Re: [jose] Deprecation of legacy algorithms
Michael Jones <michael_b_jones@hotmail.com> Tue, 05 March 2024 16:39 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2A0C5C15199A for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 08:39:37 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.233
X-Spam-Level:
X-Spam-Status: No, score=-1.233 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9CzIeQbYjHiM for <jose@ietfa.amsl.com>; Tue, 5 Mar 2024 08:39:33 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10olkn2069.outbound.protection.outlook.com [40.92.40.69]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 10953C151989 for <jose@ietf.org>; Tue, 5 Mar 2024 08:39:33 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mloQoQLn4G5m+eJwjrIAzQYYk60ZRpUh7hC8gweiHYeQNCfgA6/DsfQkU3rAJKj+QYLe3rSPcYYw1KmjlPRg3mnplpyWjUtQ/DAIWPOhNVKtZLDJsMuP1EDXKmJOPIREzEOeQyFsLLgJTs8FEv9xvtg17BjB4ZOGjzrEMCvnC0uraPKcKys102ClGDhCRMNRaBK9j+lXrb+AdtBYqLI4KL71E36YhmZ+gRkqMKnK35rNE5G+bpz5ljgIs5AXIizf/xFvB+abei1tUVvWgI9Hp/dBBcP9szQX4QKdldG9F3P76rgbhPx8H+wm4X57D8AdRh4tVNstFzbiGEo0PbZ0og==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=HM27xSL4u/Gn3txkaZqZpyw2P0bROspQ48nO5N8hboI=; b=W2E1CfwMhIuG+uFWlMJ8ORVaJjkzAR76lrppYccpe/7plJM5MJ3mnsoQWVBLiKuKTx6b35D0WM3UV1rPsmpfdqj6V+6fYeiRmioaBafm6J5vf/a/hUBCSLRC8OP3DkB2qqYNDT1YBgVs3J1v3NRsACBzjoImbs/R9wdJLxVBGbz8wUibsNs5PMeezHkm4+6Vd1AOVKkn2S6q9I42XlYbBt6I8StGCGjkZ1B/O18gDz9+QXa4Q7l39ifbiLQlzR+R+m6eFu50CXfZchm5Aar+5tip1KJWR3N+jVdXc829lK6CM+Jc0puhtMLX6OtA2Bjjre1f4nKUGJlCfhneRkiMRA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HM27xSL4u/Gn3txkaZqZpyw2P0bROspQ48nO5N8hboI=; b=NdNl2Qndecoat/NXlFStgNOFFAG4cQP4n+5+f91tS0A8ozM22W6jKsbe1ZCXd/v2JRdvpy9FtGxqIZTyrjwVLFleReei8NSpEpqkdGqEhWQhnkmoFiPc4X9u9ScWQXWz5TZjB5MNJArKWGYwprTQB9y2sNev8KZywOJcLDH+Qs+8JU1r7SKdKArWc+oOZk1JBRrUeloS6QhM0/Muezrooo+N2AW+HLBoKVFRUL0mjwnG6d3zAwU0nTo5jExIaSL33ouuuqJvLv+WkekTAIiLVbdFa7YEDEL/lju9vlmB+RAlccqP1WyXwo4h0KOEUUwiYAerzJkCi0xCdcx4T2JJhw==
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com (2603:10b6:a03:295::14) by CH0PR02MB7899.namprd02.prod.outlook.com (2603:10b6:610:100::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7339.39; Tue, 5 Mar 2024 16:39:31 +0000
Received: from SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66]) by SJ0PR02MB7439.namprd02.prod.outlook.com ([fe80::7c2c:4b2:7be3:4f66%4]) with mapi id 15.20.7339.035; Tue, 5 Mar 2024 16:39:31 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Neil Madden <neil.e.madden@gmail.com>, JOSE WG <jose@ietf.org>
Thread-Topic: [jose] Deprecation of legacy algorithms
Thread-Index: AQHabxW9yS83nLHqlkSBvji2Xc03JrEpWNYQ
Date: Tue, 05 Mar 2024 16:39:30 +0000
Message-ID: <SJ0PR02MB74391F8A6CA547FB2830163EB7222@SJ0PR02MB7439.namprd02.prod.outlook.com>
References: <30D0C208-4543-48C0-952D-59B57633C1EA@gmail.com>
In-Reply-To: <30D0C208-4543-48C0-952D-59B57633C1EA@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-tmn: [JktegRiEJjOtkXsnv+2EhMKdntAhdOh63S1Fld1CvqDy0PDCfY/N+7vnPuHoXyOHLaSu+u1NzrA=]
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR02MB7439:EE_|CH0PR02MB7899:EE_
x-ms-office365-filtering-correlation-id: dd7acef1-a6dd-4872-af0b-08dc3d32d4c6
