Re: [jose] Working group adoption of “COSE and JOSE Registrations for WebAuthn Algorithms”

Mike Jones <Michael.Jones@microsoft.com> Thu, 04 April 2019 19:39 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0744F120092 for <jose@ietfa.amsl.com>; Thu, 4 Apr 2019 12:39:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OUUiLm-3y52m for <jose@ietfa.amsl.com>; Thu, 4 Apr 2019 12:39:23 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640111.outbound.protection.outlook.com [40.107.64.111]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BE8041200DE for <jose@ietf.org>; Thu, 4 Apr 2019 12:39:22 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=A31WHRX/UjGR09OR0W9sdHveQNBoOgOtPUqCyn0JX0W/S0iQAIGeDqnZB/++Er/Luzb1gxIcaIGpHuVxlXxVzvFNCn28D26Qvd5jb2dGTzWZ7BsDyzHm0ucuYOLQHtbJwWUW1iC4STRpUeHFBvVeQRhgyKLDXwEQ3LvMI2ZLcUQ=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9In7LL2Yg+OxQopdmAGwSykx3IM53IC/ufz81NJkzdc=; b=bOECvBY1UaTwAyIfefkYt1pUHQJokjogdcWaAyJajLrSDbFPyRhHiFlDZOk2Mw/luyK6aGAOLPa/x2IvUlflzQ8em0u/7Kur4DkGp695eLeoxkz6IP3QbrV6mDFBk/y14ADmqpZe4W6VqPHD7DPHjvmM4RGWk2D5GV7ru8nsPdo=
ARC-Authentication-Results: i=1; test.office365.com 1;dmarc=none action=none header.from=microsoft.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9In7LL2Yg+OxQopdmAGwSykx3IM53IC/ufz81NJkzdc=; b=XK8RvowQt9KK00zC2i5xxYfDARNeIa4duzCQp0GU+x13h6AnMtawMV/mitECpoKL1wbtKU8nXFfDdZXSgZ815ciwhCmM13kYTW4R+sHlOCdoIAqirdqvEWuWXCqrvrFE7UKO5Ps18jWczHrvEZAJn7WUavwk2JcbemL5YRvrUgU=
Received: from SN6PR00MB0304.namprd00.prod.outlook.com (52.132.117.158) by SN6PR00MB0383.namprd00.prod.outlook.com (52.132.118.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.0; Thu, 4 Apr 2019 19:39:20 +0000
Received: from SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::d017:ba79:6e59:70b]) by SN6PR00MB0304.namprd00.prod.outlook.com ([fe80::d017:ba79:6e59:70b%3]) with mapi id 15.20.1813.000; Thu, 4 Apr 2019 19:39:20 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
CC: "panva.ip@gmail.com" <panva.ip@gmail.com>
Thread-Topic: =?utf-8?B?V29ya2luZyBncm91cCBhZG9wdGlvbiBvZiDigJxDT1NFIGFuZCBKT1NFIFJl?= =?utf-8?B?Z2lzdHJhdGlvbnMgZm9yIFdlYkF1dGhuIEFsZ29yaXRobXPigJ0=?=
Thread-Index: AdTmJk1FCMXIivt5Qf6zVgtbmlGjVwE95YoA
Date: Thu, 4 Apr 2019 19:39:20 +0000
Message-ID: <SN6PR00MB0304D35DC75397E2E4611E26F5500@SN6PR00MB0304.namprd00.prod.outlook.com>
References: <DM5PR00MB02968CC47CDAB140A4FF6287F55A0@DM5PR00MB0296.namprd00.prod.outlook.com>
In-Reply-To: <DM5PR00MB02968CC47CDAB140A4FF6287F55A0@DM5PR00MB0296.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=ff9aefb5-196d-43f3-9a45-0000a2d472b6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-03-29T11:52:01+0100; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:f:458f:f5b:f278:f69]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1e8535f6-d6ac-467b-1dbe-08d6b9353be3
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(4618075)(2017052603328)(7193020); SRVR:SN6PR00MB0383;
x-ms-traffictypediagnostic: SN6PR00MB0383:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <SN6PR00MB038358DACEF91585E73AD418F5500@SN6PR00MB0383.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-forefront-prvs: 0997523C40
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(396003)(346002)(376002)(366004)(39860400002)(136003)(209900001)(189003)(199004)(5660300002)(8990500004)(9686003)(6306002)(6116002)(790700001)(71200400001)(86612001)(71190400001)(22452003)(86362001)(256004)(25786009)(54896002)(102836004)(53936002)(10090500001)(6436002)(446003)(11346002)(74316002)(2906002)(486006)(476003)(5640700003)(316002)(66574012)(81156014)(81166006)(1730700003)(46003)(68736007)(6246003)(606006)(7736002)(10290500003)(229853002)(72206003)(2351001)(7696005)(6916009)(966005)(97736004)(186003)(2501003)(105586002)(33656002)(21615005)(6506007)(53546011)(14454004)(76176011)(478600001)(52536014)(106356001)(8936002)(55016002)(53376002)(4326008)(99286004)(236005)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:SN6PR00MB0383; H:SN6PR00MB0304.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: Bw2XEV7eKM96txltzbCuN+iHSkdDIiCwRTK7Sx8IXVjGdi9RK7Alj52AkD8bREljeHvUXxRjO1J/1k3qQ/AxocmLY6HX926HXr+X6yWacN2rsFVkUD8yXlh3O5b9DNOzRbIN2lXW1MrHBlIkezM7HTK/LGTw6axEL9OsBc5d1hoisZUDyOBbqwKk4CObR5gzJbk9xQLDfIRG1MkEIu5JCd8cfNBOQmVaaWQ3lQ898BI/sUpRVmGI3gcY6tWbB5TMfz6UADqcjJQbG0pyNqmlpUHvPRJ6jbnYT1KK3WvB/27n32MBIaD3NXM4NeZuCuYEDXSnm+X3PZVLtiREfu+fx3IYrOQE95yH3bso8aQQiV8JGpSkv9PZQfnpNQLS7vr7KOonG7Q1FiPrN1ePV3K0Ev34kHUk1LauASJ4yqhFlwY=
Content-Type: multipart/alternative; boundary="_000_SN6PR00MB0304D35DC75397E2E4611E26F5500SN6PR00MB0304namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 1e8535f6-d6ac-467b-1dbe-08d6b9353be3
X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2019 19:39:20.7100 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN6PR00MB0383
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/HLlr2VuQAzDZpf0sZdogyztW7vM>
Subject: Re: [jose] =?utf-8?q?Working_group_adoption_of_=E2=80=9CCOSE_and_JOS?= =?utf-8?q?E_Registrations_for_WebAuthn_Algorithms=E2=80=9D?=
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Apr 2019 19:39:26 -0000

