[jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Michael Jones <michael_b_jones@hotmail.com> Mon, 21 October 2024 19:49 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3029C3F0AEA; Mon, 21 Oct 2024 12:49:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.235
X-Spam-Level:
X-Spam-Status: No, score=-1.235 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XEEF2lIPk_1U; Mon, 21 Oct 2024 12:49:36 -0700 (PDT)
Received: from NAM10-MW2-obe.outbound.protection.outlook.com (mail-mw2nam10olkn2093.outbound.protection.outlook.com [40.92.42.93]) (using TLSv1.2 with cipher ECDHE-ECDSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 46CC2C0111C7; Mon, 21 Oct 2024 12:49:04 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=su8VkFv6ioZT7TluoShewMjWkdXunD4ioZznRORjPASlXMOWfYbpglQFfOSrVu6A1nJYdRha7nbgtumrGyGYsP0EljNoV2CYkVxPHibmBbQYjIgZp+46Lm+1s4AFBbKwP9SIbq9idFhnILBa9LXIzCXxv3hAdTwftw/yxxhF17yqT0syQcNYaG63fT468rrR4oTwidyrAAjSx39py7yaomU8J9sTQ5sewi1Tkf3zyc0OH1YYUAMl3PhmJor3CWqCRiSiO6jEAAfBNaudLOpj2VM5n80/yUrbmYDhx0C2ZyYXol3nQ/zRYzTi3J9Susisjenogbx/xHZC35+mZCJvVA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2SUWMEnnJlY4BdVcbErurO3x3Ebhokv0e+c/7EBLeDg=; b=EjeIiAqnKcrkS2deIPOwAsNZr0A/TUJyAaaFac29VFspH76Aj1oDnLaVRi6Nbu2Lt0NdhuKv1xWgNb0Ks3aWEQDTPlSqZqdddwEFBu7sSMFcBFOwFHPW+Q0+oghkciqS2C7QTvn9neGNX06Jn+0gFImoG8RhLEI9om/8oOmVcw5iTdjt6kXfX8VMNcfZlA5sE+1sKKbG6FeXgc6SPy3CfDwbw5bEXTyb7GVxJEmkQoCRovYDriwsetHb4ilvGVjABeGGI/nRNmcb2pxqxsvZpzRjco/et2DEDK4ea9izVCMPbGSAIkZLmOV35pAF2meNBVkx3e6YtKOplMP77hhcEA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2SUWMEnnJlY4BdVcbErurO3x3Ebhokv0e+c/7EBLeDg=; b=PJ1MBN6E8zmfoHjAZ9krvAyqXELZeLAi8XIieFKzknUCuTNwYhIIh2DbICamwgVvN/HeieHTTBoiqQI6zjbbhnmDNm1VS2ndliRQWAGUdeQZQFAgCj6UDUBTWmk7KwfAc5/CQIdkyy8gGbZFDWThsY869Fzkjpx0jkoi8Kc+b/eXbeQZvTrMYzOnglPZCXxvvAoRwoshgC7JOh2v+zLvkVdLk9q3f06rgF2w6YY8w6tkFXjRE/wdazyG1dexpaQDXgTRu6yDBKi+eS8tGIxFkBxZTNUPmHLjUR/HJAIL/RvgXLFa+AEcI1Bn+EpASi80s0pC31IS3+0Zg+ZNFQQRKw==
Received: from PH0PR07MB9077.namprd07.prod.outlook.com (2603:10b6:510:107::13) by DM6PR07MB7306.namprd07.prod.outlook.com (2603:10b6:5:219::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8069.28; Mon, 21 Oct 2024 19:49:02 +0000
Received: from PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f]) by PH0PR07MB9077.namprd07.prod.outlook.com ([fe80::5075:92e8:a12d:d85f%5]) with mapi id 15.20.8069.016; Mon, 21 Oct 2024 19:49:02 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: "ilariliusvaara@welho.com" <ilariliusvaara@welho.com>, JOSE WG <jose@ietf.org>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] Re: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
Thread-Index: AQHbBTOQ7qWJlsojBUqTv9B5g2Gk2bJVP3+AgAGurQCAOaAsEA==
Date: Mon, 21 Oct 2024 19:49:02 +0000
Message-ID: <PH0PR07MB90771CE11204ACC316587D4AB7432@PH0PR07MB9077.namprd07.prod.outlook.com>
References: <CA+mgmiOqZqu1fNjEK69zTbx3ndsum5jrLg06bzYTjtH+VQyWtA@mail.gmail.com> <5233A37F-2EA1-40CB-A3DA-EAEF885E52B0@gmail.com> <ZuVC0qtaxmW-BrFg@LK-Perkele-VII2.locald>
In-Reply-To: <ZuVC0qtaxmW-BrFg@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH0PR07MB9077:EE_|DM6PR07MB7306:EE_
x-ms-office365-filtering-correlation-id: 78d46500-8bb7-4b13-0923-08dcf20969b2
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|8062599003|8060799006|15080799006|7092599003|461199028|440099028|3412199025|102099032|56899033;
