[jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)

John Mattsson <john.mattsson@ericsson.com> Wed, 18 September 2024 06:36 UTC

Return-Path: <john.mattsson@ericsson.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E1563C169404; Tue, 17 Sep 2024 23:36:18 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.256
X-Spam-Level:
X-Spam-Status: No, score=-2.256 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.148, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hc2Eo7XIz-jl; Tue, 17 Sep 2024 23:36:14 -0700 (PDT)
Received: from EUR05-AM6-obe.outbound.protection.outlook.com (mail-am6eur05on2056.outbound.protection.outlook.com [40.107.22.56]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76F82C169406; Tue, 17 Sep 2024 23:36:14 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=LhSJF15vIkpVsJ2MRpSXGCvDslZgCeY5Cz6Dgi8jo2xj1uqSbkP91lM+BN4wiAzynQtvO5aJ0wEJAghUunP+FT7NLw0FJMTGFFvAU3+zKMMgHHI55TjmU9E0mTXSJShb2QG726WvA54f06wfRvifqLs+zplD7p1RhpADNPnDc5x8n/R2jSwN2kIx0+pvjTF7siUsYpgpMNVLvEwMxxbSsu80Bu9LPXIQzPSTur0GgyyWHE+4OFciO5zCZXcU9sAS+ztR47fgNBYPZrXMRARzaeDMWVPwjZD7G+zUoF5i5Pdsxf3nCtltQqasC9Jlrx6pAqdKGGFV+EeKzV4b4u+LdQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=tW9Vfz9RLXsFws3ahJQb9WXrAzMGTFEHxlqBNHcGc7M=; b=mjFNYakufJmg6qtrzGKsODSLt5vPKx4MXhm0fyPoXIQdcg9n2dSu8AGhnPwn13wgsZq/TEFUzaZT2UowvnSL0YGwM+8w6pB8xAJNDyKZbS/IxqpiVEeyZIhYql97DAC2YGLWT6AWWd9SIZ7ZgpVBCuauMBDe7Vjy7bCRdSrQ5P+eFKKvqxiqBpdO9YfjUVCS6B1XZhJ72+G7kcd9F5lohZ5vlqFsPj6PmEjOhJxtxuGVTc+gKnput90q3m3IF0MDZYU6Cmh9a0xCQMx4mCn8MyGyQgcLUxB7REVJvgClimDQVdAVaQnhd4HrE9hsg/yBFrBmkNfnAKsj6c+fLdxtZQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=tW9Vfz9RLXsFws3ahJQb9WXrAzMGTFEHxlqBNHcGc7M=; b=ItBckI/0sEfkPgQ+HRzIzfOdFdEuVOUE1W4/BqCRC/6NfYH3zNowMsPIi7P/Zl/SjEHhFcFYdsaADtmcmS8oK/UVPMngsto29MqB6jdfW5V0i0O+mtcjIzamaCX0oSiwgtax6UNn31Nqa/1P+jKlLe4duiC8xSnzrWP2L6YGGgAbg8VHBXT5qJqxO0Klhty7IZZs8U0vtA4+hZqENhkTylIVWTyjwpqZfmCuSwgMJNOszF07c9zL87rpUwU13tmvadewJ2kPwBvakjR8P55hp0kYomKZsbf76ptob4EOaViB4mT8l5dVf3q5nJdlMk27hzX2r9p8haKBMHYsnjD7SQ==
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com (2603:10a6:150:114::10) by DUZPR07MB9959.eurprd07.prod.outlook.com (2603:10a6:10:4de::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.24; Wed, 18 Sep 2024 06:36:11 +0000
Received: from GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8]) by GVXPR07MB9678.eurprd07.prod.outlook.com ([fe80::bcf3:3f45:888e:a4b8%4]) with mapi id 15.20.7962.022; Wed, 18 Sep 2024 06:36:10 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>
