[jose] Re: [COSE] My review of draft-ietf-jose-fully-specified-algorithms
"lgl island-resort.com" <lgl@island-resort.com> Sun, 15 September 2024 19:30 UTC
Return-Path: <lgl@island-resort.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 126D1C151717; Sun, 15 Sep 2024 12:30:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.907
X-Spam-Level:
X-Spam-Status: No, score=-1.907 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TOauaGVileWh; Sun, 15 Sep 2024 12:30:51 -0700 (PDT)
Received: from NAM04-MW2-obe.outbound.protection.outlook.com (mail-mw2nam04on2114.outbound.protection.outlook.com [40.107.101.114]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B0D59C14F617; Sun, 15 Sep 2024 12:30:51 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=jHBMSvlS5p9c0sPnMHnvZXdF73YMEQG/DWweK/EkYXR61mAUBT4ay9AKp3vTRjrVuVS9cRsbg3oetLyK95an49vMtJv96y5T3JLmZSgqJ+ZvQvF7kqqjELczFqu++EFnMOzKSyxQCCQSve5YkVpM2ax9ZZd83OGcw5UJXbjPNSknV3dUxYafEcYbybWU6OOqCJpWhpMQBS5azOq94Zeypf9R3zv6RZHTS0aga+6mR0Nlaiur3D3M3qnGCRETL/N5clk9csAXbO1SoHP/Yn1LvaOTWEKqROcEuvSY5ZhfBNngUivOgQYZ4lpCt/dLdqh7OL4bsP0Ggb6UIiuCLRDtJw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NrKzrA151VMD9PvLtj3Oj+C27z5JXVBKu/y5RU+bqoU=; b=NwNgxbWVPcKPmuDkOZ1Nc+HbuYOXGeDOD7d63J6wYus01mK6C7aMZxnPg02TFL6r6irpEWjNF5c8Pjpo0aU7UL4E2iBem0e6Sf6yWQyExyx8vOa5/7cO/pMb8TOwr3tR9C4qh+8V4C31kypJivVjPVOASdwNltw7nNgS+u6IGuRzS4w7/BQEZ6ox8kbn9dupMWYtN0dKjX0p0+n2n9i9SiiBttNcrKHe0LpVZUoS5LyqkpmgCdK0ZMTdUPHWtSFIYWGavgrDdZAx3wWamjsDkwh4RR/eoRwvVy0o8Rblc+D+Bl28haPCa5lM7VZBcF8DDgzp8nU5N84e8/4C7gQnoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=island-resort.com; dmarc=pass action=none header.from=island-resort.com; dkim=pass header.d=island-resort.com; arc=none
Received: from PH7PR22MB3092.namprd22.prod.outlook.com (2603:10b6:510:13b::8) by LV8PR22MB5697.namprd22.prod.outlook.com (2603:10b6:408:261::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7962.23; Sun, 15 Sep 2024 19:30:49 +0000
Received: from PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::8515:3aa6:3ced:15e]) by PH7PR22MB3092.namprd22.prod.outlook.com ([fe80::8515:3aa6:3ced:15e%7]) with mapi id 15.20.7962.022; Sun, 15 Sep 2024 19:30:48 +0000
From: "lgl island-resort.com" <lgl@island-resort.com>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Thread-Topic: [COSE] My review of draft-ietf-jose-fully-specified-algorithms
Thread-Index: AQHbB6XESc+VXxRd6kWRBhLCm6kzWg==
Date: Sun, 15 Sep 2024 19:30:48 +0000
Message-ID: <993D319E-6737-4A6E-A9C5-5392888CF1BA@island-resort.com>
References: <008001db074b$57585530$0608ff90$@gmx.net> <GVXPR07MB96785F126A91D0AEA777F36689672@GVXPR07MB9678.eurprd07.prod.outlook.com>
In-Reply-To: <GVXPR07MB96785F126A91D0AEA777F36689672@GVXPR07MB9678.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=island-resort.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR22MB3092:EE_|LV8PR22MB5697:EE_
x-ms-office365-filtering-correlation-id: 7f0d9783-c4a9-4726-7b31-08dcd5bce700
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|1800799024|376014|4022899009|366016|38070700018;
