Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 28 February 2024 20:18 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 78050C14F697 for <jose@ietfa.amsl.com>; Wed, 28 Feb 2024 12:18:53 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.909
X-Spam-Level:
X-Spam-Status: No, score=-6.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RAVhcko_seAO for <jose@ietfa.amsl.com>; Wed, 28 Feb 2024 12:18:48 -0800 (PST)
Received: from welho-filter3.welho.com (welho-filter3b.welho.com [83.102.41.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 219F5C14F61B for <jose@ietf.org>; Wed, 28 Feb 2024 12:18:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 9959714415 for <jose@ietf.org>; Wed, 28 Feb 2024 22:18:46 +0200 (EET)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id difx53SDTrzn for <jose@ietf.org>; Wed, 28 Feb 2024 22:18:46 +0200 (EET)
Received: from LK-Perkele-VII2 (78-27-96-203.bb.dnainternet.fi [78.27.96.203]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 697C97A for <jose@ietf.org>; Wed, 28 Feb 2024 22:18:45 +0200 (EET)
Date: Wed, 28 Feb 2024 22:18:45 +0200
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: jose@ietf.org
Message-ID: <Zd-VJUMiAt4I8nBx@LK-Perkele-VII2.locald>
References: <170914224026.56455.15183346032212380498@ietfa.amsl.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <170914224026.56455.15183346032212380498@ietfa.amsl.com>
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/RqGMCaZOqV-nBX3ALPg9GQSm_FY>
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Feb 2024 20:18:53 -0000
On Wed, Feb 28, 2024 at 09:44:00AM -0800, internet-drafts@ietf.org wrote: > Internet-Draft draft-ietf-jose-fully-specified-algorithms-01.txt is now > available. It is a work item of the Javascript Object Signing and Encryption > (JOSE) WG of the IETF. > > Title: Fully-Specified Algorithms for JOSE and COSE > Authors: Michael B. Jones > Orie Steele > Name: draft-ietf-jose-fully-specified-algorithms-01.txt > Pages: 12 > Dates: 2024-02-28 Some comments that still look relevant: 1) The encryption case seems like it would be difficult and delay the document by a lot. There have been requests to get this done quick, so I think that should be punted on. 2) Abstract: I don't think the current encryption stuff is fully specified (the behavior of algorithms does depend on the key), so statements about new identifiers need to be qualified to only apply to signatures. 3) Section 3.3.*: For the same reasons as above, the instructions need to be qualified to only apply to signatures. 4) Section 6.3: I don't think anything in COSE or JOSE currently uses KEMs. And the requirement for single KDF goes beyond what fully specified means. 5) I think that all the non-encryption stuff might stand (double-)WGLC. -Ilari
- [jose] I-D Action: draft-ietf-jose-fully-specifie… internet-drafts
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Brian Campbell
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Ilari Liusvaara
- Re: [jose] I-D Action: draft-ietf-jose-fully-spec… Michael Jones