Re: [jose] Deprecation of legacy algorithms
Michael Jones <michael_b_jones@hotmail.com> Tue, 05 March 2024 18:32 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 80EC2C14F5ED for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 10:32:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.885
X-Spam-Level:
X-Spam-Status: No, score=-4.885 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B2HGtQ8ZA45a for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 10:32:25 -0800 (PST)
Received: from NAM11-BN8-obe.outbound.protection.outlook.com (mail-bn8nam11olkn2010.outbound.protection.outlook.com [40.92.20.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C5F5C14F736 for <jose@ietf.org>; Tue, 5 Mar 2024 10:32:14 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mETEUCAX1ZP+vcxG2S1VJ4nz+DhCN9GqPljtlpOflqdvQH7q5zmwFgPN6esPX3uAtAgbMKEfVEU8c8n8W3vYslBymtmi3TWt1WET9EHjCv+13EJwODCC+Fx926syCdW2INyzzXOBKkDUmOMgaXTiwzyowRcoT9jjTSehyJXHbUMuF3rkb16X6FfDVrK/poU2hOqHCWJ6GCXbwPKXKX763XgcATi/EwI5FCn+xfp/p78cPEu5tKoTF3j+ujNnQx8DZkYVWCI8sj0c/0SQa6McyfKjHY9lfHpu6btZffVrg3CZAQao9PXTg9cjvQJ1z7eY29QTYoUDu3sWEiyGprEMnA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=d1bim8wCGwjnYFkY1LTBW3zfUliC5n4+ZeiBroclEPY=; b=UbY8mIZzzwzt+ySkTpveV7RxHchqtLQvIOk52VnGIXACVe63rKS6cLmwlGdDQPd7FVjD8LcABbll5fmYDSPs4h5DEkzrAhEcwJZPFMR6DNjge4YrYvtVNAsy3e/dJCc3MyCGITOJ/eIgyzgPzAuOHbT8eN4SVN8ctP5GKTXqMUxmjn29bKbRuHzQW2LqSN1OlaIbrdXeiBfWdkRDmkuvxnVI5P3Q9mRic7y5fPFdoUEsAK7rhuUTqZLRt3XgN9BW0l85LpKSEzoXO1G8TLNheC9dZW38d6lZr7DUKDi/lkbW1IU96I/UBna4m09EHQHnzKsVIQyT1i4wvapZ7zIe/A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=d1bim8wCGwjnYFkY1LTBW3zfUliC5n4+ZeiBroclEPY=; b=GymgbDgPk6MV/FoET0MlYH1YCYZeDrls/RglCJWAkVz7zAnSSK4d22gXWUduWGW69DGJkNLRaQYhwJsu2uDC+ZKv8G+24FVz9aArmI+EqOi7Br1qWro2x09kR7+PYpeqOb0x10QYz4PorPbfu9uh9HKq/3UvEi7woysXfrMYqZIXLuzdnx7Zf3wF0brFSHunnQdxjmHwH/UbEjGSZmmCalt/BgULp5HmvsoOWv/zF643qwnEHi60bJuCpvibjrp1NrYiIRekl41vEnhiXFxIZqnyJGszr6qcv2KF5m91tw2PFgIQb9jh6gd+gsjT5ukVGsIhmrDgf/4f/hZcY57LJQ==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by MW4PR02MB7363.namprd02.prod.outlook.com (2603:10b6:303:67::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.39; Tue, 5 Mar 2024 18:32:12 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66%4]) with mapi id 15.20.7339.035; Tue, 5 Mar 2024 18:32:12 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Brian Campbell <bcampbell@pingidentity.com>
CC: Neil Madden <neil.e.madden@gmail.com>, JOSE WG <jose@ietf.org>
Thread-Topic: [jose] Deprecation of legacy algorithms
Thread-Index: AQHabxW9yS83nLHqlkSBvji2Xc03JrEpWNYQgAAROoCAAA5boA==
Date: Tue, 05 Mar 2024 18:32:11 +0000
Message-ID: <SJ0PR02MB743932E23729B5064BF1F602B7222@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <30D0C208-4543-48C0-952D-59B57633C1EA@gmail.com> <SJ0PR02MB74391F8A6CA547FB2830163EB7222@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCT8uQFTakpapby3uKcSAyjv1ssZFBa4Qqi1cweW2jqQqQ@mail.gmail.com>
