[jose] draft minutes for JOSE WG @ IETF 120
Karen ODonoghue <kodonog@pobox.com> Thu, 25 July 2024 00:06 UTC
Return-Path: <kodonog@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED07EC14F6A0 for <jose@ietfa.amsl.com>; Wed, 24 Jul 2024 17:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.653
X-Spam-Level:
X-Spam-Status: No, score=-6.653 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwyUkyQQcrut for <jose@ietfa.amsl.com>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC1CC14F69F for <jose@ietf.org>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-2cb5e0b020eso321557a91.2 for <jose@ietf.org>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721865986; x=1722470786; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4JUO/Jv2oOUiv5sLsn7SLWu79QsAcWg24HwrRk5LJXk=; b=l/yrWyHclFTY4x1QxrLMBhx3Zn1v0nr5muS7QcKFH6O/Q1WWqWM/hCVL1pwRS5NLut qLUNRAfcsqRTSDvFVW0BcRtH/wkQ3lW3Aizy/GnK7+Cq0oq+sQgeQLt9G1xPCzwHvg9t PaLXtXeDe3IX9QNzEp7ck6R5N/E+F+6jW54jIdoB7s8fpsU6k4P2MbPHTQxWrJAuGJGa sRjmu1bRjwWsLnwuyBhWJDVYwyPN6eNU4+kk2zt1V1I24od+xBzlhDz7xh6bUlDnlZqZ NqPqkuMQ7kV+oyLzh4vrOBGkHMX2zqIa2A7OWxNyxZVVyQv1UIT/qqKD8dXGgowVdEAY FqEQ==
X-Gm-Message-State: AOJu0YwwAiuGDSNK4aXg5mdPSThybAjuDjl0jidpnSavwG/wAcEJ62+Q 2WVOYgLe9Okx6H0dopmC/4VA4vjVUhmuMSnsd7RTseJLGQUdx/1HhwPUlFkBU8LqqqLocGtbMSB pxAfxHnqE4JjdCltCF1azjakBYdv6WCUJ
X-Google-Smtp-Source: AGHT+IHsqikthCiSR7uovOOuoEAvTsc+n0ZQ7Hbtik1v+A9uljOMCbmuD/gCCwLHj3Vgv/VeyGP1z5H/Js9oaigbaDg=
X-Received: by 2002:a17:90b:3ec5:b0:2c8:858:7035 with SMTP id 98e67ed59e1d1-2cf2ea28f07mr170611a91.25.1721865985609; Wed, 24 Jul 2024 17:06:25 -0700 (PDT)
MIME-Version: 1.0
From: Karen ODonoghue <kodonog@pobox.com>
Date: Wed, 24 Jul 2024 17:06:14 -0700
Message-ID: <CA+mgmiP_DECJnCX01cMGQzLqwNMmmdNoDB_wvOPiMBVXCT_a4g@mail.gmail.com>
To: jose@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 6KXDW6KTLKRKZGJHPHUDHWIJ5GZWMBCD
X-Message-ID-Hash: 6KXDW6KTLKRKZGJHPHUDHWIJ5GZWMBCD
X-MailFrom: kodonog@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] draft minutes for JOSE WG @ IETF 120
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/bnSRqgtC-phXoL2aeXnBu75QsR4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
JOSE working group members, Below are the draft minutes (also at: https://notes.ietf.org/notes-ietf-120-jose) Please review and provide any updates or corrections. These will be submitted as final towards the end of next week. Thanks especially to Mike Ounsworth and David Waite for helping with the minutes. Regards, Karen DRAFT MINUTES JOSE Working Group @ IETF 120 Monday, 22 March 2024 15:30 - 17:00 PDT (UTC -7) Georgia A Notes: https://notes.ietf.org/notes-ietf-120-jose Please check https://datatracker.ietf.org/meeting/120/agenda for an updated link to the meetecho session. Draft Agenda Admin and Agenda Bash Note-takers: Mike Ounsworth, David Waite (after his talk). Much thanks from the chairs! No agenda bashes. JSON Web Proof Drafts JSON Web Proofs https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/ JSON Proof Algorithms https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-algorithms/ JSON Proof Token https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-token/ No comments at the mic. Chairs would like to see additional discussion on-list. These drafts should move into the jose-wg github space (https://github.com/orgs/ietf-wg-jose) David Waite: FWIW, JSON Web Proofs are currently under their own org, at http://github.com/json-web-proofs/json-web-proofs David moved them over before the end of the meeting. Fully Specified Algorithms for JOSE and COSE https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ Filip Skokan: It was the German Health Institute who wanted to do brainpool curves in JOSE. I can help find out who wants to use this and ping Mike Jones. MJ: We intentionally did not add new functionality; we only added things that are already registered. Kristina Yasuda: Where did you get the allocation ranges? MJ: We used the 2-byte ranges and followed the convention of negative codepoints for signatures laid down by Jim Schaad. We are aligned