Re: [jose] Do we have actual normative text which curves are allowed / standard for ECDH-ES in JOSE?

Filip Skokan <panva.ip@gmail.com> Tue, 03 November 2020 21:53 UTC

Return-Path: <panva.ip@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 226483A121B for <jose@ietfa.amsl.com>; Tue, 3 Nov 2020 13:53:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NRfxp2hg4uVc for <jose@ietfa.amsl.com>; Tue, 3 Nov 2020 13:53:20 -0800 (PST)
Received: from mail-yb1-xb31.google.com (mail-yb1-xb31.google.com [IPv6:2607:f8b0:4864:20::b31]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4BA473A1218 for <jose@ietf.org>; Tue, 3 Nov 2020 13:53:20 -0800 (PST)
Received: by mail-yb1-xb31.google.com with SMTP id i186so16171242ybc.11 for <jose@ietf.org>; Tue, 03 Nov 2020 13:53:20 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xZk3U2krkuSt4pWUKiQrkGNZ/v7P1LdNifqdevTYxQY=; b=dXxLG4ZrbSjUyyyBG0mIEQI92A98weCzr+I9+64uTB5idQR9uOZ0rPeF5I1T7vR3QZ hqc0bLajLuf7k+P6G5UiDucriftiEJqNOQpe2eb0yZkPlYZkCrkMJ7AR6TWCfzV69qKp V0jFrsycRQQ6Bobg9U14sf7PdutTmeKsslUex1zvoDp0E/A2F+ojcTwvni7C81tXrwu5 DEoof7J/ct1ciUw8hHj6AVTws1qWWiHRJLLnZLgcTluPPWeliQwSZPczq2t4x8zzppFQ BU9PN6c1iuhrsmPVNZCvw4a2wzKnmx+wVf+RsHFBJgHgdlDZbznd87Q8/CYlSZzYIT49 oPXA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xZk3U2krkuSt4pWUKiQrkGNZ/v7P1LdNifqdevTYxQY=; b=B33yDsIa7su61W/ojUrcRnvARTjJzAzXp28vzlTeAVuU/DqruJYMiCemIac5oypRXy lz5cv6RGxffad+f6tZc32Wf6Odck5QVbGfBCOUtQMDzq6CMj4pMvtGFLA+8xZscLBKo2 sJdgmwBcFRlrlq9wF19a/bEESy8NF3MaP6+ntDlJKXFiTO4K4FdIRqJ6yIiZ7X2mOz4e OHltXof24wTc6H7C9qDl6oJA38FP882t/cfU92sO8XeKmXxA4lNyMjWcGFrEugJ48Csb keoH5JIjTXWJNpiRlu5cTQcCw8QczX/1EjLtaKXt1EgbSQMjrN/sM805by1Qnr0Fy0Kh zuzw==
X-Gm-Message-State: AOAM533ht43lojM6vqvE5ktDEu0n+xAtt9Ix1u5SRRvDQElXIqx1x5bI ptffBSnJ1pVVwG4y2+/3tqgEyKmb17zc0+FKoA==
X-Google-Smtp-Source: ABdhPJzfiEUOaiDZ/euf+h+ItfKpN2FoPKp9P/yBv0zVTFLesHya/fRxUAMRFJENaVqPhT5vMZ7hAsgshTNlgQ9pts4=
X-Received: by 2002:a25:a369:: with SMTP id d96mr29094205ybi.254.1604440399283; Tue, 03 Nov 2020 13:53:19 -0800 (PST)
MIME-Version: 1.0
References: <b29e1554-42ae-3ce3-037b-ca3eaa4087d8@connect2id.com> <CALAqi_-cYB1i4OZz6r9dtLziRn1jm1_5oVHCkXu2PMLYcW11JA@mail.gmail.com>
In-Reply-To: <CALAqi_-cYB1i4OZz6r9dtLziRn1jm1_5oVHCkXu2PMLYcW11JA@mail.gmail.com>
From: Filip Skokan <panva.ip@gmail.com>
Date: Tue, 3 Nov 2020 22:52:42 +0100
Message-ID: <CALAqi_-5-48cDSJV0ScL-+HMe-KVoxwToJ3wBd85DdB3fHneyg@mail.gmail.com>
To: Vladimir Dzhuvinov <vladimir@connect2id.com>
Cc: "jose@ietf.org" <jose@ietf.org>, "Voss, Ray" <ray.voss@jpmorgan.com>, "Hamad, Samer K" <samer.k.hamad@chase.com>
Content-Type: multipart/alternative; boundary="00000000000010097c05b33ae4ed"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/RTSplXx7mONl-YeAvkrzPb0Ju00>
Subject: Re: [jose] Do we have actual normative text which curves are allowed / standard for ECDH-ES in JOSE?
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Nov 2020 21:53:22 -0000

I meant to say "*couldn't* pinpoint a clear normative answer". Which i hope
is clear from the rest of my email.

S pozdravem,
*Filip Skokan*


On Tue, 3 Nov 2020 at 22:50, Filip Skokan <panva.ip@gmail.com> wrote:

> Hi Vladimir,
>
> I kinda got the same question from someone a couple days ago and could
> pinpoint a clear normative answer.
>
> We have https://tools.ietf.org/html/rfc7520 that shows ECDH-ES with P-384
> and P-256. In not having any normative text around these curves being
> allowed or P-521 being disallowed I always assumed all original three are
> fair use for ECDH-ES (and its composite KW variants).
>
> We also have https://tools.ietf.org/html/rfc8037 which specifically
> mentions X25519 and X448 OKP subtypes to be usable for ECDH-ES (and its
> composite KW variants).
>
> Then we have the JOSE registration of EC secp256k1 curve which
> specifically mentions that the curve is NOT released for ECDH in that
> document.
>
> So,
>
> EC P-256
> EC P-384
> EC P-521
> OKP X25519
> OKP X448
>
> S pozdravem,
> *Filip Skokan*
>
>
> On Tue, 3 Nov 2020 at 22:40, Vladimir Dzhuvinov <vladimir@connect2id.com>
> wrote:
>
>> Today we received the question why the Nimbus JOSE+JWT lib supports the
>> EC curves it does for ECDH (P-256, P-384, P-512) and I couldn't find any
>> normative text or reference in the JWA spec to explain this.
>>
>> https://tools.ietf.org/html/rfc7518#section-4.6
>>
>>
>> We also looked at the IANA registry for hints:
>>
>> https://www.iana.org/assignments/jose/jose.xhtml
>>
>>
>> Contrast this with the JWS ECDSA, where the curves to go with the ESxxx
>> algs are specced:
>>
>> https://tools.ietf.org/html/rfc7518#section-3.4
>>
>>
>> Can someone help here? :)
>>
>>
>> Thanks,
>>
>> Vladimir
>>
>> --
>> Vladimir Dzhuvinov
>>
>>
>> _______________________________________________
>> jose mailing list
>> jose@ietf.org
>> https://www.ietf.org/mailman/listinfo/jose
>>
>