Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
Ilari Liusvaara <ilariliusvaara@welho.com> Thu, 29 February 2024 15:04 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4293AC180B7F for <jose@ietfa.amsl.com>; Thu, 29 Feb 2024 07:04:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.906
X-Spam-Level:
X-Spam-Status: No, score=-1.906 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dDaYJJrvlB-t for <jose@ietfa.amsl.com>; Thu, 29 Feb 2024 07:04:00 -0800 (PST)
Received: from welho-filter2.welho.com (welho-filter2b.welho.com [83.102.41.28]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4E56CC14F616 for <jose@ietf.org>; Thu, 29 Feb 2024 07:03:48 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter2.welho.com (Postfix) with ESMTP id 8259A43DD7 for <jose@ietf.org>; Thu, 29 Feb 2024 17:03:46 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter2.welho.com [::ffff:83.102.41.24]) (amavisd-new, port 10024) with ESMTP id R7Mv08xWnFOC for <jose@ietf.org>; Thu, 29 Feb 2024 17:03:46 +0200 (EET)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 330957A for <jose@ietf.org>; Thu, 29 Feb 2024 17:03:45 +0200 (EET)
Date: Thu, 29 Feb 2024 17:03:45 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "jose@ietf.org" <jose@ietf.org>
Message-ID: <ZeCc0TVTMmHPCe9u@LK-Perkele-VII2.locald>
References: <170914224026.56455.15183346032212380498@ietfa.amsl.com> <Zd-VJUMiAt4I8nBx@LK-Perkele-VII2.locald> <PH0PR02MB74304D9DFD11894C957AAB3EB7582@PH0PR02MB7430.namprd02.prod.outlook.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <PH0PR02MB74304D9DFD11894C957AAB3EB7582@PH0PR02MB7430.namprd02.prod.outlook.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/Ijsfj_TNFOgB4gtG6qoPhYFPgeE>
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Feb 2024 15:04:04 -0000
On Wed, Feb 28, 2024 at 09:03:18PM +0000, Michael Jones wrote: > Thanks for reading the new draft and commenting, Ilari. Replies inline below... > > -----Original Message----- > From: jose <jose-bounces@ietf.org> On Behalf Of Ilari Liusvaara > Sent: Wednesday, February 28, 2024 12:19 PM > To: jose@ietf.org > Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt > > On Wed, Feb 28, 2024 at 09:44:00AM -0800, internet-drafts@ietf.org wrote: > > Internet-Draft draft-ietf-jose-fully-specified-algorithms-01.txt is > > now available. It is a work item of the Javascript Object Signing and > > Encryption > > (JOSE) WG of the IETF. > > > > Title: Fully-Specified Algorithms for JOSE and COSE > > Authors: Michael B. Jones > > Orie Steele > > Name: draft-ietf-jose-fully-specified-algorithms-01.txt > > Pages: 12 > > Dates: 2024-02-28 > > Some comments that still look relevant: > > 1) The encryption case seems like it would be difficult and delay the > document by a lot. There have been requests to get this done quick, > so I think that should be punted on. > > Indeed, an open question called out in https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-01.html#name-ecdh-es-and-its-ephemeral-k > is whether to introduce fully-specified algorithm identifiers for ECDH > and possibly other encryption algorithms. I expect this to be one of > the discussion topics in Brisbane. I think if this applies to encryption, then new ECDH algorithms are required. The RSA stuff looks fully specified, and I don't see anything else for asymmetric encryption than RSA and ECDH. > 2) Abstract: I don't think the current encryption stuff is fully > specified (the behavior of algorithms does depend on the key), so > statements about new identifiers need to be qualified to only apply > to signatures. > > You're right that (as called out by the cited text above) some of the > current encryption algorithms aren't fully specified. This > specification does two things. > (a) It requires that all algorithms registered in the future be fully > specified. > (b) It creates fully-specified algorithm identifiers that can be used > instead of polymorphic algorithm identifiers. > > (a) is still very valuable, both for signing and encryption, even if we > tactically decide that we don't want to do (b) for all encryption > algorithms at this time. I think that solving one but not the other is the worst option. That is, one should solve neither or both. Otherwise everything using JWE/COSE_Encrypt is left with having to support both. Which is obviously harder than having to support just one, whichever it might be. I think adding all the fully-specified algorithms for encryption is 12 new and 4 deprecated algorithms for JOSE, 24 new algorithms and 10 deprecated algorithms for COSE. > 4) Section 6.3: I don't think anything in COSE or JOSE currently uses > KEMs. And the requirement for single KDF goes beyond what fully > specified means. > > https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/ uses KEMs. > https://datatracker.ietf.org/doc/draft-rha-jose-hpke-encrypt/ uses KEMs. No, those use HPKE. Internal details of HPKE are irrelevant, That is the entire point of HPKE. > https://csrc.nist.gov/projects/post-quantum-cryptography uses KEMs. > I agree with Orie that it's good to include a discussion of KEMs now, > since they're clearly coming to both COSE and JOSE. Isn't requiring fully specified algorithms going forward enough? (And if not doing that, then one should not do anything with KEMs either.) -Ilari
- [jose] I-D Action: draft-ietf-jose-fully-specifie… internet-drafts
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Brian Campbell
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones