IETF Logo Mail Archive

Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt

Michael Jones <michael_b_jones@hotmail.com> Sat, 02 March 2024 18:31 UTC

Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2D8EC14F682 for <jose@ietfa.amsl.com>; Sat, 2 Mar 2024 10:31:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.234
X-Spam-Level:
X-Spam-Status: No, score=-5.234 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, BITCOIN_OBFU_SUBJ=1, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WZEyqnemkpo7 for <jose@ietfa.amsl.com>; Sat, 2 Mar 2024 10:31:49 -0800 (PST)
Received: from NAM02-BN1-obe.outbound.protection.outlook.com (mail-bn1nam02olkn2045.outbound.protection.outlook.com [40.92.15.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DF4A6C14F603 for <jose@ietf.org>; Sat, 2 Mar 2024 10:31:48 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kz5q0EFE7bQKYehJX5V8OdpGXMygmaOqHg/LJCieGX1KqYiygHLOvLE2FLIMvUAGlMt71Aw2E3eE9FmHurlZ9CL/SjM2gM6RcEa0U3MyhShDPxsKtFKPNLqzgozQT7YxGVrMU5hu2XRmAMMIsxsL4T1VmZziYeCQFXcBWakGKI0azy3WipfIdlRPKYtWMrT0r+putPfogvwZpmqxJbvTZ62kTaScugq7TFjHU9gmEc4k3QN9+8cUXNdH1lutapXnJpsoMsNvxbphdjQauF6IKr/vs/x7AauYnERO/bhq96+06AW6NhnPDNv/jtNyKmLlnWghbk4aeYIkiAG2FN8qpw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=/hDxCgQylxxbK5FBoKpeQX0sopKgv8WiUMQElO4clms=; b=EHaMZyhCmfIr5IXMMBRwm/TySF7oKx3nBm4H0S3kK7ljZ5aQDMGDKw6f3bUB3P4LOU7CPBB66sVK8JIwuo/oo2aoYlthu6TB//ce6n/W2Q4AWbIglM15v/HJ2dIw8DJczv07OsArpk+22laIZI9QN+oMUIo8khdhObaez0uNpu3KUH7K1Muw0EEqrNMoYSesDPXAVfCOcvzSUABABaAueFefhBck8KAng7EytSwBTbNM5zk3IwBlfGCvUsK+3AvTO2+IsMZH65QMqwvwK5uL+pWSf7sfeIP3BekGP7PTrEhSeexeVinX4t/rYQCRw2HUQ58gcbt2xLbhU/0rmRzVVg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=/hDxCgQylxxbK5FBoKpeQX0sopKgv8WiUMQElO4clms=; b=obLxJUTWX/mS0ulvCH12WU34c0Z5wpWZ2maYvyLGyT1jQ4KttNcIlLu8dd9asDU9tIRQCDopd6A3LmDRScwWEDrGboXWh7TaaSkyfGklw3l6VS9PMP8v3cFPspRMnATIeKXge7FmK+/Zf/xyiwaMJJbA+dqCCyguwzZtt05rRZba/45lxIs+sIQdsHhNxCOULz6ZSOFpsvaNb2O+P56mHuYDy7A4qz3Fu66jBKvZEBYrIIrCGmz0EYo3ET9Sk8Qnf7Sz9j1dI2Tcb2uSXVY4ArzZj3ryefJe5GUHJF+vfbmFp/Aq15xXmG1OrtuwSGpS7CFazSErBB0iiK/9nwHZ8Q==
Received: from PH0PR02MB7430.namprd02.prod.outlook.com (2603:10b6:510:b::9) by CO6PR02MB7617.namprd02.prod.outlook.com (2603:10b6:303:a3::6) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.32; Sat, 2 Mar 2024 18:31:46 +0000