x-microsoft-antispam-message-info: NehfN+/rR694lrF2MUwQ225T9MAKR9q2CnAEg4Yh1jfWdEouFMP45PHYeoajC+QUTU6rOSOWg6w3XlBBLuVnvg8E5PHAiRuabD4ifJvC1iTCWdCWoaivUtvOwbN6CPsBZHkVeYPvNJZUgE/Es07tra/zqACFjkxGDNvhCbWiaf8WjZ7SVp6fREu0JApMjgH6rMurfMkcAxsBNx1n/EXFQ03llBx0aZ7LiOQdlouqgikIymltzt5qvyBNWINt59GMuoUhXUg0IHV9maKQUyFU+LbR3j3+cXgAW5gaBUqxFOmO1e8Yn7RF5lktTHL8qU0uTWZy2jz/L8QSu+gpENuxMk93P6J+APEKa2vCMOnSC9b3LtB9TTV7r+RCWe/o+2ilUswrKX2mw28FQp4/hst05q+uupGvZ2NglOAKEik96lZ/eWKym+aFBs24IlpFnqT2lwDmXkrlZnuEMBRgqaGSOiT0qiZS7vGW/brADjGTOkyEgkRjiFR1d2zW/okR97nMvXjxcRepVRxJPIV8pc7dhpwoAUtMDpC8FzKMwKz4dD9oxTGYUF+KU29GrekAmmwyAZv5miG9jTez+9bQL+B3RqNYJQo24GDamlH5QMLQbuoy9mNMKsKBcJKWofQZjpLX6sORTd2CpLVvUjnIvD5xPzNKz4rDtwx0GQLMI7k64u23fVmEwt7iWqMXd4fNRR1PuSoDDMGm9IiYLJDBT/2S4K5WVMX9aScWfgwP7C0PSuo=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: cwl/bI1uJ4egnbzuDS2Tb5+zrjOXIECcgNHxTZm8F5qqWHxHw/+oMV9mvvJi2W4+l2Jw/kjEUZ7HURXm3E4cP6JTzf/LcEIgUswso7epfeM/lxm1gmCe0BKpqRVHq5ew1kTyNeeNRuFZxQcNmmNzF6tEVcMOjsOQKunyugNX0lyrEVTxysPiyOK5mhWopLXvunyURUsYs9ycsK1uCqowIFcVNO0w+KFfTVxae24YaFoQby4M0HZ+GB/DlBkRwI7Uin2G6wgdUjwK5T/tGpdnbJmBPKr+9iOd9pUzUhJsT2tZBWMWSrSXvdNfWly1BEaQCQlI+4XYFlFGj4jubJxceS3PMSF6FN1dLetwcyJ9W63on9GtHJjsDvzBwcrqJbKvqzh2hhaEdzXuh6je7CwI4Hu0fSjHjGTSThEUnpHfo/5gavCzAl8V/b0cVDDCc9FPsf0vqavxKX0A3cnrTHJdMte30jZpOK3cmCyVhMV1oLbpwqcjMDp3GvaXlsMMOqEpg6RU4q446btvaJrKegaM/VAb/f143/XwIjacfDnv91bYRHP90TG1jrfcAKftOtx8JEPTJ/FmI6Xo2fSGmZvGZFZzhuqE6y6Qw/tOb/A3+zu+QYDmoYBNq+KJGTbYSsTFwajdAtVXX5klSQBoKUYryqYlkJgCGX980u/tnpTTDqv5FC5EgsVJ3/7C5DwKjaEZo3sIc6pPjdi6OOLcG4wxCt4FBT66E5/anGVhLoOQpFTB5QMLE92nx6IAVpH86+sHX2ds7DS4rCTIXbzPRaVqydBQPpUUXjPQSYOBTlQRr3qDRKl4Sjszlo32oghlfHj0StZy2Wkm/IaeIxZeSBh2whLYbO235Dhg/m49ALCUrf5PRZRQ79eG9vGDEur6MWvdxyxXwQ9hyallra5tF6jpxS+u6kH4yOhdEM1OU2iCDSTNzxW/hJHQne1jiN/0vkjQ7FUl3W3gCo9BPgJWAUT5ksf6VDfI5WzakOFb8zOOUk/5dVM1vEnnWiuGfT1UDPDYqWef+RRpuvQnUX8TBHL01RYoOO4oEDusMWwYn0bTXLuVXFVqBKGjgec3eCfWR52oCb6y/YVqZ6jQMHwYwN1l9FThZGD0TZK8TZ3adPRcQ296iguJx5d8mcDpWLkWHn2vbZ+2DcKWg3WW9gRvb2iE0bzvRdCcS7GUnNI/8iMmdgNV8r4d2PH+aCgUL4MCDZ/vgZxekYxXtxWsu/ZYSNditrbboJ4b71EcPi1D/zruIwXddZ6Dhxkd8budg2Zc0HwNQQo8JD+ozV2pBeae8grjVhBb5FOg/fbcKu8USDOr9O5AaVb2x6K9hRA041QUOBvz
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-7741-18-msonline-outlook-99cdb.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH0PR07MB9077.namprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 78d46500-8bb7-4b13-0923-08dcf20969b2
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-originalarrivaltime: 21 Oct 2024 19:49:02.1245 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR07MB7306
Message-ID-Hash: 4TR2BEWGYTNIBLSH6H5SUBUUICQKMVOQ
X-Message-ID-Hash: 4TR2BEWGYTNIBLSH6H5SUBUUICQKMVOQ
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-jose.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms)
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/rnYa3CKu0rqxObewWGoYK66oocM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Owner: <mailto:jose-owner@ietf.org>
List-Post: <mailto:jose@ietf.org>
List-Subscribe: <mailto:jose-join@ietf.org>
List-Unsubscribe: <mailto:jose-leave@ietf.org>
Thanks for your review, Ilari. My responses are inline below, prefixed by "Mike>". -- Mike -----Original Message----- From: ilariliusvaara@welho.com <ilariliusvaara@welho.com> Sent: Saturday, September 14, 2024 1:01 AM To: JOSE WG <jose@ietf.org>; cose@ietf.org Subject: [COSE] Re: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms) On Fri, Sep 13, 2024 at 07:19:55AM +0100, Neil Madden wrote: > As myself and Filip Skokan have pointed out, the wording of section > 3.1 currently (I believe accidentally) outlaws all of the ECDH-ES > encryption algorithms, and any future KEM-based algorithms. So no, > even if you support the idea, the document is not ready. What I think section 3.1 is trying to do is to prohibit algorithms depending on each other. But it seems to accidentally extend that to all algorithms being fully specifed. Now, arguably