[jose] Working group adoption of “COSE and JOSE Registrations for WebAuthn Algorithms”

Mike Jones <Michael.Jones@microsoft.com> Fri, 29 March 2019 11:55 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9054412026F for <jose@ietfa.amsl.com>; Fri, 29 Mar 2019 04:55:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2
X-Spam-Level:
X-Spam-Status: No, score=-2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tv601KyJjtot for <jose@ietfa.amsl.com>; Fri, 29 Mar 2019 04:55:40 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on0708.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe55::708]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9549812026D for <jose@ietf.org>; Fri, 29 Mar 2019 04:55:40 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=testarcselector01; d=microsoft.com; cv=none; b=sPs/lDFPWLE1dfJg4+mXzbdxeX9aUkxiN0AntuzvIZ03m+GGUwN4O+5C2eStVrfcyv55AzBFHOWLApojHRZ7zoSg5ahvwsgJhk8s/uIRCn7a/QDOMajYa8QNYgVdIpRcIXPBrbso7TyD5DKwlUP55QqQtNBW9DtVx25BZLJoW+0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=testarcselector01; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XKxzEH8djI7yFNuUat2JlMC3HbP9b/CfV/7vspAnb7s=; b=r6dshVxETOLSptP1+Zy+CrA8KsseTV8Cfu/PGyE049fic6Sj9dnIRp54excN9ZGs1YG0XxYjKPkPkf/wHDwdlIAnZTAScbyTkIoHSnv5VeUI3S9X0rrnaUv88e5Wd3q0xZ5EmL5JMW64S+l7+wPTAZqrnbEWOgU2TdX3vqW+pEI=
ARC-Authentication-Results: i=1; test.office365.com 1;dmarc=none action=none header.from=microsoft.com;arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XKxzEH8djI7yFNuUat2JlMC3HbP9b/CfV/7vspAnb7s=; b=oxHXuUKPFCe50doI9mhpfYWYieIjRnkXm+bop8e3tC8HDX03MDzy0olFY92CILkoK08W6PXXcCKBksMnlfBkym9auY04UtsMsqeJuIoqsFTJzNQ3ebkLosOPN5d+xQ68f2nKUgVeiQD/y/QFuyan+qbQRL14YmT61is3RvqATMc=
Received: from DM5PR00MB0296.namprd00.prod.outlook.com (52.132.128.37) by DM5PR00MB0327.namprd00.prod.outlook.com (52.132.128.158) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1795.0; Fri, 29 Mar 2019 11:55:30 +0000
Received: from DM5PR00MB0296.namprd00.prod.outlook.com ([fe80::651a:e26a:5e40:33d5]) by DM5PR00MB0296.namprd00.prod.outlook.com ([fe80::651a:e26a:5e40:33d5%6]) with mapi id 15.20.1794.000; Fri, 29 Mar 2019 11:55:30 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: "jose@ietf.org" <jose@ietf.org>
CC: "panva.ip@gmail.com" <panva.ip@gmail.com>
Thread-Topic: =?utf-8?B?V29ya2luZyBncm91cCBhZG9wdGlvbiBvZiDigJxDT1NFIGFuZCBKT1NFIFJl?= =?utf-8?B?Z2lzdHJhdGlvbnMgZm9yIFdlYkF1dGhuIEFsZ29yaXRobXPigJ0=?=
Thread-Index: AdTmJk1FCMXIivt5Qf6zVgtbmlGjVw==
Date: Fri, 29 Mar 2019 11:55:30 +0000
Message-ID: <DM5PR00MB02968CC47CDAB140A4FF6287F55A0@DM5PR00MB0296.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=ff9aefb5-196d-43f3-9a45-0000a2d472b6; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-03-29T11:52:01+0100; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
x-originating-ip: [2001:67c:1232:144:311d:8f67:7b1:cd15]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4d367d31-22b1-48fd-f5cf-08d6b43d7110
x-ms-office365-filtering-ht: Tenant
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600137)(711020)(4605104)(4618075)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:DM5PR00MB0327;
x-ms-traffictypediagnostic: DM5PR00MB0327:
x-ms-exchange-purlcount: 6
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-microsoft-antispam-prvs: <DM5PR00MB032752A7669CE6E86E615728F55A0@DM5PR00MB0327.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0991CAB7B3
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(346002)(366004)(396003)(136003)(39860400002)(209900001)(189003)(199004)(316002)(53376002)(6436002)(68736007)(72206003)(22452003)(105586002)(106356001)(9686003)(54896002)(5640700003)(2351001)(6306002)(236005)(14454004)(55016002)(10290500003)(53936002)(33656002)(81166006)(81156014)(1730700003)(99286004)(478600001)(966005)(8936002)(2501003)(10090500001)(97736004)(2906002)(74316002)(7736002)(486006)(476003)(52536014)(6916009)(5660300002)(606006)(8990500004)(46003)(102836004)(53546011)(186003)(6506007)(86612001)(86362001)(66574012)(71200400001)(25786009)(71190400001)(21615005)(7696005)(4326008)(6116002)(256004)(790700001)(6606295002); DIR:OUT; SFP:1102; SCL:1; SRVR:DM5PR00MB0327; H:DM5PR00MB0296.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: vdn6WWwdXv+NjoGuUd3Tl9ollGFpZWayXZWwjc768/0nkrcWIyb7/cGDowffIBO6P19EvLrZ6jQvJ7H8SWyIO05sJFOFISACmBY/gK5NtVZmi2aUXO2+Y+5hSJ97tovBndqanFQsGU9Bd3Hxx2IBfGPVLbjXqnZUvXWgDwOFnypdf+gyzA3TAQxtUqtkwneEiYccTrEr7smNnstvth99Y66b2xxduGYye63Sci7qKtV6qlJuvbnJ6uzR9H3AqXbRyW+E2dmNv5FT/ZMjqKFzgFJ8z6Rxc4iE9oFWE+0STIgwdYlvqIEigQ3NykVdBre8c590DOsQUredJ7UmXGwgZxO6Y79FSyZD5wXP7dtoRWhcdIxKeLC00yX090WegVslLqVmPEI7Ogfy4+i8Q4F/8SsuuI4EE5nJhSDPg0tkTHI=
Content-Type: multipart/alternative; boundary="_000_DM5PR00MB02968CC47CDAB140A4FF6287F55A0DM5PR00MB0296namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4d367d31-22b1-48fd-f5cf-08d6b43d7110
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Mar 2019 11:55:30.1436 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR00MB0327
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/uOkZImq4xKnpOkyPB5w0h55Sb7s>
Subject: [jose] =?utf-8?q?Working_group_adoption_of_=E2=80=9CCOSE_and_JOS?= =?utf-8?q?E_Registrations_for_WebAuthn_Algorithms=E2=80=9D?=
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 29 Mar 2019 11:55:45 -0000