x-microsoft-antispam-message-info: 4EiXEG70hWw4tpboYGdJi/cQvdlPrJdlt/WlC9sPbobbyPcsYgFgZ7g7950VQdt5IxvDH/rf77DzimdNM3BtnPPurS4rURL36QKhjZck1wHfh+AaXpvB26FaylPrmOc3AZD9dzDFtQzG+bBTvcipj49I0EX9RhQEBM4SIkE6ZIN0ceAHqyTKU4sNh8cBgSZtGBVJXGQBXvQxRMQUxOFqq4fvna5L6wX+mid5LlzPSnL4WihQA7NHh4kX9ZPXzdhOP0x5ETlNoXm02xRtizFR3lh5JFHuY89TJABr/0e8CknnKajVcyZhf5mXL6b5YRO90EmwrqVu38QDicduo73oLuiZoJzKYavUqIxJGAXjbgpqRlKCB8tAyo/qz3B7n7BvBDJWTL6PmTHwBHFC9KLUZoZWb8C6BcdcVHHq7KIUYb3xBEa3k28fMIhTqPpSnF0z5x4dPX5zbNx471TZRwgjj96veEl2QobL35xw/BjreJHxXUBn7o8bEzTtXD4gF367JzUT5BpWlHYd6YCk/1WeV+OchW9sFkQRf/7sTEaAlqK/qssOBaR945QZYuWO+c6rXKzwPrTt3PgXTXge5db1AH9GdxVpyADUmN/KqdrfyljocVhVVRUWn33zhn4p7hcTpmwaOreL+I0tlMTly/ditcUuU5UrRRnkUa3iQb6x/sc/sszhQBk3Sv4/RrWgcoLeKxkbGCFjUVTLwIs4cQBurPX2F94eZamIz0G3zx7kdIuCwK6T1kvzMgr3M98ho3VHo9hJjaUjN+2AoWSqcg3R2H/9SzLL6DveRdfh8I4AS0fNFxfi2gLlm/3xGAKStAuDEN+KgGgmSoIvyqzGPD0tZAMucsb62N1PDDPZcQOxrd8itlxemQAfGjUdoTbWQurA5epf4nc07OhWsClu6kadR0XA4djci9VEhlkAeJywxsj7jslibs241puws0PSh2r/m4I27lSXOYwgFmtfZOAYg8Sih3R1uAH6FEFt5x861bUrdtIHw2TlIFqXY2JJ+Z3HaFFyzt3Ces/kaO7ZACOGtmeeYXLAXV6BFlw7SjliFKdnpZXN7HOuMdheFN4hU3KGNXBsFPExYt1imZVY7D9aCIWAs/gDUQvKQvBIhvgfUOScsE62SYEKE3a9765pIhFm1HrJ5IAeSrVSffkgL7lmENdOGIXIS2QYcsPJQ+USo0j2cnAVocoPVUuViEtCoT6so8slEVaNVdWjz4PdlgYNy8Bw0UZhmwNQPQ5uk5J03tP8LbADtwzQr0BaCVx42O1O5NyCcCRetKUv6wYh2FOeKLr7/otWjaMjEUwku57ltOF9zRuEgOJvYQqRwKT/C7dOEby13wTF3Bp1zVCJ4/KjrpyAlTz1GM5vioKHhw/2Pck=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:PH7PR22MB3092.namprd22.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(1800799024)(376014)(4022899009)(366016)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Md3yjzWlQAUjlujmvROWOszy+D6FEDfkdgIAu4bVK/wg/U+4KqLcwkyvzpgXVw1pvR1MDLgR34tQxlOH9n3VumT98HUbQye2a/z/WDp3Ywm7T6xDTl5GK7JGIdE5rAVab5sm3fzrIhRtIpcFdcVLraKfKGs1ZYTtXHF8yRbBPguY9GoeZ9PRD7jliDvwCWZM6xdmeYQWFrJmbTHY/M2i3Ppu6SblfwQ9eQNnU12IfRr7O1+brlXo07afEsJCnAgQurm3p/G/M8eKplJYFXO0LdfjCLHa5cKEJMp7nKbggH/fUtd25GND8LYYC86wHdYdsvouyaEy6X9PfSTCopJnq/Xn3moJza/f3hTc4Qi5k+rH/NytxzTHdMef19KCobuMgKaDFEI3nVwmcx2bGiH0wVa/4J4B9tdHoh2D96QWRFssCJm6wLYtrf8cg6FiPoUNoCMIpyH8vMQ5dbU7sUdK6Yd8v2tIc+YeZKhttgul/SLNLeDs2sTDcpZKWpJHB1EbLKOxth6D/UPyeqOLbY/wLs4liV8JPSP34vLE2uTTNqP+KNDjC0QYGge4XK33s9njgrY1CRe41UDuRhBqxbzUjjC498LYCxmOmydhHOKJ8IBwhyj1qa29topBugjXbihDzpesgcZaIs1kh67ddGviXQXZSM8FAkGMRp9kh8Nw0NOAu6BXgl6ISfPszYnathSN7QsuQlSAqVz8tQcjlJ4fB/EL3Iv1b3Dt6X+Uzqml6W8qkg8st++mQO40UFAu2jvIvnG1J94x6Kx+FGcAwfqlfZMZy7VqVZDInTlkXXaoTFdz0Wut5NHnjpwuZopUYRtpjhNX/PQlJCDROoejvLekCciR6U4WiHHitkLrEmSuEBJ6YP+zXq3+3SwRzR8uUVsFm/ytlkLFUPsTHTVRudJrx/xmtKdmHECRIomULMhhd/KAI24klihiBWxtAAd5WMrw7WO64aLrI6cscxBd1ZnwP43ojWM9j6ENQGZHQuYOBqwpud2cC4vnFGbl0/oJXKpF7lajdEMIOa+hdkwERCndO1OJ4avKkbuKVD/GfCONR0LCbW/fnh9t8KUGGWZv5i7Q946CpfczOoVdCvWPCrgOtsy3zHuElx0lexdvQsN3u5lFz409IXsoT5k8j65qMeTBicFR6gM1KHATZw2+2wmc/15BK/YKlDzKP/pqhJZgjUddj++zQgMR9BjlYdth82+pYj9XMcEnKH21GrPIB3H/ZzPKGm+r6sQV358zTb0yqnurxt9PBGZOKb5e8q7rpw14oHRioannoQlAC0aPr5l1eICb1/AwiRLHO35vek9Y4Gx2RAMNK4tnngovMDl+8euLKVG5cnQ2TL5zVc9H/5iE63klfiuoj9sB+qx3uDWuQuowtiQZ/xMF0G30m51vnNz52Q2iSPvQiV+n6OXUMNYPLUI0NihM29StXEWRloljqhjokMkD7jM2GhkPFZiFejHLxbth+LLztpnryzqDZoRrNFYzsrAiNbL5vD5ctYuoayAl9QhjQUTCWrPzY1+ktQtzXOsPgd+KVDHr/P3xjWBPk/lgM4In6zTfDo/R7u5FQxwSsd0P0FSIhqr2rSgQkNc886o5DAjE908sZsrdantSpA==