Thread-Topic: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHbCVfEDgm4O9IHxEW6d45W/KN3qbJdEmje
Date: Wed, 18 Sep 2024 06:36:10 +0000
Message-ID: <GVXPR07MB96780C1254718054F979346389622@GVXPR07MB9678.eurprd07.prod.outlook.com>
References: <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com> <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com> <GVXPR07MB9678668C56EB63D7453F5E6989652@GVXPR07MB9678.eurprd07.prod.outlook.com> <769754A3-AAD0-4630-AEBC-4A4B0553ACBB@alkaline-solutions.com>
In-Reply-To: <769754A3-AAD0-4630-AEBC-4A4B0553ACBB@alkaline-solutions.com>
Accept-Language: en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: GVXPR07MB9678:EE_|DUZPR07MB9959:EE_
x-ms-office365-filtering-correlation-id: bb459fa3-a793-42cc-a787-08dcd7ac2f64
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|38070700018;
x-microsoft-antispam-message-info: vwmYDjFmHpnmEA4BUZb3ozG4hWmij91Uu/MZQycbc0TwmlHqtA+lYfbOTamxMZ/I4DYiASnqKYODJlTJ3Wby3aNB8wXi8Cdl8yJZCTe/UurSUKf/cM2JOMAmqP2IRfPRwu0oUu8gTuhOdHBqiUyee29j3DFxxZrcBM+VEo94gcEUPNUDNYYOVl687X5UExe4gVmQwg8E7+I6cJInXc6r/mKjRmrbd2JQ61lC6793f/hq486t053gDQcwzakxPlhp2lg/LU6A8U9wtBtom1+/fr/ObSCrOnd0OpFm2x1ZBheOWeD2zNUhDgmOOSrIgTC0d8dnNAbg0SGqIH3AskhnO6Uz/YIrsOdgqbbU1DbbqJeFG/OXVWgu43NyP2MUJU1LuU1z5RBXph2vLvSTBkO76XDZEbG5co+E3yKY/67ZsuS3V5EkON+POnsxBJNR9mlVQcvh4N1QzalZv7cT/gL45DH1F2WUgntMI6kITWw8PHYkbFuzA6ZZj7lYOLy+h5MAfFfQZgvfdBwavV9a09KEnedQ/+ys+lHoKMEhmOAtGXyMj8KMOW4ElscCPDT59fR59paQBXPlBcm6NkUPqWYW3JPWLwM64OTKnLZICZC6yvWUMRTPBJA9bmcv0BAlQ9YeRxzaLcqN3B4sU9GuL23c5xkdwwiiUoykyyuYFv93uxT1iYoGE3XviTycmrjkIQQuCzmX97DR101N/hGPIgLuyq8Tv+5s+ny4E+pbBf1KrtT1rCDYwoJaVJUVnSZxJMfzGxOjf+1Muy6TH60WVgyOvxxrWaqqDFVnkWa8lNCKgwnDqESQkRzmlv8qSMDlLf/viIzZ27nUd0+sMLu0rATj5VJuqEzeC1XY1O8veav+/gVRz39U1G5xkTgtU9xRjv85+DP7ZNp8bYMBgBF1xX0ikuA7JhiciWp3MFZhd9cnlcSGzuKUY+TPUQiyaDV9yFdFTsD5+Kt+M2m9kTb8NIzGitsO/fI8VzD1ZWVyFVVDQwBPfB6IaaBSONBNIfb02gVUsImxTYzwDxNmipOYJlbcceRihARF1Vfxuc2Za9BJvuq+HfNJxgR4d/RNexpMpMc5xq99xMAmiJzTRy+cwEmVfSfAZA4hV8QGGDnW5/jYS/9EBhtXTH8zri3s5iaOQXGwKFOIH1fTioOYlbkyYx1+5HzXwIAA66aWtM/mEciVeTOu2J+0w4/hye4arqMDkEgbR3pR3HHqWt3w6Ljvjg9POckrumFsw5fpKq4l9YBfmz6SLLS7i83nIKmhrOqxFwMuBvjrRXxwnPyD3h5SBWKz9C4fTtmjKPRM4PDmrjgrS/iw63/jQoavjEq/tb+eQmhwHbBI1LXT0GTt4Gkjo1SMWw==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:GVXPR07MB9678.eurprd07.