More discussion on the thread “[COSE] "P-256K" in draft-ietf-cose-webauthn-algorithms” would be useful.  Currently two people have requested that “secp256k1” be used and two people have requested that “P-256K” be used.  Please speak up on the COSE mailing list.

                                                       -- Mike

From: jose <jose-bounces@ietf.org> On Behalf Of Mike Jones
Sent: Friday, March 29, 2019 4:56 AM
To: jose@ietf.org
Cc: panva.ip@gmail.com
Subject: [jose] Working group adoption of “COSE and JOSE Registrations for WebAuthn Algorithms”

FYI, a draft that registers JOSE identifiers for signing with the secp256k1 curve was adopted by COSE this week.  See http://self-issued.info/?p=1964.  Please discuss it on the cose@ietf.org<mailto:cose@ietf.org> mailing list.

Also, please respond on the COSE mailing list about the identifier choice for the curve.  Per the note below, two names are being considered “P-256K” and “secp256k1”.

                                                          -- Mike

From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> On Behalf Of Filip Skokan
Sent: Wednesday, March 27, 2019 2:17 PM
To: cose@ietf.org<mailto:cose@ietf.org>
Subject: [COSE] "P-256K" in draft-ietf-cose-webauthn-algorithms

Hello,

Once more to the correct mailing list...

this draft has caught my attention since it touches JOSE as well, specifically it proposes registration for the uses of secp256k1 "bitcoin" curve. I learned from Mike Jones that there's a discussion around naming the key's curve and the JWA algorithm.

- "P-256K"
Do we really need a new name for secp256k1? I would suggest not. Most of the document talks about secp256k1 anyway. Giving secp256k1 the alias P-256K gives the impression that it is a curve standardized by NIST, which it is not. Mike> Others have also suggested simply using the name "secp256k1". I'm fine with that.

I'd like to advocate for sticking with the proposed (in current draft) "P-256K" for EC key's crv, and "ES256K" for the JWA alg. These values are already quite common in existing implementations, quite a few hits for this.

[1] https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.eckey.p256k?view=azure-dotnet
[2] https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-es256k-signature
[3] https://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/5.10/com/nimbusds/jose/jwk/ECKey.html
[4] https://github.com/panva/jose/blob/master/lib/jwk/key/ec.js#L22-L23
[5] https://github.com/relocately/ec-key

As mentioned in the IETF 104 meeting on Tuesday the other encountered naming of this is "K-256" but there's considerably less hits searching for implementations using that one.

I understand the COSE group does not (probably) have existing implementations of secp256k1 and that's why the notion of just naming it secp256k1 resonates, but maybe consider only doing so for COSE. JOSE could use less fragmentation amongst its implementations and therefore sticking to the most common naming already in the wild would be welcome.

The same applies to the presented question about Compressed vs. Non-compressed Points for secp256k1, i'd advocate that at least for JOSE the used points remain in-line with what's already used in with the existing keys and algorithms.

Best,
Filip Skokan