Content-Type: multipart/alternative; boundary="_000_993D319E67374A6EA9C55392888CF1BAislandresortcom_"
MIME-Version: 1.0
X-OriginatorOrg: island-resort.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR22MB3092.namprd22.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7f0d9783-c4a9-4726-7b31-08dcd5bce700
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Sep 2024 19:30:48.5391 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: ad4b5b91-a549-4435-8c42-a30bf94d14a8
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: or9AgVy8OTpL3SGUcwVyepbTO13ZMPse0+9S0jbSfkquUnPlD7+rBa0lIRrN+Nsu/d2OXmVVgh0Aw6AwQUcDFQ==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: LV8PR22MB5697
Message-ID-Hash: X4OU5JV25PC2RQ4WRVXNMU54NVDVRDHQ
X-Message-ID-Hash: X4OU5JV25PC2RQ4WRVXNMU54NVDVRDHQ
X-MailFrom: lgl@island-resort.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "hannes.tschofenig=40gmx.net@dmarc.ietf.org" <hannes.tschofenig=40gmx.net@dmarc.ietf.org>, "cose@ietf.org" <cose@ietf.org>, "jose@ietf.org" <jose@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: [COSE] My review of draft-ietf-jose-fully-specified-algorithms
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/drYej8LZxznJfdNkdqx2cScv_cs>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
How about the terms “fully specified” and “partially specified”? “Polymorphic” doesn’t seem so accurate because there isn’t really changing of form. "À La Carte” requires mental mapping from the dictionary definition. “Polymorphic” is also used in the field for a different meaning: https://en.wikipedia.org/wiki/Polymorphic_code. and "Polymorphic encryption refers to the encryption of data in multiple forms that are protected by multiple keys" LL On Sep 15, 2024, at 2:29 AM, John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> wrote: HI Hannes, Thanks for your review. I include JOSE WG as well. I think the cipher suite versus vs. à la carte is a good description for parts of the draft but not others. I don't think the discussion of having all domain parameters in the algorithm specifiers vs having some parameters in the key maps well to cipher suites. TLS 1.2 cipher suites are less specified than IKE and COSE and the term cipher suite only makes sense if there is an encryption algorithm included. Cheers, John Sent from Outlook for <https://aka.ms/o0ukef> VIC 20 ________________________________ From: hannes.tschofenig=40gmx.net@dmarc.ietf.org <hannes.tschofenig=40gmx.net@dmarc.ietf.org> Sent: Sunday, September 15, 2024 10:43 AM To: cose@ietf.org <cose@ietf.org> Subject: [COSE] My review of draft-ietf-jose-fully-specified-algorithms Hi all, as requested, I have reviewed the document. Here’s some background information first: Security protocols like TLS and