x-ms-exchange-slblob-mailprops: obhAqMD0nT/u7zouxSzPCfDpBJ1Y2is9ydFyQ6PnJplNXyLA8VrL5aboqCjleNJSvVzhHQ8GlnQgn/dJYQzaQhvLjgjGsT2v3OEPO8V5uq2LvMCHLllPEXFmdHkxK14mKF1lzCRgtUIG1j43kIKzHSkyIBnWkKYcTMxkHf6sf0q3i+SYbVuWWQrtF0o5GtBd+Fcq2NUIE72gcu44XhksUi8hixV3Y+/C65EcRproh53gGo4NDO/28aNhQsIB83sfbUsWODzI+tDQiepFt84iEloAWmoaZRtuUM1MaHpT6stUPsD+GwX/cGoPjcsKlTBqCFhOFb2Nn5GCIBmzQ4KR8wh5JI32ufwRJkd3+HjSpQtH5WeMo1rc42fDu+k4Hne2uf+lNvUJzRLTLi2/z2UzlLGj80JKHXOiLDHEMKXodo9pyF3tGn4TqlKV+GQi80eYm/F4wSCB77JNsx3zGYE66DjhAu7/EJJxgoJy/vZVVQaZv7eoZF5TaqM0WeuOrWtsEYFYbQyNDnv63QIve6b8jiQj/j0w4ErxuhgKqFvzymVBW4AxSSVMiw1Q6swF+0RV6OiOSNZXvnApXS5sPtX9q1h58TLFD390s1o4/UmyCWS6N0GBh1C4oGhNEdmSrW2gvobbKZp7PDuhyvROL1EtIha7dki9SsnpXgFlTRWafsNPSLNbuae8QWp3QJdmJeeF5E7iWl3mK9t4uhrWLgHuRyTCXaMikj442ioajHt0yq0S3/bo7lHWnHSvSdyl9d5Zr/8HeYIdqy/URPc3x4gNMxgbnI96oTjWHTUQwBuiTB/MoUij/CS3J22Mhnq0GUM2
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Qu6LHrkUE1XfmP0kgC2S/IG+BgElVBn/dQKrKKueTKBUbFwQbv/pmKeiXDywGh97YU9GZHV8PzWVELERNlKidShVRbU51WF6g/jcJLDzxdT3rCiu+SBRyUdZ9axApoA4WwufZoP6ER8+iD3C2NYAGJF287EoUc1dRxO/rmfqnDp6+6kE18N61FmXOQubAr3uaLf+Z5J+2G+UjpnASdR+5SYgKv8CXOB2zTDjCeE5fcuhv1aBLE7L32GAGKIiTwPw0a/1bXCGRCyrq1W+susYVB91i0D8bw3MjvpyaBWqif72iEihAkrwX4gF59yQvTvrh2dYaJCVauviOuTPzDf1ZkhGp89zndNPU8ZqWcbJD5jIDi0zC95NMtMt+8UOt2ISRwYAkM8MkB2ai15qErYWaqPjA0SP4iIk0uNFiI3kLmIk5iQsoQq33S2TKGUk+at/SaD+eaKseJTzjLbWxadGn2s4F7QfqDO7d+j+Rl37gVy38TeJpnfmXl7oXKpDMjMla/AdXQfhl8QZGP3p2hNwsj/lgthswVhVpRQWiEvN/Ui7AnbqrdyBJ6mTGiLGp0oV9409XE5j4Czy3uXWoXAjDv+mnkvPyPU3cMa+3TxwThRgDmc/q9po1jOSw3/S5B474OZ25W/I3LhyCdio2E+C4k3hKM1tk5sD+u65X3647QDXicehyGLvhe4X9Bizst/E
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: esDAPogSC9YXs09TYCOkv7FOUPdfPy0kCc3YIVIvbgoZww4NMHy3mlmOTnlWBU3pKXwLpeTWSjAKuFKLO0BoDzC+OJnBR8rMiA2Nfzep26W8F9S+em2Gd7tFMLNTllPkCbLysAz3W6Z0lKy5/z+UJE2a3Jo/UUxPEkUT+lXm+oBe1upwskjMXEtWx5QZPdBBFQgVw4p5MC4gljLddiuktHmbDUL1JgxCLTffcF3aa7mZm2Ujlwlw2TzkDG0rrJFJmca/7c7ep4XsjC7zUvjnFuAohxkVaKQpAVF79iiAD3dLf+IGg8Pg1GOdjHSNfWYJiQa/FwAEvIbaAMrwbvNj1iiSBK3HeEAmXrZUWV7RjzAfdyHXhk/eN9+qCCmYFizqJXMUJFhp0p4YcWWRUP3B74DFJ+P0t5X9zZHnGYICEGRuVKQsi+28Ny6Llnp/M3PP9wY/wZB0rBHbAd8ihKdH3hUtIj0ufOtVq9KtHx8BNJ0oHuAvysDXjws9UZpldk004C/47TLaj1AuTUh+Fwe2bR/74IQ9qDFwxtxVAXrjFDvK9uZlzeVfWMYeS3kjzmtLFwTln23w6mQSKbl9+hpLnbG3ThZz633y3m2d3yN7fC0irPvEeZnfatJw3qcnQG52clVq5y26Qn+JFxyRIQ0FX4EaZYrcyLxDPxK5HfdZjq/7JU2+oUzUsRRUY9jsQH9yadVpL9Q0iD6L5rZqRTt6TWLo7aj5fgqh+LJ0PpyKN4xWECxkWGVqa3OSTwhfLFGK7W8IQv4yppmIi0InxsIhwzRjbQ+Vn+IGQYZRkwF7q/w2I/Uax19Cb3U/8k3HLI/x4UGg0/eYU5qOapPJnd+flcmu2RBuKVs969r5McP0EUAz6nZwPyhTrkfhV5zyotAdPSAIF7ranVrlVoIpkuVGgCk6AGdDBNcuUmP0Lvo3u3JkOH0Aq320YknyKTet185is0vokUbY0eVzoEQ4pSRvXtXNgRHXJyEBfdpdEQ5Wga73CPWRnqP64gvDNuyELUpM2ubloMobPI5HVIu+5u30jG7QSRjpvh5C9SkVAHlJOgkBd14H/zYR/GHLdIw40CzMCK4aidzR+MwOjjfdjXBcb0q6a1Iq9llAZBfDvq7mniNLjih7svLUSVPkXhAlSaD8fx62DA525Z6emxOLSQGlBtususWi6tNQzAA4kW3H8WD0jVNKmNjeKjvzXUCSRXzL0oa3Z8SFzc4mnJKnsPPxNCjjGyoxNv8rk8NfN4AxQ+NJowjJwpBEnEjPGTa6QO56wHtNHhJ7oKuph5kqSGpRKd6FVmNWvelFPP4WAiJWSIVJABAm3YIepPXMoLdMOI2A
Content-Type: multipart/alternative; boundary="_000_SJ0PR02MB74391F8A6CA547FB2830163EB7222SJ0PR02MB7439namp_"
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-99c3d.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR02MB7439.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: dd7acef1-a6dd-4872-af0b-08dc3d32d4c6
