[jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Ilari Liusvaara <ilariliusvaara@welho.com> Sat, 14 September 2024 08:01 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4897BC180B73; Sat, 14 Sep 2024 01:01:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id H_Lj008z4j5F; Sat, 14 Sep 2024 01:01:30 -0700 (PDT)
Received: from welho-filter1.welho.com (welho-filter1b.welho.com [83.102.41.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E1693C1519A7; Sat, 14 Sep 2024 01:01:28 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter1.welho.com (Postfix) with ESMTP id 54683204D3; Sat, 14 Sep 2024 11:01:25 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp3.welho.com ([IPv6:::ffff:83.102.41.86]) by localhost (welho-filter1.welho.com [::ffff:83.102.41.23]) (amavisd-new, port 10024) with ESMTP id XSu2xP9ptl2B; Sat, 14 Sep 2024 11:01:25 +0300 (EEST)
Received: from LK-Perkele-VII2 (87-92-153-79.rev.dnainternet.fi [87.92.153.79]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp3.welho.com (Postfix) with ESMTPSA id 0A2FA230A; Sat, 14 Sep 2024 11:01:22 +0300 (EEST)
Date: Sat, 14 Sep 2024 11:01:22 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: JOSE WG <jose@ietf.org>, cose@ietf.org
Message-ID: <ZuVC0qtaxmW-BrFg@LK-Perkele-VII2.locald>
References: <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com> <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com>
Sender: ilariliusvaara@welho.com
Message-ID-Hash: YBC77YVLW22YOXMGMMHROTWBA7EVTRE3
X-Message-ID-Hash: YBC77YVLW22YOXMGMMHROTWBA7EVTRE3
X-MailFrom: ilariliusvaara@welho.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/qooqUtEcZxxTq7RVDCaZ4LaE878>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
On Fri, Sep 13, 2024 at 07:19:55AM +0100, Neil Madden wrote: > As myself and Filip Skokan have pointed out, the wording of section > 3.1 currently (I believe accidentally) outlaws all of the ECDH-ES > encryption algorithms, and any future KEM-based algorithms. So no, > even if you support the idea, the document is not ready. What I think section 3.1 is trying to do is to prohibit algorithms depending on each other. But it seems to accidentally extend that to all algorithms being fully specifed. Now, arguably RFC7516/RFC9052 already has some dependencies between algorithms, involving Direct Encryption and Direct Key Agreement. However, as having dependencies between algorithms can very easily cause serious interoperability, implementation and interface issues, one should be extremely careful in introducing any new kind of dependency. And in case of JOSE, any such dependency seems to inevitably require updating RFC7516. In addition, I think that RFC7516 already implcitly requires all "enc" to be fully specified, and anything else would need to update RFC7516. In COSE, algorithms with recipients are allowed to be polymorphic w.r.t. headers. However, I think such algorithms are a bad idea. Then section 3.2 looks like it should be appendix. And section 3.2.2. has: "To convey a fully-specified Key Establishment with Direct Encryption algorithm in JOSE, the "alg" value MUST be "dir", and the "enc" value MUST be fully specified, specifying all essential parameters for both key establishment and symmetric encryption. For example: 'ECDH-ES using P-256 and Concat-KDF with A128GCM' or 'ECDH-ES using X25519 and Concat-KDF with A256GCM'." This is illegal in JWE (enc is not symmetric AEAD). The correct way would be to use "alg" like "ECDH-ES using P-256 and Concat-KDF" or "ECDH-ES using X25519 and Concat-KDF" and then leave the rest to "enc". -Ilari
- [jose] 2nd WGLC for draft-ietf-jose-fully-specifi… Karen ODonoghue
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Anders Rundgren
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Oliver Terbu
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Neil Madden
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Brian Campbell
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Filip Skokan
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Gabe Cohen
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Karen ODonoghue
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Leif Johansson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Brian Campbell
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Bradley
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Giuseppe De Marco
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Mattsson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Neil Madden
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Ilari Liusvaara
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… David Waite
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… David Waite
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Axel.Nennker
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Mattsson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Göran Selander
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Nov Matake
- [jose] Re: [COSE] Re: 2nd WGLC for draft-ietf-jos… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Göran Selander
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Anders Rundgren
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Marco Tiloca
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Michael Jones