IKEv2 perform an initial handshake to authenticate endpoints, negotiate algorithm combinations, and establish a symmetric key for securing data traffic. After the handshake, there's no need to carry algorithm information around, as the key identifier implicitly defines the algorithm in use. However, JOSE and COSE are not multi-round-trip protocols but rather building blocks for other protocols, often used in applications involving one-shot messages (such as JWTs or CWTs). It has become common practice to include algorithm information in the headers of JOSE/COSE payloads to specify the algorithm and key exchange mechanism. Despite the risk of attackers altering algorithm identifiers to deceive recipients into using incorrect algorithms with a given key, this practice persists. There are two main philosophies regarding algorithm identifiers in JOSE/COSE headers: - Ciphersuite Approach: The identifier refers to a meaningful combination of algorithms, key sizes, etc. This is an example from the draft: ECDH-ES using P-384 w/ HKDF and AES Key Wrap w/ 192-bit key --- this ciphersuite represents the combination of all these individual algorithms, key sizes, key distribution mechanisms, KDFs, etc. - À La Carte Approach where individual properties are expressed independently. Here is an example: Algorithm = AES, Key Size=128, Mode of Operation: GCM The document aims to revise the IANA registry for JOSE and COSE algorithms to list ciphersuites, which is necessary as other specifications have assumed that ciphersuites are being used. Initially, the focus of the draft was on digital signature algorithms, but later, encryption algorithms were also included. This added complexity, as encryption algorithms support various key exchange methods. The expanded scope was discussed at the last IETF meeting. This expansion of scope is, however, unavoidable since otherwise the content of the registry is misaligned. Mike and Orie argue that content encryption and key exchange algorithms must be independent of each other: "Each of these multiple algorithms must be independently fully specified. The operations performed by each of them MUST NOT vary when used alongside other algorithms. For instance, in JOSE, alg and enc values MUST each be fully specified, and their behaviors MUST NOT depend upon one another." I disagree with this perspective since these algorithms depend on each other. The key exchange algorithm must produce a key of the appropriate length for the content encryption algorithm. Additionally, binding them together is necessary to prevent attacks, as discussed in the context of COSE HPKE. Interestingly enough, later in the text they acknowledge this fact on page 14: " In COSE, preventing cross-mode attacks, such as those described in [RFC9459], can be accomplished in two ways: (1) Allow only authenticated content encryption algorithms. (2) Bind the the potentially unauthenticated content encryption algorithm to be used into the key protection algorithm so that different content encryption