X-MS-Exchange-CrossTenant-originalarrivaltime: 05 Mar 2024 16:39:30.7009 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CH0PR02MB7899
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/oVRXwHnR7P4JX8KGlQX5rvykunk>
Subject: Re: [jose] Deprecation of legacy algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2024 16:39:37 -0000
I would not support deprecation of either of these algorithms. They are both required for OpenID Connect and are in extremely widespread use. From: jose <jose-bounces@ietf.org> On Behalf Of Neil Madden Sent: Tuesday, March 5, 2024 7:57 AM To: JOSE WG <jose@ietf.org> Subject: [jose] Deprecation of legacy algorithms Hi all, Leaving aside all the exciting work on shiny new algorithms to *add* to JOSE, I would like to raise the prospect of deprecating some existing algorithms that have passed their best. Before I start work on writing the drafts for these, I'd like to gauge if there is some support or this is likely to be wasted effort. The algorithms I think that should be deprecated are: RSA1_5 - currently marked as Recommended- in the IANA registry. PKCS#1 v1.5 padding for encryption has been a source of repeated vulnerabilities over the years, and they keep cropping up. I believe the main reason this exists at all was to allow continued use of legacy hardware, in particular where FIPS approval was required. However, PKCS#1 v1.5 padding has been forbidden by FIPS (for encryption) since the end of this 2023 [1]. If someone is really stuck with a hardware device that only supports this encryption mode then they can use it to encrypt local files containing keys for other algorithms rather than using it directly. none - I know this one is more controversial in some quarters, but alg=none has been responsible for a steady stream of serious security vulnerabilities, and even spawned its own website: https://www.howmanydayssinceajwtalgnonevuln.com<https://www.howmanydayssinceajwtalgnonevuln.com/>. I'm not sure there has actually been a year where this algorithm *hasn't* caused a vulnerability. I've yet to see a genuine use-case for it in the wild. The pain:gain ratio on this algorithm is extremely high. I would also like to write a draft (either combined with the above or separate) that establishes some baseline security properties for future algorithm registrations: * All signature algorithms MUST achieve unforgeability under chosen message attack (EUF-CMA). * All encryption algorithms MUST achieve at least IND-CCA2. [1]: https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf (see table 5 on page 15) Thoughts? -- Neil
- [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Ilari Liusvaara
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Brian Campbell
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Manu Sporny
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Michael Jones
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Vladimir Dzhuvinov
- Re: [jose] Deprecation of legacy algorithms Les Hazlewood
- Re: [jose] Deprecation of legacy algorithms Neil Madden
- Re: [jose] Deprecation of legacy algorithms Marc Blanchet
- Re: [jose] Deprecation of legacy algorithms Orie Steele