Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 30 September 2014 02:41 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E35831A00B5; Mon, 29 Sep 2014 19:41:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GUZDXVsVp0Kl; Mon, 29 Sep 2014 19:41:45 -0700 (PDT)
Received: from mail-qg0-x22b.google.com (mail-qg0-x22b.google.com [IPv6:2607:f8b0:400d:c04::22b]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AAF51A0072; Mon, 29 Sep 2014 19:41:45 -0700 (PDT)
Received: by mail-qg0-f43.google.com with SMTP id j107so4184312qga.2 for <multiple recipients>; Mon, 29 Sep 2014 19:41:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=from:content-type:mime-version:subject:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=WAflcihn+SbQjWFwntFZbsl2WK19hXcyQBKPACDyWxY=; b=Nl3UJJSFO+RElH5y+j6lwnXIMK7ckWiqb1OLCQ8dQunqA/RUrySZ2vB/vh/SO59E6v eN71/pTxtGPqruN0C52KIZQUeiMAZ5ZPSs2w7ej0kQ+XHVTUEfsiWYEVgaLm0FegJFOT JRNfeoC03DEIn0nNfxUcyyFHciDI6BFdLRscejEuVWNh5yqCG16n537wrEwCr3YpRKcl rvejdlSo2LZqAoMX1OaVYAREJM4HrI9syAr8W0ED4eNJ8A13QOyo4iSFpOx3GwZMlssg zCyAlZKDOt0uSyZ1utAWUGKTeUejc8FaDlqVWx0smx58Pmp5mQuQm3hDRjLWi2IW6uCB 0R8Q==
X-Received: by 10.224.122.137 with SMTP id l9mr58493780qar.76.1412044904172; Mon, 29 Sep 2014 19:41:44 -0700 (PDT)
Received: from [10.165.45.42] (mobile-198-228-206-111.mycingular.net. [198.228.206.111]) by mx.google.com with ESMTPSA id l62sm12832308qge.8.2014.09.29.19.41.42 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Mon, 29 Sep 2014 19:41:42 -0700 (PDT)
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
X-Google-Original-From: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Content-Type: multipart/alternative; boundary="Apple-Mail-ED01015E-8F8F-44DB-95F9-6E3F88E9E1DE"
Mime-Version: 1.0 (1.0)
X-Mailer: iPhone Mail (11D257)
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAA14D8@TK5EX14MBXC288.redmond.corp.microsoft.com>
Date: Mon, 29 Sep 2014 22:41:41 -0400
Content-Transfer-Encoding: 7bit
Message-Id: <3BE06C3F-9D49-4BBE-9099-EFE795AE1CD9@gmail.com>
References: <20140928212955.32419.90607.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAA14D8@TK5EX14MBXC288.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/TTI_9eWlV6FVvtl28PvQlKtjAu4
Cc: "draft-ietf-jose-json-web-algorithms@tools.ietf.org" <draft-ietf-jose-json-web-algorithms@tools.ietf.org>, "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, Alissa Cooper <alissa@cooperw.in>, The IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Sep 2014 02:41:48 -0000


Sent from my iPhone

> On Sep 29, 2014, at 6:42 PM, Mike Jones <Michael.Jones@microsoft.com> wrote:
> 
> Thanks for your review, Alissa.  I’ve added the working group to this thread so they're aware of your comments.  Replies are inline below…
>  
> -----Original Message-----
> From: Alissa Cooper [mailto:alissa@cooperw.in] 
> Sent: Sunday, September 28, 2014 2:30 PM
> To: The IESG
> Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-algorithms@tools.ietf.org
> Subject: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
>  
> Alissa Cooper has entered the following ballot position for
> draft-ietf-jose-json-web-algorithms-33: No Objection
>  
> When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)
>  
>  
> Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>  
>  
> The document, along with other ballot positions, can be found here:
> http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/
>  
>  
>  
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>  
> == Section 3.4 ==
> "Signing and validation with the ECDSA P-384 SHA-384 and ECDSA P-521
>   SHA-512 algorithms is performed identically to the procedure for
>   ECDSA P-256 SHA-256 -- just using the corresponding hash algorithms
>   with correspondingly larger result values.  For ECDSA P-384 SHA-384,
>   R and S will be 384 bits each, resulting in a 96 octet sequence.  For
>   ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a
>   132 octet sequence."
>  
> For the ECDSA P-521 SHA-512 case, how does the result amount to 132 octets? Is there padding inserted into R and S?
>  
> The P-521 curve uses 521-bit R and S values.  It takes 66 octets to represent 521 bits.  There are two 66-octet values, hence 132 octets.
>  
Mike,

I may be missing something too... It looks like there is a little padding as the info in the draft gets to 65.1 as opposed to 66.  I think that's what Alissa was getting at.  How is that handled?  Also, is there space allocated for the "." Separators or is that not necessary?  

Thanks,
Kathleen 
> == Section 7 ==
>  
> Do we use iesg@iesg.org? I usually use iesg@ietf.org.
>  
> == Section 8.4 ==
> "An Initialization Vector value MUST never be used multiple times with
>    the same AES GCM key."
>  
> I think what was intended here was s/MUST never/MUST NOT/
>  
> Agreed.  To keep the same level of emphasis, I propose to change “MUST never” to “MUST NOT ever”.
>  
>                                                             -- Mike
>