algorithms result in different content encryption keys. " I disagree with the text as currently written, as described in https://datatracker.ietf.org/doc/draft-tschofenig-cose-cek-hkdf-sha256/. I believe I understand what the authors are trying to communicate but it does not quite get across. Their view is purely from a registry value perspective and not so much from a security point of view. Section 3.2's API descriptions are incorrect. For example, most ciphers used for content encryption in COSE and JOSE are AEAD ciphers, and their API does not align with the description in Section 3.1.1. I found nits in the draft. For instance, Section 3.1.1 (which discusses direct encryption) references AES-KW, stating: "Key Wrapping algorithms impose additional implicit constraints on AAD and IV." While true, AES-KW, as defined in RFC 3394, does not have public parameters that vary per invocation. Consequently, for COSE, the protected header in the recipient structure is a zero-length byte string, which does not apply to the content encryption layer. You could call this "constraints" - it would be more correct to just state what is meant by these constraints or point to the respective section in the relevant RFC(s). In Section 3.2.2, it appears that the document creates new KEM-definitions and their APIs, despite several existing IETF specifications that could be referenced. For example, text could be copied from RFC 5990bis (see Section 1.2 of https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc5990bis/) Finally, I have concerns about the terminology used in the draft. For instance, I am not convinced that introducing the term "polymorphic" is a good idea, as it is not used in the security field. In the IPsec/IKE discussions I have seen the terms Ciphersuite vs. À La Carte being used. With all that said, I agree with the overall concept of the draft. My review focuses on providing feedback on the content, and I am happy to collaborate with the authors or the group to refine and improve the wording of the text. Ciao Hannes _______________________________________________ COSE mailing list -- cose@ietf.org To unsubscribe send an email to cose-leave@ietf.org
- [jose] Re: [COSE] My review of draft-ietf-jose-fu… John Mattsson
- [jose] Re: [COSE] Re: My review of draft-ietf-jos… hannes.tschofenig
- [jose] Re: [EXT] [COSE] Re: My review of draft-ie… Blumenthal, Uri - 0553 - MITLL
- [jose] Re: [COSE] My review of draft-ietf-jose-fu… Ilari Liusvaara
- [jose] Re: [COSE] My review of draft-ietf-jose-fu… Michael Jones
- [jose] Re: [COSE] My review of draft-ietf-jose-fu… lgl island-resort.com
- [jose] Re: [COSE] My review of draft-ietf-jose-fu… Tschofenig, Hannes
- [jose] Re: [COSE] Re: My review of draft-ietf-jos… Neil Madden
- [jose] Re: [COSE] Re: My review of draft-ietf-jos… Ilari Liusvaara
- [jose] Re: [COSE] Re: [EXT] Re: My review of draf… Michael Jones
- [jose] Re: [COSE] Re: Re: My review of draft-ietf… Michael Jones
- [jose] Re: My review of draft-ietf-jose-fully-spe… Michael Jones