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OZETTd+nw45PwY5ufoA9Xuddob4tpYc14ug1iTJR+mPQ6SPb3bePMImgwqu6HgH/RotePpF91qYGxL3emM1wgyIDkEwrxIbFD1/BfI0SzhhehXp/CLwp9bhZZAOWfS8N5A8XwaDg+4N7yqbEmNv4VZW9Mast2pb4QhDFA3YuTYM/AkaUvxY3EaVj38C212eCIWJ8Uyk0iVUeFXHbAKtXCyTgnx/Lgt6TH7kbzm91bbM/lAO4RibihHFQJt0Jjx38yzlnAngBXCH9VNcK6h8hdzc4jpoSlTIU4R80EGf2IOjZZ/Wd0LHmrGb89bmhaOu//L403qtTPHQZSPSuBSUTvb6wWK4r2cL7jAtQg6fh09JS+vZEZ8sv1MNdhDpJQEAH2LfR8paLkA2AQJEYpq8zM0HgNu950EzGUu2zTjv5XgVnpC4TGqpwgkqqKiFNhCubEIKpOJ2hqlevW5d7yd6x+SHRSfAmCuOjXNlH1OWIMKob+4h374VSrM7lSf7SMmsEqcOaQQ4PgvoX/jBq6lvFcEcnFSSqjJyKaXif83JxJm6yNIMsEov5NSYvF94BgRPcCrUfaOpKi7VIKluB0XM5iD/9/vLSlBt7fUkbGZnScIMQRhblodNIg3tLGt4LwYjH0X2VBUDlfYVMvWiNCPn/Z/x++TTbEr0vv8804F9RpoZGqyrbiRk88gpWXEkWYOmprCb6qreUMmnpeJSSr1Ee0ZPvuUYF1rP92D6VhW5uL7Gn8aubxkLSvEZisUff5dWqKD+wqvbxEUwNdvpZxCPwM59ll6oHUOkayPVIo9WbiEM76J4//K4QYH2AFLnKf9W5TQOAe1hDxWmBamclc7KjeGsR0vvR7UmapVBOh8djjEOX62rEV1KTI2LFOMKLPDT/VaHCyQEQLmLV4XNDCLgMl1eMjpvdZiU90wVrXowkLtgVNN1bp+J7nkXr+g3jYa1cOzy7xvd1oqLJ5KxkktXBBJAc0aqFFG8lc+PKlpQFKrdMcoIA/pub/QdT3usJRsIL7nztW3+QE0N9+IZdvrD8KGungmnb0MMAGgbZTKwvM5LIlezpG2jWq0vvAG0rsu5vh3uVbEqtTAy5hcqQ5/Fefj9PzLmaGsmMUeWNiUg9Qkf7iEpFisjM7dOwnICuhLWblsqqTVEmZjh1GNrihXNvsvXCjF4K+o3fNL+dz/cntOsz0i/GmxTYo1BxoIJCyQCEExBfMLucTxEU7sCvHNrgSMsrNCXI4E/iFAlXCQnbTFsLWy8DaZm0qwURh5DFSbYgBY0TL1GWlB0NSfA7hKT9LyjQqa90zEYUlJ433C2Y5r/OJVX+QpY/852wB9nQST9vydEe9l7/drFaUe5EFPkSiSGcO8eKdiGeVPXHtspixqaAIv9DoVzDekaZ033ciFdxycb+mcsQHHjSAbq5vLPFKdpszGSyJv7hsyGXsFiu4PVCEwJEI+Dwd0+Kss/WThvn46Nm1gxkLr4ubImXLdoZ7Zhl64dILBSPXcsWi0SwSKcb0syFPic2+gdJ0pHwQTUb/wt59gx2hibcYaANNgip9XgtlkUDIZS5cPcNAsu+dKBGvubSnvyJOkYNOpliFfI1HbKOynDmM+xY1FKLb7/XlBBSuFd7or+MtCvvh8/R+DE=
Content-Type: multipart/alternative; boundary="_000_GVXPR07MB96780C1254718054F979346389622GVXPR07MB9678eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: GVXPR07MB9678.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bb459fa3-a793-42cc-a787-08dcd7ac2f64
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Sep 2024 06:36:10.9098 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: dFA4HY0752KeHAh5IuiRpzcWdFw1FivPTNEySEidA9zYGIwPJmRM4QjwLz4ovklGXzDvEu6TSxSL8aArdFV6d2Y7Y24HEj7DuYdg98mW3b4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DUZPR07MB9959
Message-ID-Hash: PQQ62ROUZO35MKKWYHJQYKYI25QVKE26
X-Message-ID-Hash: PQQ62ROUZO35MKKWYHJQYKYI25QVKE26
X-MailFrom: john.mattsson@ericsson.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: JOSE WG <jose@ietf.org>, "cose@ietf.org" <cose@ietf.org>, Neil Madden <neil.e.madden@gmail.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/St-bFUqf8ljb1fDZYaDlbLupP18>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