In-Reply-To: <CA+k3eCT8uQFTakpapby3uKcSAyjv1ssZFBa4Qqi1cweW2jqQqQ@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [HRGmoRN2xS0/OulT96t61EgFruw+DiBYefqnHQmmmCkwYVdV+ELKVMbRBS4Ks5J1v5/S+VgFSw4=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|MW4PR02MB7363:EE_
x-ms-office365-filtering-correlation-id: d5f3a620-0f31-4b2c-3190-08dc3d4292c2
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 0thpRXo4ixB6LxpTcShj0q1b9nANev/8WU93siQn0trM96nFhrOwneEbo5/0Avq8c2Smfa3WKpo27ROZg8FDHSvRSmUYCUGjBZ2SXKpcZgJOR+dtNT3qR2V8wvdYWM9cGsd2KTYOLDF451lYKS4YsG/dWEx3Nqqk0UB4GtFGZzoAS0WHAqO9mkxabIymLZXSqKfsAsViNjeGK+YcWQztlKZl6KcDnNYqMyTo/e5gosBeVdyUCbvTE2bnxMuk/7R9XDKTzskmgVRtzlIxmR6P6wbbUiFQCjcFys1O8DCI4HAYu+Yg2SfkQHFSzSJWTKAgVvTxjIlIcSyVZmXcUYzhl5Lcrzbg3dhvREwOdCkA02DRFQeRXBm9lZSMha+KIUpqTMKVKQvpcBR4flc41SY9x7uIE7kbCl7V0Zim1OiY0nruMYMLJ6BklnbQp7Z2Wpl55oUvLeM5EZ4pONO8VdeHDScQNX2Akk08sN7SF1ZhTV/cXiwCgOx9f8trM6Hvo3B0qpCfoXoU+VQ5vPofy+mrl2HsoFmv9p7t+AQ7T+EcH7+8bhYKGeDy2e5KCFpqj0ZuU73xXljEdmdxPM6K2l5JJRlbq7ufI+KDatBBOoJS2ExEoKGsUOIIiHdfIxRRTflVVB1ebV5GvboOag7aFk8vEAB8od3ZvqGLTYQzCDLGMzllR8VP0XK1tb8fcbs/3qIZGWg6YMQrlpoioDjtPkXgbQ==
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 6grFqfcaZhf3t7IaGvRfbeeYdsi3pSSpr06lydj5u/l/70PFYJfkNfgXjkriN+v5wf4U/r4ey8NDKTNVf/JFPQCJbLTXr8cDyFPJ4SnL155/Cxi7glPfXCud/YTAlplBoZRcA6Xr4YHGRrwxNsiH1cXizCmNsRdXhJ+/lmm9XYt/DQdAuz5NRwxqqC9LD7WwZfrhiJGCyfXpKavhYkvdKcEL6MzJOWzvWVtBh0tYm2Q8gOQRqorjxrCGx8uV7J15nTlgeWSyGuoSwKJjaK3JC92CP/jvNexcb8qAtUXCTAZsXziSFz15Wpo2aMe2ikAvf79bU7JqnHKcBhmm4J+X1jCN4JQqF9ldUHtf3P5qedgT4M9Y+xs+GZIFGFT/9Bfejgqi/GgKZGxGsLjnPlAGVMyT8mv413iTROS4OPN/RaZe2X+do9hSNxcjctTCAJkAcGI6gRg3awhNCbnDJAitncdJAU2GJXLlzBp5IprMrlVuFglzKmSEUBojoKxzpAvYcJH0cPG7hMMek9NQF36FOFW62dbwIXHSsIUnvL2GlLQGAoM9qxBr+w3iA1EghFyPmCBAtpS5g2tJRMvVOy8q39hPzTXf0KK4KKJz3aHYg4sPoxNwIYCmEsbjNX9BMlIWHVGZ2Mklf6Y+6omhdighaVv2vKX+3AvijvEcy1F8bzsmHvTKEoUWCk5gtwb5cu8eEU0KUObxinOxeyyQBvXkhDB+4Z4rlGRIOaylPgPcd15mZI9FlOnhUJ+YzGkDeWLp19qVHbmukiBakiMmHQyn9Avwjr0XQQ72M3acljUlUmVWdtcda0U6VlaW2RdQfGug1m9g5pRj2tXbFXTO028Dmbo3ZzWrf6giqJbyq+BL0+tzsS+gbyDTqUGeVK8NQlCzB7hWH0BmCnI83DDHJWPNFy6eR379XRXBtgr6f5+W79pIBQBNoJBBQhDLH+KEeAvR1o0mkIJsVtYtWnle//auQIF6I6pz/7nK0sY5s4pexvsy+L5c7J/WiJO0CG/boqHmdOPTa2KbFh2BabSSyD2m7AGysMu5tjVAmy+1/fTMyNVO5o3DAt4YJj20BoT43CEhUwnZU2x1PUcX8uPAtjv/PNc5/ROGUXPzvv7XIVyexkirda/TaQawSLmBW/qjSTesuiZ6CgXiT2AnEYoOUpmlKtzet9Z36MUj3J8UpbarNctWtg8S40521cVuyp/aAi2lu8Rk6Ijus3xTce+hlCG6pgTdOGaP2dvuNfG8e+Ya6XZiNACsDYpj8NjpawVUwjVfv8S0zzjoeovlp5Uni0+N0B9LwWZILIj9W/eIqZ/un+q0vuoEXpHr3nbr9d9ikPCC
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB743932E23729B5064BF1F602B7222SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: d5f3a620-0f31-4b2c-3190-08dc3d4292c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2024 18:32:11.8926 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MW4PR02MB7363
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/FjRJfijVWncRqCcdmInBovFvKhM>
Subject: Re: [jose] Deprecation of legacy algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 18:32:29 -0000
Sorry – you’re right Brian. I replied too fast. I was thinking of something else.
