IETF Logo Mail Archive

Re: [jose] Call for Adoption: draft-jones-jose-fully-specified-algorithms

Simo Sorce <simo@redhat.com> Tue, 09 January 2024 20:25 UTC

Return-Path: <simo@redhat.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CFEB4C151995 for <jose@ietfa.amsl.com>; Tue, 9 Jan 2024 12:25:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.603
X-Spam-Level:
X-Spam-Status: No, score=-0.603 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_SORBS_WEB=1.5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhat.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LXvIOzFiXVJY for <jose@ietfa.amsl.com>; Tue, 9 Jan 2024 12:25:56 -0800 (PST)
Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 04FDDC151990 for <jose@ietf.org>; Tue, 9 Jan 2024 12:25:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1704831955; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=plyU5iBmVb0Z7/DhFi2M/S6PONa3K3voZzaxa2ITDns=; b=B/AXsdUt9iUdDnhW4lsTsgtGBe07M9NkMfZVXbNp6QSpBMD6XTEYSjgVBaO4/po4gvApm6 d4yiaE7He0jP/YAF8M3Xb/ibYxfyzQ1Qy7h8PoR2Ei3nNKqoyIzdX/lmXyneNK+w0ZlQ53 tYF2FQHNSrdCraEnRL9R1vPGggF/oxk=
Received: from mail-qk1-f199.google.com (mail-qk1-f199.google.com [209.85.222.199]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-114-RUCcVIaDOzmx1Xz4WZf4AA-1; Tue, 09 Jan 2024 15:25:52 -0500
X-MC-Unique: RUCcVIaDOzmx1Xz4WZf4AA-1
Received: by mail-qk1-f199.google.com with SMTP id af79cd13be357-7832899d19eso209925985a.0 for <jose@ietf.org>; Tue, 09 Jan 2024 12:25:52 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1704831952; x=1705436752; h=mime-version:user-agent:content-transfer-encoding:organization :references:in-reply-to:date:to:from:subject:message-id :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=plyU5iBmVb0Z7/DhFi2M/S6PONa3K3voZzaxa2ITDns=; b=QLwsuhY9GzwfJXukqury2+pyO/GLqM9QA8fqIU2STIzdaN5PFG4p8mxtYlPbIw60Dt bGJGZ6HeN0SsbBpu5dACC7/OrqYbI2dp3ag7UBCS0tUbew99ELQBGOP88TPcBdat4Vgl 9iwfvfNNWrnJbTiGQvqwtaplqxTc+GJdVKGBEjUWTIpcJZh1bnpzCk5qQ9W/mRAExai9 Vpn4EC9pohKDwjGHnopuZ7ZaRk+0+F/2fLMfDcwpRDdznax2uZt1D0MyCkO2rotrv3Tn yZaFqo63/X4sE5qgVHlE/WltG7YIjltm9Bm/gIklq1+ywS+p/W96II3Kdmbtu12EUJz0 bL/Q==
X-Gm-Message-State: AOJu0YzchHdeOG41Vyaz/0c//gbGeofjgUv/ShahlUr+L2a2jn8t+MQm 8rKKXD4W2ZuPEfMQV2rCetjQt8xX8uW8Q0mWabIdc6Xh+jN+1tNoRLsUWpS6xG42NQ0Eoo61iDA ZErAmSFlqsCPA
X-Received: by 2002:a05:620a:2706:b0:781:aef5:f203 with SMTP id b6-20020a05620a270600b00781aef5f203mr7659269qkp.34.1704831952310; Tue, 09 Jan 2024 12:25:52 -0800 (PST)
X-Google-Smtp-Source: AGHT+IFUm2yid+19LolBibEDIjus7pVZBUUgYPJaA3UkReVdE6Za3KWLLqS6xtZIbdtwINNrPYo8tg==
X-Received: by 2002:a05:620a:2706:b0:781:aef5:f203 with SMTP id b6-20020a05620a270600b00781aef5f203mr7659265qkp.34.1704831952035; Tue, 09 Jan 2024 12:25:52 -0800 (PST)
Received: from m8.users.ipa.redhat.com (2603-7000-9400-fe80-0000-0000-0000-0657.res6.spectrum.com. [2603:7000:9400:fe80::657]) by smtp.gmail.com with ESMTPSA id b25-20020a05620a089900b00781587ab3dfsm1065527qka.74.2024.01.09.12.25.51 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Tue, 09 Jan 2024 12:25:51 -0800 (PST)
Message-ID: <6abb91d522b5ce53490c56a22a9e6d9011cf880b.camel@redhat.com>
From: Simo Sorce <simo@redhat.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, jose@ietf.org
Date: Tue, 09 Jan 2024 15:25:51 -0500
In-Reply-To: <ZZ1lKIt0YP4yOZ0Y@LK-Perkele-VII2.locald>
References: <CA+mgmiMRLh=CskaOY_Ex4Q6-XfXLhkw-rQp4CezOXxBD8J=Xjg@mail.gmail.com> <d157328115285cb95ccd01828290e637f40b7b0e.camel@redhat.com> <ZZ1lKIt0YP4yOZ0Y@LK-Perkele-VII2.locald>
Organization: Red Hat
User-Agent: Evolution 3.48.4 (3.48.4-1.fc38)
MIME-Version: 1.0
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: redhat.com
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Fd_xJPLX7jja8-mi77s6FXy6x_0>
Subject: Re: [jose] Call for Adoption: draft-jones-jose-fully-specified-algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jan 2024 20:25:59 -0000