FYI, a draft that registers JOSE identifiers for signing with the secp256k1 curve was adopted by COSE this week.  See http://self-issued.info/?p=1964.  Please discuss it on the cose@ietf.org<mailto:cose@ietf.org> mailing list.

Also, please respond on the COSE mailing list about the identifier choice for the curve.  Per the note below, two names are being considered “P-256K” and “secp256k1”.

                                                          -- Mike

From: COSE <cose-bounces@ietf.org> On Behalf Of Filip Skokan
Sent: Wednesday, March 27, 2019 2:17 PM
To: cose@ietf.org
Subject: [COSE] "P-256K" in draft-ietf-cose-webauthn-algorithms

Hello,

Once more to the correct mailing list...

this draft has caught my attention since it touches JOSE as well, specifically it proposes registration for the uses of secp256k1 "bitcoin" curve. I learned from Mike Jones that there's a discussion around naming the key's curve and the JWA algorithm.

- "P-256K"
Do we really need a new name for secp256k1? I would suggest not. Most of the document talks about secp256k1 anyway. Giving secp256k1 the alias P-256K gives the impression that it is a curve standardized by NIST, which it is not. Mike> Others have also suggested simply using the name "secp256k1". I'm fine with that.

I'd like to advocate for sticking with the proposed (in current draft) "P-256K" for EC key's crv, and "ES256K" for the JWA alg. These values are already quite common in existing implementations, quite a few hits for this.

[1] https://docs.microsoft.com/en-us/dotnet/api/microsoft.azure.keyvault.eckey.p256k?view=azure-dotnet
[2] https://connect2id.com/products/nimbus-jose-jwt/examples/jwt-with-es256k-signature
[3] https://static.javadoc.io/com.nimbusds/nimbus-jose-jwt/5.10/com/nimbusds/jose/jwk/ECKey.html
[4] https://github.com/panva/jose/blob/master/lib/jwk/key/ec.js#L22-L23
[5] https://github.com/relocately/ec-key

As mentioned in the IETF 104 meeting on Tuesday the other encountered naming of this is "K-256" but there's considerably less hits searching for implementations using that one.

I understand the COSE group does not (probably) have existing implementations of secp256k1 and that's why the notion of just naming it secp256k1 resonates, but maybe consider only doing so for COSE. JOSE could use less fragmentation amongst its implementations and therefore sticking to the most common naming already in the wild would be welcome.

The same applies to the presented question about Compressed vs. Non-compressed Points for secp256k1, i'd advocate that at least for JOSE the used points remain in-line with what's already used in with the existing keys and algorithms.

Best,
Filip Skokan