RFC7516/RFC9052 already has some dependencies between algorithms, involving Direct Encryption and Direct Key Agreement. However, as having dependencies between algorithms can very easily cause serious interoperability, implementation and interface issues, one should be extremely careful in introducing any new kind of dependency. And in case of JOSE, any such dependency seems to inevitably require updating RFC7516. In addition, I think that RFC7516 already implcitly requires all "enc" to be fully specified, and anything else would need to update RFC7516. Mike> The dependencies allowed between "alg" and "enc" algorithms are now explicitly described. In COSE, algorithms with recipients are allowed to be polymorphic w.r.t. headers. However, I think such algorithms are a bad idea. Then section 3.2 looks like it should be appendix. Mike> Section 3.2 is where what it means for encryption algorithms to be fully specified is defined. And section 3.2.2. has: "To convey a fully-specified Key Establishment with Direct Encryption algorithm in JOSE, the "alg" value MUST be "dir", and the "enc" value MUST be fully specified, specifying all essential parameters for both key establishment and symmetric encryption. For example: 'ECDH-ES using P-256 and Concat-KDF with A128GCM' or 'ECDH-ES using X25519 and Concat-KDF with A256GCM'." This is illegal in JWE (enc is not symmetric AEAD). The correct way would be to use "alg" like "ECDH-ES using P-256 and Concat-KDF" or "ECDH-ES using X25519 and Concat-KDF" and then leave the rest to "enc". Mike> I've reworked the examples and the accompanying text to both tighten the exposition and make it correct. -Ilari _______________________________________________ COSE mailing list -- cose@ietf.org To unsubscribe send an email to cose-leave@ietf.org
- [jose] 2nd WGLC for draft-ietf-jose-fully-specifi… Karen ODonoghue
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Anders Rundgren
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Oliver Terbu
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Neil Madden
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Brian Campbell
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Filip Skokan
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Gabe Cohen
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Karen ODonoghue
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Leif Johansson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Brian Campbell
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Bradley
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Giuseppe De Marco
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Mattsson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Neil Madden
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Ilari Liusvaara
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… David Waite
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… David Waite
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Axel.Nennker
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… John Mattsson
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Göran Selander
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Nov Matake
- [jose] Re: [COSE] Re: 2nd WGLC for draft-ietf-jos… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Michael Jones
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Michael Jones
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Göran Selander
- [jose] Re: 2nd WGLC for draft-ietf-jose-fully-spe… Anders Rundgren
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Marco Tiloca
- [jose] Re: [COSE] Re: Re: 2nd WGLC for draft-ietf… Michael Jones