with the ISO 18013-5 driver’s license doc on curve codepoints. Brian Campbell: I don’t recall anyone actually asking for algorithms to be registered. IMO registering a small set feels like the worst possible outcome here: if we’re going to register some then we should register them all. I would rather register nothing because nobody seems to need this in practice, creating maintenance issues for library maintainers. Filip Skokan: Agree with Brian. We should register X25519 as a modern alternative to P256; but I would rather that we simply not have these registrations (speaking as a maintainer as several libraries). MJ: Ok. We will revisit the people who asked for this. Hannes Tschofenig: We (SUIT) like the 4 algorithms you have; they represent a practical approach – referring to existing hardware acceleration for P-256. Kathleen Moriarty (KM): “Deprecated” means “please don’t do this anymore” – ex as used by TLS WG or as used by the IETF process for the status of drafts. Using a different defition of “Deprecated” here would be confusing. MJ: these uses of the terms were suggested at the time by Sean Turner, and they are already in the spec. If we change “Deprecated” to mean “Prohibited”, then we have to update a bunch of things. This would be good for an on-list discussion. Brian Campbell: I am very much opposed to the introduction of a new algorithm that was not asked for during WGLC. There was fairly limited requests during WGLC, but the changes are much broader than that. I don’t think we’re ready for a second WGLC. This draft seems to have gotten caught up in solved parallel ECDH problems, and is holding up progressing this good work. MJ: you’re right that the only on-list response was Neil Madden who said that this does not do what it was asked to do. There was a request to remove the ECDH stuff from the scope. Hannes: On the discussion about whether signatures or encryption are more important … there are uses for JOSE encryption mechanisms, particularly in the firmware world. Laurence Lundblade: In Prague there was an AES ciphertext binding attack presented at LAMPS. We’ve been discussing this quite a bit in COSE and we believe that JOSE and COSE are similarly vulnerable, and we probably should not register a new codepoint -54 until we figure out how to address the attack, which probably needs a new codepoint. Chairs: one possible approach is to separate out the contentious part of this draft. MJ: suggestion for how to proceed: my personal opinion is that we should not do new ECDH registrations in this draft. But we have gained a lot of WG knowledge around ECDH, so it would be unfortunate to pull that text out. Filip: I wouldn’t mind if the appendix remained in a version of the document with the registrations gone – except for removing the concrete references from the table in the appdx. Chairs: the result of all this is that we are not ready for another WGLC. Use of HPKE with JOSE https://datatracker.ietf.org/doc/draft-ietf-jose-hpke-encrypt-01 Chairs: everyone please take a look at the last two slides (or look at Orie’s email with essentially the same content). The chairs will be coming back to the list with questions to help define the open questions. Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE and COSE https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/ Chairs: I see some thumbs-ups. We will do a call-for-adoption on the list. Guidance for COSE and JOSE Protocol Designers and Implementers https://datatracker.ietf.org/doc/draft-tschofenig-jose-cose-guidance/ Hannes: I will re-submit the document with this new title and abstract, then post to the list. Chairs: I see people doing thumbs-up. I assume they will look at the document. AOB and Way Ahead Chairs: We have created an IETF-owned github space for JOSE. I would ask all authors to move your documents over. https://github.com/ietf-wg-jose No Updates, but still on our radar: JOSE-COSE HPKE Cookbook https://datatracker.ietf.org/doc/draft-steele-jose-cose-hpke-cookbook/
- [jose] draft minutes for JOSE WG @ IETF 120 Karen ODonoghue