On Tue, 2024-01-09 at 17:24 +0200, Ilari Liusvaara wrote:
> On Mon, Jan 08, 2024 at 10:28:01AM -0500, Simo Sorce wrote:
> > On Tue, 2024-01-02 at 14:13 -0500, Karen ODonoghue wrote:
> > > JOSE working group members,
> > > 
> > > This email starts a two week call for adoption for:
> > > https://datatracker.ietf.org/doc/draft-jones-jose-fully-specified-algorithms/
> > > 
> > > As discussed at the November IETF meeting, with the approved expansion of
> > > the charter to include maintenance items, this document is now within
> > > scope.
> > > 
> > > Please reply to this email with your comments on the adoption of this
> > > document as a starting point for the related JOSE work item.
> > > 
> > > This call will end on Wednesday, 17 January 2024.
> > 
> > 
> > While this draft is theoretically useful I am NOT in favor of its
> > adoption for existing curves.
> > 
> > The curve used is already implicit in the size of the signature, and
> > besides servers generally only have a specific key they use so there is
> > really no confusion, at worst you get an error during cryptographic
> > operations, something you must always be prepared to deal with as it
> > can always happen with untrusted input.
> > 
> > Either way there is no practical ambiguity that really _needs_ to be
> > resolved.
> 
> Note that there is some confusion on what the actual issue is.
> 
> The actual issue is not swapping of curves or algorithms, or that keys
> can not be "fully specified", but that some widely used applications
> assume that signature algorithm impiles key type.
> 
> That of course breaks with Ed25519 and Ed448 in COSE/JOSE and ECDSA
> in COSE. EdDSA can be used with either Ed25519 or Ed448 keys, and
> ES* can be used with P-256/P-384/P-521 keys.
> 
> With ECDSA, one could apply the hash algorithm convention, but this
> does not work with EdDSA because there is only one alg for two key
> types.
> 
> What this draft defines is replacements for these that imply single
> key type.

So applications are buggy and need to be fixed, doesn't sound to me the
same as applications are buggy and RFCs need to be changed.

I understand that it would be nicer or easier to deal with pairing a
key to an algorithm, but the cat is out of the bag, ECDSA and EdDSA
already exist as is and those applications need to be fixed anyway (one
way or another), why add additional interoperability issues in the mix
by changing existing specifications ?

You improve one self-inflicted problem by swapping it with a system-
wide problem?

Simo.

-- 
Simo Sorce,
DE @ RHEL Crypto Team,
Red Hat, Inc

v2.23.0 | Report a Bug | By Email