IETF Logo Mail Archive

Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt

Michael Jones <michael_b_jones@hotmail.com> Wed, 28 February 2024 21:03 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 29433C14F6B7 for <jose@ietfa.amsl.com>; Wed, 28 Feb 2024 13:03:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.234
X-Spam-Level:
X-Spam-Status: No, score=-1.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gdwxZX-lXXtY for <jose@ietfa.amsl.com>; Wed, 28 Feb 2024 13:03:20 -0800 (PST)
Received: from NAM11-DM6-obe.outbound.protection.outlook.com (mail-dm6nam11olkn2021.outbound.protection.outlook.com [40.92.19.21]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90B2EC14F699 for <jose@ietf.org>; Wed, 28 Feb 2024 13:03:20 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OgL+xV8qOFdm9eTTq7rpfsapVKYljjaqbuSg8UnlmCE5qQHZ090kWov+cSI45V7x7cfUXqLzTbyFQ2IJVNbx3QyyLnknZ2lD397QOgqmVI2ie6ivE/xxaaiXwc/HNpmQf/49WrG9rNpFBI+MOIVzncVmsBt27mHYId0bB+9jl7FMV8R45c2nUSMMrNpGYrIUD+VuOTcn5v+qiCxXdx29uGjm3pZ5MQ3ixLyi+/EskpvXLb4TZHIehNyO1XjNlALNQ6cDEB70mXkiy8LO++/iTlZJt2CiIPfwqYzxOuaNZDiaxa2TARyCGDiYddcr2Rer7tGhTpKzbESrCTv++4yx9w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=y0wSt/0/BzRsUFB6SHqZ528mGCewoTaz2A8tYK7vpig=; b=I5CVqgBr/2BEQ00e+JoRK4gL5tg2cj2w/cj8ntF1c5UWfEOCgO4lZAdpv6rtoVp9JStGabXHZdlJSp2PuH6AivPoCiT/YXaJ6XOXr1We/bz0OUOUc97j2Ey60HWKjafplsE624LrIAKO0iNoHuK9AgVzYgEDUM6J3ZAtqMddvvQFZa5o8xKrU38vOeWJ34j4vLdFC+iOxloBuDQbjqGOsWcoGKdZcF2Jy01J+MQ/4JFoDeXeRNs6tac9ovB12oGOQnxx+5uDCUn6GQEFA1N/kp+nLb+0WT3SCbX5eOmo+8N65WdGHF8mUc79lW/4rtT81G4WsrJqRrJY/4ouDIWb7g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=y0wSt/0/BzRsUFB6SHqZ528mGCewoTaz2A8tYK7vpig=; b=Gj6dC9TjiGffTxiBu8qfIFgo8lpDAYk5nhqqg9RHRs1sB+cRTNixmfjn8WB/UWT0CMV7HQg9vunIepMKAMzKAtnXA6TB7E41Ehl3qzet3ICAKJeASkDBOQP3zn3Xtr3vghfTv4x+jDK6mwVzFVlI1Pum1/ihyFghB+pPytE5m4f7CQ7hRvPmeRQqD6UTkHw9eoM4k+NBTmXckUr1gCIpi62bol7uArPQqgDHmRO/JLcdkhFyvOjbYn2MYr7cby/l2sbVo447Ttxp4L9J62y6EbGRIqor9+hRVTS0o3XxEx3YX/Da9/cs/P7T9Q916olhxWW6irMMfWrkaXcZLAUp+w==
Received: from PH0PR02MB7430.namprd02.prod.outlook.com (2603:10b6:510:b::9) by PH0PR02MB7656.namprd02.prod.outlook.com (2603:10b6:510:4d::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7316.39; Wed, 28 Feb 2024 21:03:18 +0000
Received: from PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::e7a2:25db:bd10:2e90]) by PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::e7a2:25db:bd10:2e90%6]) with mapi id 15.20.7316.039; Wed, 28 Feb 2024 21:03:18 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
Thread-Index: AQHaam252kJW8ynn0kSNpKUjtuQferEgMc2AgAAGggA=
Date: Wed, 28 Feb 2024 21:03:18 +0000
Message-ID: <PH0PR02MB74304D9DFD11894C957AAB3EB7582@PH0PR02MB7430.namprd02.prod.outlook.com>
References: <170914224026.56455.15183346032212380498@ietfa.amsl.com> <Zd-VJUMiAt4I8nBx@LK-Perkele-VII2.locald>
In-Reply-To: <Zd-VJUMiAt4I8nBx@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [WnQyjtipKW9gXoHmIBACHHwD86TheZQ1zg+SQQip9O7pJFiJEyfnufPE+Xqm9rifDn09BBAHyGk=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR02MB7430:EE_|PH0PR02MB7656:EE_
x-ms-office365-filtering-correlation-id: 6023ec4c-2ff1-4f17-4ac5-08dc38a0b06f
