[jose] draft minutes for JOSE WG @ IETF 120

Karen ODonoghue <kodonog@pobox.com> Thu, 25 July 2024 00:06 UTC

Return-Path: <kodonog@gmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED07EC14F6A0 for <jose@ietfa.amsl.com>; Wed, 24 Jul 2024 17:06:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.653
X-Spam-Level:
X-Spam-Status: No, score=-6.653 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CwyUkyQQcrut for <jose@ietfa.amsl.com>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
Received: from mail-pj1-f41.google.com (mail-pj1-f41.google.com [209.85.216.41]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1EC1CC14F69F for <jose@ietf.org>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
Received: by mail-pj1-f41.google.com with SMTP id 98e67ed59e1d1-2cb5e0b020eso321557a91.2 for <jose@ietf.org>; Wed, 24 Jul 2024 17:06:27 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1721865986; x=1722470786; h=content-transfer-encoding:to:subject:message-id:date:from :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=4JUO/Jv2oOUiv5sLsn7SLWu79QsAcWg24HwrRk5LJXk=; b=l/yrWyHclFTY4x1QxrLMBhx3Zn1v0nr5muS7QcKFH6O/Q1WWqWM/hCVL1pwRS5NLut qLUNRAfcsqRTSDvFVW0BcRtH/wkQ3lW3Aizy/GnK7+Cq0oq+sQgeQLt9G1xPCzwHvg9t PaLXtXeDe3IX9QNzEp7ck6R5N/E+F+6jW54jIdoB7s8fpsU6k4P2MbPHTQxWrJAuGJGa sRjmu1bRjwWsLnwuyBhWJDVYwyPN6eNU4+kk2zt1V1I24od+xBzlhDz7xh6bUlDnlZqZ NqPqkuMQ7kV+oyLzh4vrOBGkHMX2zqIa2A7OWxNyxZVVyQv1UIT/qqKD8dXGgowVdEAY FqEQ==
X-Gm-Message-State: AOJu0YwwAiuGDSNK4aXg5mdPSThybAjuDjl0jidpnSavwG/wAcEJ62+Q 2WVOYgLe9Okx6H0dopmC/4VA4vjVUhmuMSnsd7RTseJLGQUdx/1HhwPUlFkBU8LqqqLocGtbMSB pxAfxHnqE4JjdCltCF1azjakBYdv6WCUJ
X-Google-Smtp-Source: AGHT+IHsqikthCiSR7uovOOuoEAvTsc+n0ZQ7Hbtik1v+A9uljOMCbmuD/gCCwLHj3Vgv/VeyGP1z5H/Js9oaigbaDg=
X-Received: by 2002:a17:90b:3ec5:b0:2c8:858:7035 with SMTP id 98e67ed59e1d1-2cf2ea28f07mr170611a91.25.1721865985609; Wed, 24 Jul 2024 17:06:25 -0700 (PDT)
MIME-Version: 1.0
From: Karen ODonoghue <kodonog@pobox.com>
Date: Wed, 24 Jul 2024 17:06:14 -0700
Message-ID: <CA+mgmiP_DECJnCX01cMGQzLqwNMmmdNoDB_wvOPiMBVXCT_a4g@mail.gmail.com>
To: jose@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: 6KXDW6KTLKRKZGJHPHUDHWIJ5GZWMBCD
X-Message-ID-Hash: 6KXDW6KTLKRKZGJHPHUDHWIJ5GZWMBCD
X-MailFrom: kodonog@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] draft minutes for JOSE WG @ IETF 120
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/bnSRqgtC-phXoL2aeXnBu75QsR4>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>

JOSE working group members,

Below are the draft minutes (also at:
https://notes.ietf.org/notes-ietf-120-jose)
Please review and provide any updates or corrections. These will be
submitted as final towards the end of next week.
Thanks especially to Mike Ounsworth and David Waite for helping with
the minutes.

Regards,
Karen

DRAFT MINUTES
JOSE Working Group @ IETF 120

Monday, 22 March 2024
15:30 - 17:00 PDT (UTC -7)
Georgia A

Notes: https://notes.ietf.org/notes-ietf-120-jose

Please check https://datatracker.ietf.org/meeting/120/agenda for an
updated link to the meetecho session.

Draft Agenda

Admin and Agenda Bash

Note-takers: Mike Ounsworth, David Waite (after his talk). Much thanks
from the chairs!

No agenda bashes.

JSON Web Proof Drafts

JSON Web Proofs https://datatracker.ietf.org/doc/draft-ietf-jose-json-web-proof/
JSON Proof Algorithms
https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-algorithms/
JSON Proof Token
https://datatracker.ietf.org/doc/draft-ietf-jose-json-proof-token/

No comments at the mic.

