Re: [jose] Introduction of Blake2b as symmetric signing algorithm
Luís Cobucci <lcobucci@gmail.com> Mon, 16 May 2022 18:50 UTC
Return-Path: <lcobucci@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DD9BAC237D0A for <jose@ietfa.amsl.com>; Mon, 16 May 2022 11:50:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a2qRRMUS6bmJ for <jose@ietfa.amsl.com>; Mon, 16 May 2022 11:50:39 -0700 (PDT)
Received: from mail-lf1-x12d.google.com (mail-lf1-x12d.google.com [IPv6:2a00:1450:4864:20::12d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 24916C237D06 for <jose@ietf.org>; Mon, 16 May 2022 11:50:39 -0700 (PDT)
Received: by mail-lf1-x12d.google.com with SMTP id d19so27413089lfj.4 for <jose@ietf.org>; Mon, 16 May 2022 11:50:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Z7ssMZCtazeVq+lsqZiSAiJG8EMD8b1/Zs9J6PIdqTc=; b=iRZqGvMEIkaMsS+1IcJLtfy3Gn1h92EahUVB4ecAauzQeLY3g4TlMSw7EjzOOD3wyu 3xnix/xKR/0jHNYc1TlgEb8TP3Pz3Yg0GEd/9VXb55ehPUan4k2aIuWG+pErvcveFEIT zKzkp4/KzJaP/iyZgJngmkfh+TNu6VLErcT65sehNrKBLMB0CI9xU+nLglHpLBac28Zy BkLQrHsS9TczrII6OxUcA6cRASBANtDUlxyoFgIDSAO6sffIF1Qp9CGjj/NORuF8JBzG f02Cht3b/Dv474CqGj3eDBByvXK3q9NtQifa57uZuUg8E7vvSCawKbxVqkUgQB/lplbM jmFw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Z7ssMZCtazeVq+lsqZiSAiJG8EMD8b1/Zs9J6PIdqTc=; b=e0RVqjGZHqwZAuopr6KKhAYPQ4QKFde/BxV1FFd/KdL/MKixI+ruydUy+KBwoMdg4h YazDSfa49k4eMHWUtiYA0gV7GqturibXqNht2bg7Z5/x6fnFtsA8J3TOfILfcOcMCPyk xkr6I4t7fJpUQcA0jjKi2C+1v71yQKpUuA4Qj1vbmaBC1mP8Tjb2aVqc65t+fA+E6VEQ xCCksvVvJJA8jHZHGu9IyDj4waEtOw2GPoAHG47YVlr0j2K5HXTmbnusmNWHVe146NRD wKOuaq/6HgJfeL5Zi1rGqPvfHas0xWVFENCoJMJ6UtehSxokxQotON1ZRp788Q0IEpOG glZQ==
X-Gm-Message-State: AOAM531AeK45QYhF5/6e7w9hTwiGYaKV408arpV66TUwdBr1xKFvPywG JWEthVWY43D0qsUANhB2sadW6R5KV0+UmLxO9xznblNwv4c=
X-Google-Smtp-Source: ABdhPJyiXkZ65KWzAF11WXBlj7ilIWjZ3e7/X6+KYfXhglHIfbCVDWrQZ5zPP/bVDDqp/wfB6i91S+7ihKsNHRCjAdQ=
X-Received: by 2002:ac2:5319:0:b0:471:fc6e:674f with SMTP id c25-20020ac25319000000b00471fc6e674fmr13699559lfh.493.1652727037230; Mon, 16 May 2022 11:50:37 -0700 (PDT)
MIME-Version: 1.0
References: <CAOpAjEH2Tr_EzwE33WZiDe81nmya3aO5Zq1cgiv9sO2wcwyd8w@mail.gmail.com> <YlP+EDAlcV43ebnS@LK-Perkele-VII2.locald>
In-Reply-To: <YlP+EDAlcV43ebnS@LK-Perkele-VII2.locald>
From: Luís Cobucci <lcobucci@gmail.com>
Date: Mon, 16 May 2022 20:50:26 +0200
Message-ID: <CAOpAjEHk6YVvCMPgZQ=x+h78FpjuP7wMMY7nYvUk_y1Z1Sy-4Q@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: jose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000f7025e05df257f6f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/FoQoVCDJI2mUSzax8r2wxzERMzs>
X-Mailman-Approved-At: Thu, 19 May 2022 08:43:18 -0700
Subject: Re: [jose] Introduction of Blake2b as symmetric signing algorithm
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 16 May 2022 18:50:42 -0000
> This is not actually signing algorithm but MAC algorithm, right? > And this is using the native BLAKE2B MAC mode (RFC7693), right? Apologies for my incorrect usage of the terms. Yes, we're talking about Blake2b MAC mode. For some reason, I've missed the JWA section that explains the registration process (https://www.rfc-editor.org/rfc/rfc7518.html#section-7.1). I'll follow it. Thanks for your input. On Mon, 11 Apr 2022 at 12:08, Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Wed, Apr 06, 2022 at 07:15:24PM +0200, Luís Cobucci wrote: > > Hello there, > > > > I'm a maintainer of a JWT library for PHP and we're discussing about > > adding a non-standard signing algorithm: Blake2b ( > > https://github.com/lcobucci/jwt/pull/832). > > > > That algorithm is quite attractive due to: > > - min key length requirement (libsodium requires at least 128bit keys) > > - performance > > > > What are your thoughts on this? Is there a chance to add Blake2b as > > an optional algorithm? > > This is not actually signing algorithm but MAC algorithm, right? > > And this is using the native BLAKE2B MAC mode (RFC7693), right? > > > I note that some texts in patch refrence HMAC: HMAC is generic > construction to turn a hash function into MAC. The native BLAKE2B MAC > is not HMAC (which allows it to be more efficient than HMAC-BLAKE2B). > > > Even if not the case here, sigantures using BLAKE2B as hash would be > significantly more problematic: The only space/time efficient signature > algorithm allowing variable hashes that is even close to widespread is > ECDSA, and ECDSA requires bit order of hash, which BLAKE2 just does not > specify. > > > As for process for adding it, I would write Internet-Draft specifying > the use in JOSE and then use the I-D as specification for expert > review. One might do a comment round through this list first to catch > the worst issues... > > > > -Ilari >
- [jose] Introduction of Blake2b as symmetric signi… Luís Cobucci
- Re: [jose] Introduction of Blake2b as symmetric s… Ilari Liusvaara
- Re: [jose] Introduction of Blake2b as symmetric s… Luís Cobucci