x-ms-exchange-slblob-mailprops: ynsnEk/J89dET0DTdMdgUe6QMZNYuCqDT8ke4VVqHrWUOnFE7wYhGxj0jYP+yY90RkDJPIOQfjN5JyCxfp9jSeS7QIdBFzuWlNzczgh07cvlI+vKINMkGT0Q5deliKkaOaX102LTnda0nojX0hOncKRQ8r0GrSClOC4tRSRdcM+B5r2MBT8ojrdiUJEp68YPFeTAPcpllcPLYseA5LsPhCdgfFZq0MfHD9AeqlI0ovMGfiA8JAp9bf0BgmkAjyPwLQSHQH3EqUTF9rPaWg9pGyzZ/lX1egQEJ3J/gH+rkF5ktxsnuKotgnRWqFAeyRUbZZvMOCNs/uojrs2jbGDvhLvBUER2X4lTQwj6TJInq5VoE2sBDGWxObPxn54e91b0ZBw5puSOG+Idaq3BbFwWa9sEkVtV75vB0QvovpxsiCZn8X2Xi4Y+mQk0aypwSkzTejMnuDwlIuQwVqOggsKnoTwEl0srdf4QQtCLhQ8IwY+HvXfLXdYk+BOG6vIC/RGk+/iKlgAJiYZm+nP5gaQHc/InRcFgI52tJgP/g5iD53nPnRjabjwJBc1hG9mHa9zwh1F4lv0DAZfagfcnEJM8weqFcfbSlzqpWUNmuMXtvGttUYdVrdEm/QdnC6V+z1pLNEfr14VURwL/L6soVVYaCjKPKP3/PdfjogMh+ArKYfecQBP7csOCVRJIqF2b1sY0dRLSC2+l47V609/fx4g0EOZkqHn78PRij5VEhIv4k3VDji4JlXMd/E46hYIJULXnlqXOeQkKFzS05rLeocPPPECQ7yNClEdC2kY618A6eRPRY/obXkMo2afV5q66Yd7/N9dDjKg5JIMDzeH4HMRQxp95WR4RyJgho5+U8LHiWaBmGgwsWInnhCxZK0dK4kMfOjSNQrSWG1iPBJ4fiqdCsQ==
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: UKIdGv9UmZGoJ+LVW9usJaFUBte8EX0Xvd6MX6XCvpCZIMmWjunLb0pnczDmL1FyasVBPv76HAZ+BBY0z7ADJ3PAiQWDFcvSJSxUhdhs6g4HJIRNGHYgINf2Wcr7jAoNlm5IOw/wblnfw/7dtGPDy50oxjpY2dRewrCnpdnWG1Vm3N6zdJB2uKQ+ZIDFTz0tWl0JkBzK7W2wtK3g1EXFOWU3v70bmJaypy1R+ZEXni9G0CaJyJEELRJ9LfAfQRSwAs+dhVrv2xtku7LnUy5/fUtDwfRYuEjKkTbtnXgtrgHaJP2SXgr7XrPoOb9CxChDEQBDJy473EL5KUe2/G0SXXNl92p9sQClTjR7pL3+xLcRPdaNHmBSwN/EzYItHmXyJf5GCFl6+eNvuPGWEoi2gzOEyeMFzrLbITijdygOu4A/JYU9CzE6lotG065xkkkbpGMw7Fk65wIzOcSdWaufvh6+zotl9uDmqQqmFSEI997a9j3QVWr1IIx1iqM5nn1L1frIUJxNGoCSEsjCFSNW/9p+7wMvmjbIqOr5PKbSq+n8ga1yHHpMxUNC8HI56MOulFYFvd2F7elKIeTTYTZ/s/vzJJaxLj7NS7UhagTSK1PVHPLvAa3xAkrcWtiTasgGl+d2jqQD8EswrdNBJuZLm8u384kPyRCj01ZnaRKade0=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: zatRjaG2JS4PVmV3A4ZHv/HjFErmnqUpFA8nCaqEv3W82A/oK+tNIUE5oPKpMP6N94GP6hx0xISsEzlwwpdKBsB6UktOgeySUQojgq2OC9iORTh74NfLYbvE/rdskspLujRo9bXIddp1U4gHwDqUBvz3keZU+91XtVmXhyLvCwDtjQTNR8LiMyjaXQiKYJm6kPeXghwbNaJ8iGkB6rymZwioxmXwJ9Vyb68x7OccKa0VUVMMt78bWpJ/H4tlJTphRUAlU6wgbOLNmm/aVMfy9bp4clR7HvV+xur47PP6v9fYnp496zeoAuATGTz9IOzQIIm84aluBnyMWCXUm6riCZH7oP1p5XD06ayU3VXn6/3//QFdFCyjAbahnUa4Q6P/QsW8txPZNjGln0k0xpqPDp5c2KiunRdAOAtsNmjBOpMlQIwPmxSsIYHJeHRU1dXeDISvluFP52vgf+OBQ7xkAzhkAwZA9FaVfv8+UBS/31VteGZIMIe3JAOTFRWHX8JW1OCTInamdBpgrJFsK9TSlOCfTT44/c/Lftk0kbLLw6FiQSRO8DPh0qK0DntQIwb15stwi7BJS1OA6D1Q5AueNX/48/qt22S3P6/Ft43IWGHzq84Sh/g7LE6Je4v9JTyZKgWIFL+CQ0+rDi9RuoLcenXjHcSZ05Tj3zk2AEONPppZPmGwINZhLOdndMr2oPFPuz77x4+Z9fovBRQ6hlu5p6OJ8k6Ol1rjjZzke61nAgvUkfNyJzJNB57h1NcUY3NSSzZd31FvTOqGVM8djUsDshF+FiGLdwdD3AmIQTURoIvmHwgXlbaiOeVTcesMBCpSsnsK8/02TOGsio8Yd2BvBLwzPE14y7vQ/z3/IjCW3+jkJCbmf/QigUvdIv/CxX81CScVHCnzpQMsgMidPeXoAnitUkpP/PYxGX5/Zjn/rn4AdnZ5t5467UB6GRdxIaEcQqfiI01cnQAFdoIWA5dBdnIjZPGXEVoWyw17bUOjiEQbyKQVGPFPiKQsPN/MKz1/se7Y1eOXQ9FbU2JdH5J1XV4hionwFGx4/iJSd/Svbrlqy2lgVm07Yxp+1tyCkzQ5IsmU+1rBtirKKAyEX1CW/72nf92W1fO9QItUCix566pGsm6GvPg1X1R2QJD3o1AWCl0DDSIPSFEfSBkN6YIK9k4ZVOt6vugzzohPKhKwALTs32OIXlHTnRRGBb723MW6bKUPyj2NIA0pMSVb0psVMnnMHyyZZmUqXqarto0ETAoW6gbxtCLBalf3XDjh6PgU+5Rf4UNFoD+BrGeOXL6g4QCoJ5M3jhMTMRXIgV6ydFKTB7yJR9xqeu1I0tjFaUIB
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR02MB7430.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 6023ec4c-2ff1-4f17-4ac5-08dc38a0b06f
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Feb 2024 21:03:18.5448 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR02MB7656
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/MUXjnta4bjdZ2N92sPwFvHfJ3r4>
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 21:03:24 -0000

