP4jdm17/73ERzbhN/PbGhgsoAtziZyn1bJZfPpmSdFO/EiuuDK/A2Kca6LIYf8r1yxYaciwRsC/RWdLLQYL8CoVrCZcgYZfqoYt4DEOF6NIxgCGrzF70e6XQg5z8AXg890DvxZrRHA1wIgUGeju4yBPj7zRnZweqoW8u+o/U2Fpybkf3StiJ9hHkNdIjTx+hG8JkW/y74AfPSIBukhfOFly9y+vOMEWUNqKMCSKIoqkOH8+NhtHYChbycuan56PGwtcUrOCb6x1ZM2Se4U7WAa82TU0LuxRj/xmAA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LA0fwmQPcQyAJBC2sZV6Jd5Wt9gOINzIBFBGTm1XZPo=; b=zDGbn6ktM5HZIImO0+DFqZwF4fm57Aw2JSiTp5agtYKUb+zepTeECxw/Zt+q+c89GnVry1KPhviofsmQ5dc17fomLRqqKSG6qagbPGJSvRIArC3fkhcWhwH1qcK5NxbWB/FHKRsiu5WTAY95Qd1nTZhiBX3DpLvsxoeQ9qaLnimnqKns+OifrjvBe/Oxsu+BigpM9Ob+ONHPT23Lu2r668cV0i5Lo622ReuKgsx+delrIooo1Ury5zM/YxWmM48eLVj+OoOj/4bfszAndjA+Z7p8VozcjPkeLOQMGI+KJfu+pjC7/LFvndNba+Vgz+yPA7GIbWtv7CjdHW77Cz8ScQ==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by PAXPR07MB9643.eurprd07.prod.outlook.com (2603:10a6:102:24a::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7939.23; Fri, 13 Sep 2024 07:30:01 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%4]) with mapi id 15.20.7962.016; Fri, 13 Sep 2024 07:30:01 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: JOSE WG <jose@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHbBTORkL4eFrwuCkm6VvjW76d/ebJVP3+AgAADVlI=
Date: Fri, 13 Sep 2024 07:30:01 +0000
Message-ID: <GVXPR07MB9678668C56EB63D7453F5E6989652@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com> <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com>
In-Reply-To: <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|PAXPR07MB9643:EE_
x-ms-office365-filtering-correlation-id: 1c0bf5bf-f682-472f-787a-08dcd3c5e0e4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|1800799024|4022899009|376014|38070700018;
x-microsoft-antispam-message-info: fNROIGvGw4D0ntVilc6MEjFC0wdPqzvEY1v1q7m7GLLlqxJc3q2kWAPg/vURAaU+lH9M/5CDKZb8nWK++dgPrLW9M+kE5c1l332Mhs+vQvIHCEkPQs/AuADn3gIFDzWnvpTT6Yev12xRuRSLeBUDmlz0vo8MejbQUWdqMYNgka6ZvKwbdz1a+JKK5ob/oFgE1/2yXYV4sQCpAfemgyPSBeip86KUAStvqODsNv/Er622jvwTMG5urB5JKIoUlinsruyCzZ6a/09Fz/yphaNyjN8Sx+l49f9eBRSU6Teu5i6v25pEtHMMnVHgK8v4qjXe/evA8boAXzG28o6p6kEqj8L7quYdOR8iNNYe9lZSYPn59d18LiaHHJyUvggjDp6cAVAWeaDbhnP7xW7kSEAvfoNXdzHR6b0nqZTIhSBTHDF+jLQH7bt2077vvlw93Tx+C5DJIAhscD5ugHx++ZAk3rfF7wf3UGw8LHdzA3Q4DPKnf6jvJQdyT1xJO5mfEBiVc2b3xguRgIAHYlhta4htXqUGdn+OkSKcNIL8BiYOCOaPhEs01u8YZZYoHyhfr67YJjd4eIOI0DWP5T0Z11aEz2IIyKS+YrzOx/8NmZtpsgChwP4sgAKUtTZysrdi3pfrwA4tHbAB+Sz8oHNFsffXzdPhxgq9gSyfwvjM53y7Hs8kJmtNC322F3Bc2AGJ00UqiEZDs3IKApDsexGNIlYfVFdfeNLN6OlYnFstYfwP8ElwKKxRv6sj6ATrsZ1T4PeFMEHUoTjvi0clv54o+vCWzKG1CZuYUCFjJrlITidh/MElrl31Py7DzQOdLKQ88bgWQn55/aK1nWhX1uTJBXzfvZKctOSP1RcsTiz2KbZhE9jviRF/Pt+G0fop7kWKLWvno4/7RmjWFB66KVqSlOFJV19yEvGbe8flEWHqNO1NVQDqo3aQe9X4j5HwBR+8Qdv26A8DwFWHgCt9r3GlF0+G+vRBLbkbXXfvUaPaHgevbUGhVdPpMAofzc8S52vHqmGAoXpAJ3e3cHpuQ9bSWPaB/WjHgt4YwjFZ03eXD0+soNJNGjv8f+oXkcey4n9fmCS7tVIHZZTfBKYTiUyV6MDZCnmLExjwrWEx5Pzq+G4C2sjTNT3Kuq/Yfn+/R5EOP6iMDGzfeisFkWWqq1ZgRzXAb8A4r2hoRRjfuht25IsgGlUXAWa+XKEGD44bSNkF5tOsEAyxXPSFSqPUvKY0wV0N5Yf1F5pIWDPniG5MSyg+v0dpAigdBWeRsQvQ2qxWr6oTl5hXw0WezRPLgj0qeSgdTaIrnmvwU+A0j/t14mB0mFanMaXvly7ZDroFbaskPVtjTQwXCfPa4sxFh8Far7JUxWqlN8VHDwB82AEqH8/XAFs5ojzPZTzd4zb7H9CkuM9aPfRhiDjkFAB0gGwOMfjTEQ==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(366016)(1800799024)(4022899009)(376014)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: oOAlfGk02XghNbMY/oxLTMhm02WUep2nXHwP1eMPNXxpzgLluzDRjHfP6/jC5iwV2A8uorZ2cXZvRGvaxsJpzIVmAioGHBmRI14CWeqOoo983lkrdDdcb+/p2QxSfz/FmNtuQFXtQQe6qCrcsuJgvO4bVDqrSa/aXEcC/WXgcAuuwsRDO69QhJ5JCtC9TVugarxPXKN8HRCswTrwr2pUyIvWVVpRvMzgTm1AAGGji6zthjmt8hoLqCMU2GdPksZtXX3n5mYeuynRd793jEHCiE71riEGPVzFBGEZLA8XMWpw+e0SB8q7hiBLWg+9F6vzVmDvwy3PIMMSAbNqZaXmC7IBXQvMbzU5rHleeMheXWXTisljiMqiklCFbo25ysGOLXRYgcaqSkq7Io9syj7WmQt+ai8+wik3IucM1K3BySyjjmg+Z0xAv0+Kk/MpXRa3vaFjnIZX9kQ7DUqC349PtyJ2MFbF3gIqaRBi5fs/yxot0EngigfEbmqFwS+JIbFupsGx8P0AL3+qFdkumnue5ca8DR1VvxyTKMT8C/EPIjwk3VSiykozB8rlfGHCyRovEeG6Uh5/5jS1MhE5aq8ciPIAM+WAN82ezLE3vN1eBYBU6OheocI5W+pK+tvp1U+1sa45Ves+hxM5YMo9DAcpNS61BAOOv3JodY8I9ELsOgqnMRPnhffvE6exaLbA1MbPTaVjHUC06nl72IPO6g8rfyltVrhI+DzTBm1o9e7UkU29xKopUh9goTbSZ2O+oW31BUDGtbIIcVAt2bEtydK+C31Bdkx6d0p5qLWG+bmhpLcu2JyIaBr3CMVhhTmMyo+ENFiv6/Dr7SEem0H1VwcHcQsj1HlttRyx+cRkmB8/xcRN8eQlvZYbV0VUVasXAUJtwYfxIp1vd+CErtgVM2mgB2yZIj9ZU96hEZOPsrHm74FyL6nGg7ADBmJbGm4Z4tkAs36M3pEPAK8rr4xAn0gTEijvGMeYZEKJLZNCKqI7eZkbLn4u9Y3GTMApRACsBoS157gN4CfK2O6vyvhdA1bfLmyCfoTcukmo6u2idSdG/FwScVDL6iYHzOy5YpVlenpYnFNQKPoLAhz0T3WuFQls84Za62eutwe3hiovBmK4KbHkShlpXFS8bcrOr1UlNL5REZ+19kwBG62t1TQe5O/Wg9gk7GXwjQ7AHQ74c71H4dcjl8yC9baJYrMuBedk3OsFbtA0R6UEcLrDQYYHVuQ8PDwZ3YbUGIWm973Xgjqe/SDY/l91/Gxepx7DGaC3j6PZo2IbP9OfTOEv+IKYchTlSlHTREdCJMQ6FbULLbfXEEOQesEIMEPQY3bRDy0GGS1j1zCxBtdCncJjO7e7D+VJqD2Re6zR5MxgoHQW4BO7d3inxsT1l6264ncs60+JX79mygSzb7+wS5vkiHfTYqZ8OZkbQZHibao2P60rZ990Yarbwh5PT8weji9FKq305BugQK5Xv5N83Ier9TLFNmw6IvHe0Hp41Xiv1JQhY7uxAJ3VBIFuszeYiAXmNJEF6cIKZ8+Kec8I5/jQA9pUyYgmSKi7peRQckRvHvhz+p+MWASjYF6fiW4iZkvOByv7xAyKjx0YuuaZLkcpLfeQCBOPFF1Eny8hDH4zJG/t5LaJGsg=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB9678668C56EB63D7453F5E6989652GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1c0bf5bf-f682-472f-787a-08dcd3c5e0e4
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Sep 2024 07:30:01.4465 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: fYNl3DnCsxHfhYTNsvSsq8p2BdmZZu5wnxnTgPjFCGbdXdhezSvqNkuKhzXpJyeUd8MmBybYMsHleMeITxAQPZw37XD06KvxS+sAlMBqxRM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PAXPR07MB9643
Message-ID-Hash: XCAITVBHLJZ2FGSKNNBECS4RPZLXJGPK
X-Message-ID-Hash: XCAITVBHLJZ2FGSKNNBECS4RPZLXJGPK
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Neil Madden <neil.e.madden@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/FLzFA977RAEhchLQTMHoOAafzr0>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

Hi,

As an individual, I agree with Neil’s comments.
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/

I have also pointed out in a separate mail that the following sentence in not true:

”This is not a problem in practice, because RSA libraries accommodate keys of different sizes without having to use different code.”

In addition to limitations on key length nlen, it is not uncommon that RSA implementations have limitations on the exponent e.

I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain parameters (p, a, b, G, n, h) are treated completely differently. You can definitely not expect RSA to work without considering the domain parameters in the key.

As Neil states:

“the definition of “fully-specified” that this draft proposed is arbitrary and inconsistent”

This is a major problem as the draft formally updates the COSE and JOSE IANA registries with

”Only fully-specified algorithm identifiers may be registered.”

I therefore do not think the document is ready to proceed in its current state.

Cheers,
John (as an individual)

From: Neil Madden <neil.e.madden@gmail.com>
Date: Friday, 13 September 2024 at 08:20
To: Karen ODonoghue <kodonog@pobox.com>
Cc: JOSE WG <jose@ietf.org>, cose@ietf.org <cose@ietf.org>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
As myself and Filip Skokan have pointed out, the wording of section 3.1 currently (I believe accidentally) outlaws all of the ECDH-ES encryption algorithms, and any future KEM-based algorithms. So no, even if you support the idea, the document is not ready.

— Neil

> On 12 Sep 2024, at 17:48, Karen ODonoghue <kodonog@pobox.com> wrote:
> JOSE and COSE working group members,
>
> This WGLC is currently scheduled to conclude on 13 September
> (tomorrow). I am not currently comfortable with the number and clarity
> of responses received. Please respond clearly indicating whether or
> not you think this document is ready to proceed (pending the comments
> raised in your response). To give you all a bit more time, I'm
> extending the WGLC one week to next Friday (20 September 2024).
>
> Please take a few minutes and review the updated draft!
>
> Thanks,
> Karen
>
> On Wed, Aug 21, 2024 at 11:10 AM Karen ODonoghue <kodonog@pobox.com> wrote:
>>
>> JOSE working group members,
>>
>> This email initiates a second working group last call for the Fully
>> Specified Algorithms document:
>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Caed730693567405a8acf08dcd3bc2ca0%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638618052367868814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=UXGs%2Fm4hrVoHQo2ToGNDV0LhOgIV1OTqoZJ62NwlQJ0%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/>
>>
>> The authors have updated the draft based on WGLC comments and
>> discussions at IETF 120, and the chairs have polled the working group
>> about the readiness for WGLC. Seeing no opposition, we've decided to
>> proceed with a second WGLC.
>>
>> Please review the document in detail and reply to this message
>> (keeping the subject line intact) with your opinion on the readiness
>> of this document for publication and any additional comments that you
>> have.
>>
>> This will be a three week WGLC. Please submit your responses by 13
>> September 2024.
>>
>> Thank you,
>> Karen (for the JOSE WG chairs)
>
> _______________________________________________
> jose mailing list -- jose@ietf.org
> To unsubscribe send an email to jose-leave@ietf.org

_______________________________________________
jose mailing list -- jose@ietf.org
To unsubscribe send an email to jose-leave@ietf.org