In fact, we removed instances of RSA1_5 from the examples in OpenID Connect as part of the errata updates.
-- Mike
From: Brian Campbell <bcampbell@pingidentity.com>
Sent: Tuesday, March 5, 2024 9:40 AM
To: Michael Jones <michael_b_jones@hotmail.com>
Cc: Neil Madden <neil.e.madden@gmail.com>; JOSE WG <jose@ietf.org>
Subject: Re: [jose] Deprecation of legacy algorithms
The JWE RSA1_5 alg is not required for OpenID Connect as far as I know?
On Tue, Mar 5, 2024 at 9:39 AM Michael Jones <michael_b_jones@hotmail.com<mailto:michael_b_jones@hotmail.com>> wrote:
I would not support deprecation of either of these algorithms. They are both required for OpenID Connect and are in extremely widespread use.
From: jose <jose-bounces@ietf.org<mailto:jose-bounces@ietf.org>> On Behalf Of Neil Madden
Sent: Tuesday, March 5, 2024 7:57 AM
To: JOSE WG <jose@ietf.org<mailto:jose@ietf.org>>
Subject: [jose] Deprecation of legacy algorithms
Hi all,
Leaving aside all the exciting work on shiny new algorithms to *add* to JOSE, I would like to raise the prospect of deprecating some existing algorithms that have passed their best. Before I start work on writing the drafts for these, I'd like to gauge if there is some support or this is likely to be wasted effort. The algorithms I think that should be deprecated are:
RSA1_5 - currently marked as Recommended- in the IANA registry. PKCS#1 v1.5 padding for encryption has been a source of repeated vulnerabilities over the years, and they keep cropping up. I believe the main reason this exists at all was to allow continued use of legacy hardware, in particular where FIPS approval was required. However, PKCS#1 v1.5 padding has been forbidden by FIPS (for encryption) since the end of this 2023 [1]. If someone is really stuck with a hardware device that only supports this encryption mode then they can use it to encrypt local files containing keys for other algorithms rather than using it directly.
none - I know this one is more controversial in some quarters, but alg=none has been responsible for a steady stream of serious security vulnerabilities, and even spawned its own website: https://www.howmanydayssinceajwtalgnonevuln.com<https://www.howmanydayssinceajwtalgnonevuln.com/>. I'm not sure there has actually been a year where this algorithm *hasn't* caused a vulnerability. I've yet to see a genuine use-case for it in the wild. The pain:gain ratio on this algorithm is extremely high.
I would also like to write a draft (either combined with the above or separate) that establishes some baseline security properties for future algorithm registrations:
* All signature algorithms MUST achieve unforgeability under chosen message attack (EUF-CMA).
* All encryption algorithms MUST achieve at least IND-CCA2.
[1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf (see table 5 on page 15)
Thoughts?
-- Neil
_______________________________________________
jose mailing list
jose@ietf.org<mailto:jose@ietf.org>
https://www.ietf.org/mailman/listinfo/jose
CONFIDENTIALITY NOTICE: This email may contain confidential and privileged material for the sole use of the intended recipient(s). Any review, use, distribution or disclosure by others is strictly prohibited. If you have received this communication in error, please notify the sender immediately by e-mail and delete the message and any file attachments from your computer. Thank you.
- [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Ilari Liusvaara
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Brian Campbell
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Manu Sporny
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Vladimir Dzhuvinov
- Re: [jose] Deprecation of legacy algorithms Les Hazlewood
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Marc Blanchet
- Re: [jose] Deprecation of legacy algorithms Orie Steele