Thanks for reading the new draft and commenting, Ilari.  Replies inline below...

-----Original Message-----
From: jose <jose-bounces@ietf.org> On Behalf Of Ilari Liusvaara
Sent: Wednesday, February 28, 2024 12:19 PM
To: jose@ietf.org
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt

On Wed, Feb 28, 2024 at 09:44:00AM -0800, internet-drafts@ietf.org wrote:
> Internet-Draft draft-ietf-jose-fully-specified-algorithms-01.txt is
> now available. It is a work item of the Javascript Object Signing and
> Encryption
> (JOSE) WG of the IETF.
>
>    Title:   Fully-Specified Algorithms for JOSE and COSE
>    Authors: Michael B. Jones
>             Orie Steele
>    Name:    draft-ietf-jose-fully-specified-algorithms-01.txt
>    Pages:   12
>    Dates:   2024-02-28

Some comments that still look relevant:

1) The encryption case seems like it would be difficult and delay the document by a lot. There have been requests to get this done quick, so I think that should be punted on.

Indeed, an open question called out in https://www.ietf.org/archive/id/draft-ietf-jose-fully-specified-algorithms-01.html#name-ecdh-es-and-its-ephemeral-k is whether to introduce fully-specified algorithm identifiers for ECDH and possibly other encryption algorithms.  I expect this to be one of the discussion topics in Brisbane.

2) Abstract: I don't think the current encryption stuff is fully specified (the behavior of algorithms does depend on the key), so statements about new identifiers need to be qualified to only apply to signatures.

You're right that (as called out by the cited text above) some of the current encryption algorithms aren't fully specified.  This specification does two things.
(a)  It requires that all algorithms registered in the future be fully specified.
(b)  It creates fully-specified algorithm identifiers that can be used instead of polymorphic algorithm identifiers.

(a) is still very valuable, both for signing and encryption, even if we tactically decide that we don't want to do (b) for all encryption algorithms at this time.

3) Section 3.3.*: For the same reasons as above, the instructions need to be qualified to only apply to signatures.

Per the previous answer, (a) is still very valuable (and I view it as being the core mission of the specification), even if we don't do a comprehensive job of (b) immediately.  Again, I expect we'll discuss how much of (b) to do in Brisbane.

4) Section 6.3: I don't think anything in COSE or JOSE currently uses KEMs. And the requirement for single KDF goes beyond what fully specified means.

https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/ uses KEMs.  https://datatracker.ietf.org/doc/draft-rha-jose-hpke-encrypt/ uses KEMs.  https://csrc.nist.gov/projects/post-quantum-cryptography uses KEMs.  I agree with Orie that it's good to include a discussion of KEMs now, since they're clearly coming to both COSE and JOSE.

5) I think that all the non-encryption stuff might stand (double-)WGLC.

Thanks.

                                -- Mike

-Ilari

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email