Received: from PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::e7a2:25db:bd10:2e90]) by PH0PR02MB7430.namprd02.prod.outlook.com ([fe80::e7a2:25db:bd10:2e90%6]) with mapi id 15.20.7316.039; Sat, 2 Mar 2024 18:31:46 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "jose@ietf.org" <jose@ietf.org>
Thread-Topic: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
Thread-Index: AQHaam252kJW8ynn0kSNpKUjtuQferEgMc2AgAAGggCAATPQgIAB9fvAgAALbwCAANMwAIAAid1g
Date: Sat, 02 Mar 2024 18:31:46 +0000
Message-ID: <PH0PR02MB7430037F5EF2C95671A121C9B75D2@PH0PR02MB7430.namprd02.prod.outlook.com>
References: <170914224026.56455.15183346032212380498@ietfa.amsl.com> <Zd-VJUMiAt4I8nBx@LK-Perkele-VII2.locald> <PH0PR02MB74304D9DFD11894C957AAB3EB7582@PH0PR02MB7430.namprd02.prod.outlook.com> <ZeCc0TVTMmHPCe9u@LK-Perkele-VII2.locald> <SJ0PR02MB74399E80DC38388CD56695BFB75E2@SJ0PR02MB7439.namprd02.prod.outlook.com> <CA+k3eCS6CCvEKDQc6ZmQWnBfRn0tDxtjbjtReHLkTyUrp5SkDw@mail.gmail.com> <ZeL8qMU__s_S2vli@LK-Perkele-VII2.locald>
In-Reply-To: <ZeL8qMU__s_S2vli@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [6o9NLmgNV8ccoOS8oaItPrvY7XXyxEEaqdZChNzoIQeTRAm6Rusllul64ugu03vs]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR02MB7430:EE_|CO6PR02MB7617:EE_
x-ms-office365-filtering-correlation-id: 103a8bc4-a883-4118-2605-08dc3ae7045b
x-ms-exchange-slblob-mailprops: Z68gl6A5j28pWTK/iPXEsNsdRghgyEkUM4yt7J1KFGmcUr8x2EGYjygri487EKrJyycoZNPSxbXiW55Ssg63sBTfnEjI+81tEjbJcfoKDhN+YXbZc+gacZnVKEA2NqQQNCYdLgnoa+1hvhoJgAxyhC/4mGaL78V3IATIMGu1kIEo9SPJgGrY+R/MAWsLpH5MMYJwKi9cJXmQOi/9s8q2whfgmSo8S2fTJhZ56dOtngH5Hh8/tdJpv9s+TJLV9SvR653dmp3BsDa3J6fQY2pr2S2Zfu31PY49JGL/L9iynixVDLvB6XRtNFd9cxzMJDxGMKKVeJxt4b5jxp/h6TuvCs2kQh3ZxETKdHXptOnimPijsC0rEj/iNMRDJ3b0Oi0ojCj6KDDeeacxkZ0c3Vzqi9OZWQAOm6FllnDEOZX+YRNtV0jU5W1ZYamQ5f7b/gnXB1DGi8zg2Scn2N7x07g/vs129URtt/ENPLcA+9aDU59i1+lZaQeIk0jqGgiZXylmA/10RF46INbmXoMRnGspJwKMiqVTG0XrGXwyN+CNukTTfruZ2fSCL3fcAnT5pnjgsvADGGV4nHcRgnb7EjnNYvRn+9glPmyQIGS+AWFG9XLnrN0lFF+qVj1fojuKgq9zxroBhRsnWolVs7tTjdt/Fblh+vEcKBWrX+1Xyq0iSmQ75drdvPl7aQ+HJL3RXWNVKj1l4fpq9TdK8nau/6Ud/LN2pUeFVq2LJ7k6lxUwahyDkM1DonN677cZTbY/km2M8pjUMKPeegmmHEf122J9aiJIJMSoEKW5zD6de5p7x1G7BTeidh8ztTaUMbZ7wU8j
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6NjKkhGVKSX2mXLtTq72qUwsilC4c9JwJxFtlmDGJ0PmAMWo29xcfdQ/DBlW+I38K55YUxiH7AMpELeqCoSWH+pDtB3byzWuh1UNa6pcLbB8iJDi7uWuGbRVUQaVsF1qADIDRsAtBb8MlwzCgHf//FaAgtXJT22RLqlc2K2sLkvlul4BA0gmcLPmHT8rlxjokd1d+Mxg2QC4Fv9LBCnAvt7TL5rHSk4yFe58ccK7Xq2fxO98tqsXM6Y3gAyDAtpmFoal9CWi+CBa061DtdulfryI+5lr4nOsVPPKVDAp2TeqF8bhyQjShwHklnlv6f2JfwB2a+ZkZldQLe/QDVhA+y6iSr30HtrzqmdS8DSsFp5bDZB6cdwtvz2Fz2JMUOJK6d8wGb+02d+yddX08aAUZyZ6rXntAAlVlRXtFRimnDEGn/wV9X57ldBSYnD0p+T3A9/sPi7GIN5a8rZbUUtJUnnE6GvrGQ/4NThbWlpxZTq0m7kh0+juDquZ38eXLwZqfSF4QmCQQ9Dxv3COgqV7EYE4gUbfQ8tDzcxElCx5OmIhr6Cs2LGWsSduBzZIKaTqWs+NkRmOw0KtApzllsaGiuPbosJmvLHi7l1m+mwncIAkPTXdz4KW4kmnF0iPFha+HjL2pSrTPvWTtCpEwxdt6OTYPuZwUQ1RJQC2nnvJJI0=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +2TOkbb4UgKx5c5RU8QsJ2mrpDIy949fV1wDOYFkoOxdZww4zny5qki0V15RgAs4E8+k6vELNL+UJWsHQPubB4LlNk93W/WAE8LB65yZ6tVKnV14LePp+Gzqe6aLELE22D9FPDat23gsYaCGeXQ3HhFU2AhLIpMA/UbMlQXddVoSKWED79TARVmFhOKe+TMy9bnOv1+JV5zr+bcG7Vwx1CifgO+5wDBOHudPkaf/y/u3OGkA7J3ijdrCOXfvDtpEdF7vSLvqWyhkx6vmuR2RLvLt2Avqx+MQ8skgcH6x7qiOTeebA3ZycQ2CJkGxmqsZqJYOATxFoufI1TM4WWpMAXkioFD2lEyDFfhtohYZO6gVBizoC+ZB4HlNLA5fNZoKJSKanCUmuu3P8hiQy5MAjhgHfe9Zb0ufgJ7g1Xas5RZ1xp6WH5CIB35qjDVJxFzBpbHm6rJ5i/fWtJiHbNeId2jAyCsrjaa+mEWkrr9MfRokNsvpggmlpmCDZUhLVs48cr0iUyhGS3bSXWaS8vkVn6wjkBVcXfeCfkmBoEg0/5w/OPXfi2zbpBMhRcTVY6rR6Iybj/mlul0iwHnwJhcWYp8Wrv59bd/DwT8FQFVN30UUxURuAXgvU2l0/HfahoZz+wArZCZMHVB21Hp0jv4gPjiMFUKhK91vHHjlcsRAQSqnDDJKPlLmk7Kt/M7Qqp+g3dGoqIQoUJKMqUnURnUdu9LbMQOE7q/+Vv7ePu7/xcaUl6sxGMjPHVu/ld1iyjFZEupr3nqZMqZQw9IjbdoSjccwg7Uv1E0z+90N0ofgEU4eNl2LEGpUgSXPTfKzEoTGd7e9buexxD6H39n7eteHME7gUIPL+LnF/+ixVT5NDNxXfrqRSNHK5/1FiVH1OKYjROSxmlaUs9aXR+WRB15IIhGOX6QxBC9gtnFtb17i8YQdBOxwsOZIU/Nj7NMHb/QB0x7gzuiLDW58iwe41DDkB0MdKXIdQC+InVHW/6/bt2SdIHsB39wgFVOw7rNPYxrv7J6LIh6ga46y5Va+y2NfPgU7sXC9oTaffVNOaJeOOM2sVAu/QJ+LVKwp5+9rztlme1ms2iriNu+dHp0KsLnxZwyMvZKtBB7XXtLqueB7+6Ff1XiZfpsBU/ULJoTlLGjfR7mQXVQoS0mMjkkVcaZdkStDiS/tIfcqQuCypduoxVRJNwNRs6Lk9YsVSKU2S5Q1TGHzegr+1alB3okYbbB8uNxhjhfFYlt/b/8Ig1dNERe3MFeghfQ1itUp38DMhKEqfE/gCVyJG8HNPOcPyANhNVgxw2UhEk1ASKxdgCazzzgII4wpZoXIJPkDJ3GU8bxX
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR02MB7430.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 103a8bc4-a883-4118-2605-08dc3ae7045b
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Mar 2024 18:31:46.4533 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO6PR02MB7617
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/_fXYVaIkIPDlyms0iGE7TuD7DpY>
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 02 Mar 2024 18:31:49 -0000