David Waite wrote:

>In addition to limitations on key length nlen, it is not uncommon that RSA implementations have >limitations on the exponent e.
>
>Could you provide more information here? I am only aware of a few implementations (notably >one included in Microsoft Windows) requiring it to be a 32-bit value, not that they mandate >65537 or the like.

Yes, here are some recent detailed examples I have come across:
- An RSA implementation from a big company that only supports e = 3. Large deployment.
- Several deployed RSA implementations from large companies that only support nlen <= 2048. In the past I have also come across nlen <= 1024, but hopefully these are not in use anymore.

But none of these were in COSE/JOSE.

Another related thing that is very common is that the same RSA key is used for several different algorithms. For new application this is not compliant with PKCS #1 (RFC 8017) unless your system is old. For security purposes fully-specified keys are likely much more important than fully specified algorithms.

Cheers,
John

From: David Waite <david=40alkaline-solutions.com@dmarc.ietf.org>
Date: Wednesday, 18 September 2024 at 01:17
To: John Mattsson <john.mattsson@ericsson.com>
Cc: JOSE WG <jose@ietf.org>, cose@ietf.org <cose@ietf.org>, Neil Madden <neil.e.madden@gmail.com>
Subject: Re: [jose] 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)



On Sep 13, 2024, at 1:30 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote:

Hi,
As an individual, I agree with Neil’s comments.
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/

I have also pointed out in a separate mail that the following sentence in not true:

”This is not a problem in practice, because RSA libraries accommodate keys of different sizes without having to use different code.”

In addition to limitations on key length nlen, it is not uncommon that RSA implementations have limitations on the exponent e.

Could you provide more information here? I am only aware of a few implementations (notably one included in Microsoft Windows) requiring it to be a 32-bit value, not that they mandate 65537 or the like.



I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain parameters (p, a, b, G, n, h) are treated completely differently.

JOSE and COSE already only allow named curves to be specified, so discussion of custom curve definitions may be getting out of scope here.

Starting early with domain parameters being specified meant that RSA implementations were expected to be able to operate over a range of parameters for interoperability. There are also expectations that you can evaluate the RSA parameters at runtime for appropriateness (such as e needing to be odd)

Starting early with pre-defined curves meant that a select set of curves were often built into software, that was put into firmware, and sometimes even used to design silicon. I do not know of a way to evaluate the properties/safety of a custom curve at runtime.

<snip>

-DW