Chairs would like to see additional discussion on-list. These drafts
should move into the jose-wg github space
(https://github.com/orgs/ietf-wg-jose)

David Waite: FWIW, JSON Web Proofs are currently under their own org,
at http://github.com/json-web-proofs/json-web-proofs

David moved them over before the end of the meeting.

Fully Specified Algorithms for JOSE and COSE
https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/

Filip Skokan: It was the German Health Institute who wanted to do
brainpool curves in JOSE. I can help find out who wants to use this
and ping Mike Jones.
MJ: We intentionally did not add new functionality; we only added
things that are already registered.

Kristina Yasuda: Where did you get the allocation ranges?
MJ: We used the 2-byte ranges and followed the convention of negative
codepoints for signatures laid down by Jim Schaad. We are aligned with
the ISO 18013-5 driver’s license doc on curve codepoints.

Brian Campbell: I don’t recall anyone actually asking for algorithms
to be registered. IMO registering a small set feels like the worst
possible outcome here: if we’re going to register some then we should
register them all. I would rather register nothing because nobody
seems to need this in practice, creating maintenance issues for
library maintainers.

Filip Skokan: Agree with Brian. We should register X25519 as a modern
alternative to P256; but I would rather that we simply not have these
registrations (speaking as a maintainer as several libraries).
MJ: Ok. We will revisit the people who asked for this.

Hannes Tschofenig: We (SUIT) like the 4 algorithms you have; they
represent a practical approach – referring to existing hardware
acceleration for P-256.

Kathleen Moriarty (KM): “Deprecated” means “please don’t do this
anymore” – ex as used by TLS WG or as used by the IETF process for the
status of drafts. Using a different defition of “Deprecated” here
would be confusing.
MJ: these uses of the terms were suggested at the time by Sean Turner,
and they are already in the spec. If we change “Deprecated” to mean
“Prohibited”, then we have to update a bunch of things. This would be
good for an on-list discussion.

Brian Campbell: I am very much opposed to the introduction of a new
algorithm that was not asked for during WGLC. There was fairly limited
requests during WGLC, but the changes are much broader than that. I
don’t think we’re ready for a second WGLC. This draft seems to have
gotten caught up in solved parallel ECDH problems, and is holding up
progressing this good work.
MJ: you’re right that the only on-list response was Neil Madden who
said that this does not do what it was asked to do. There was a
request to remove the ECDH stuff from the scope.

Hannes: On the discussion about whether signatures or encryption are
more important … there are uses for JOSE encryption mechanisms,
particularly in the firmware world.

Laurence Lundblade: In Prague there was an AES ciphertext binding
attack presented at LAMPS. We’ve been discussing this quite a bit in
COSE and we believe that JOSE and COSE are similarly vulnerable, and
we probably should not register a new codepoint -54 until we figure
out how to address the attack, which probably needs a new codepoint.

Chairs: one possible approach is to separate out the contentious part
of this draft.

MJ: suggestion for how to proceed: my personal opinion is that we
should not do new ECDH registrations in this draft. But we have gained
a lot of WG knowledge around ECDH, so it would be unfortunate to pull
that text out.

Filip: I wouldn’t mind if the appendix remained in a version of the
document with the registrations gone – except for removing the
concrete references from the table in the appdx.

Chairs: the result of all this is that we are not ready for another WGLC.

Use of HPKE with JOSE
https://datatracker.ietf.org/doc/draft-ietf-jose-hpke-encrypt-01

Chairs: everyone please take a look at the last two slides (or look at
Orie’s email with essentially the same content).

The chairs will be coming back to the list with questions to help
define the open questions.

Post-Quantum Key Encapsulation Mechanisms (PQ KEMs) for JOSE and COSE
https://datatracker.ietf.org/doc/draft-reddy-cose-jose-pqc-kem/

Chairs: I see some thumbs-ups. We will do a call-for-adoption on the list.

Guidance for COSE and JOSE Protocol Designers and Implementers
https://datatracker.ietf.org/doc/draft-tschofenig-jose-cose-guidance/

Hannes: I will re-submit the document with this new title and
abstract, then post to the list.

Chairs: I see people doing thumbs-up. I assume they will look at the document.

AOB and Way Ahead

Chairs: We have created an IETF-owned github space for JOSE. I would
ask all authors to move your documents over.
https://github.com/ietf-wg-jose

No Updates, but still on our radar:
JOSE-COSE HPKE Cookbook
https://datatracker.ietf.org/doc/draft-steele-jose-cose-hpke-cookbook/