Thanks for both of your detailed analysis of the encryption situation, Brian and Ilari.  I'll endeavor to capture this information in my presentation for our discussions in Brisbane.

                                Thanks,
                                -- Mike

-----Original Message-----
From: jose <jose-bounces@ietf.org> On Behalf Of Ilari Liusvaara
Sent: Saturday, March 2, 2024 2:17 AM
To: jose@ietf.org
Subject: Re: [jose] I-D Action: draft-ietf-jose-fully-specified-algorithms-01.txt

On Fri, Mar 01, 2024 at 02:41:20PM -0700, Brian Campbell wrote:
> For JOSE encryption, I think the 4 deprecated algorithms would be
> ECDH-ES,
> ECDH-ES+A128KW, ECDH-ES+A192K, and ECDH-ES+A256KW.

And for COSE, there is additionally SHA512 variant of ECDH-ES, plus SS versions of all those, making 10 total.


> But it seems like there could be as many as 20 new algorithms - one of
> each of the above combined with each of EC/P-256, EC/P-384, EC/P-521,
> OKP/X25519, and OKP/X448.  Although that list could probably be
> trimmed down to only include combinations that "make sense" together
> based on bit strength. Maybe that's where Ilari's 12 comes from?
> Though I get 10 when I try to make such a list:
>
> ECDH-ES w/ EC/P-256, EC/P-384, EC/P-521, OKP/X25519, and OKP/X448 (5)
> ECDH-ES+A128KW w/ EC/P-256 and OKP/X25519 (2) A192KW w/ EC/P-384 (1)
> ECDH-ES+A256KW w/ EC/P-521 and OKP/X448 (2)
>
> (5+2+1+2 = 10)

There is the 6th curve (secp256k1, a.k.a. the Bitcoin curve), but it is in a bit of limbo if it is allowed in ECDH or not.

But if that is left out, the list is as above.

And might make sense to use matching hash function. So SHA-384 for
P-384 and SHA-512 for P-521 and X448.

For COSE, the number is doubled because of the SS variants.

Oh and for extra fun, there is the question if one should use AES-192 or AES-256 with P-384. The support for AES-192 is much poorer than support for AES-256. Previously this did not matter because one could use either with P-384, but now one has to use the chosen one in JOSE (in COSE, the Key Agreement with Key Wrap algorithms are just shortcuts, as it is possible to compose those from primitive component algorithms).


> Regardless, I'm not sure how I feel about the combinatorial expansion
> there. Especially in the context of adding and deprecating algs into
> specs and code with existing widespread usage.

There's also the issue what if some algorithms do something subtly different. Very mild example is someone adding curves with h != 1, which then use cofactor ECDH instead of normal ECDH. But the new algorithms could also have other differences which turn out to be a major PITA to support in implementations.

Which is also something to consider in context of COSE-HPKE/JOSE-HPKE.
There already have been proposals there to do things that are not even possible to support without breaking changes in some libraries.




-Ilari

_______________________________________________
jose mailing list
jose@ietf.org
https://www.ietf.org/mailman/listinfo/jose

v2.23.0 | Report a Bug | By Email