Re: [jose] RSASSA-PSS signature
Richard Barnes <rlb@ipv.sx> Tue, 12 March 2013 20:24 UTC
Return-Path: <rlb@ipv.sx>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1D15011E81A4 for <jose@ietfa.amsl.com>; Tue, 12 Mar 2013 13:24:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.133
X-Spam-Level:
X-Spam-Status: No, score=-1.133 tagged_above=-999 required=5 tests=[AWL=-0.708, BAYES_00=-2.599, FH_RELAY_NODNS=1.451, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001, RDNS_NONE=0.1]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vP4wGgl8gB75 for <jose@ietfa.amsl.com>; Tue, 12 Mar 2013 13:24:11 -0700 (PDT)
Received: from mail-ob0-x236.google.com (mail-ob0-x236.google.com [IPv6:2607:f8b0:4003:c01::236]) by ietfa.amsl.com (Postfix) with ESMTP id 22D6111E81A0 for <jose@ietf.org>; Tue, 12 Mar 2013 13:24:11 -0700 (PDT)
Received: by mail-ob0-f182.google.com with SMTP id va7so283216obc.13 for <jose@ietf.org>; Tue, 12 Mar 2013 13:24:10 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:x-originating-ip:in-reply-to:references :date:message-id:subject:from:to:cc:content-type:x-gm-message-state; bh=EV/xpy3OoqEr+ZXgguWi9IG1bEMgJC1arp+QRZtiGT0=; b=E/jOTONmPsspl5k1s+APdkloCScrt8Kom/KJgjpXcVHUlYMWfwIK4R+CbdaO10BHcp RPxY0DmTqmdOllYKQH2cj5YLOfDCPJMSutus817g9OCtWnJ/REFByRr6NcpekI2WCr+D pZOvNUIC6m5OUk74yLjkLwqpISA7ooFra/lmTE7jwvKNDD/HntCC+6tVVb+MGuwM1Tvz 4QqboD3Ef7n0T8F9sV5Tq3InGhzG1H09AF64Zzg47k2UUsvvG8Z4e53nPeleSDDjgyqG GhK9jNVQtOjAJ1MxPPYSRbsI6PIwL96kue7eRziL6bCTE0Re+/UJ6m3XAwH98sda+wBo A7Pw==
MIME-Version: 1.0
X-Received: by 10.182.132.43 with SMTP id or11mr13384033obb.67.1363119849262; Tue, 12 Mar 2013 13:24:09 -0700 (PDT)
Received: by 10.60.40.233 with HTTP; Tue, 12 Mar 2013 13:24:09 -0700 (PDT)
X-Originating-IP: [128.89.253.127]
In-Reply-To: <4E1F6AAD24975D4BA5B168042967394367500130@TK5EX14MBXC283.redmond.corp.microsoft.com>
References: <8B4C063947CD794BB6FF90C78BAE9B321EFC0A36@IMCMBX04.MITRE.ORG> <9E337D95-53AD-431D-A053-76F1F5EF7FAA@ve7jtb.com> <CAL02cgQS6pRjFJGdnin_hToTNGak2XDmb-6j3vVGUi1eZb_1Cg@mail.gmail.com> <4E1F6AAD24975D4BA5B168042967394367500130@TK5EX14MBXC283.redmond.corp.microsoft.com>
Date: Tue, 12 Mar 2013 16:24:09 -0400
Message-ID: <CAL02cgS4TFg4LytnbV66mbJrc5Vw1zF49-7mSurPWg8FEt_epQ@mail.gmail.com>
From: Richard Barnes <rlb@ipv.sx>
To: Mike Jones <Michael.Jones@microsoft.com>
Content-Type: multipart/alternative; boundary="14dae93a0c1766ecbb04d7c012f2"
X-Gm-Message-State: ALoCoQnAt/e9XezSsuPV4IJ1qyX6l37YgzHozFYFnoopro4klEZaFIfFm806E4eoqiMp9ABxGO9c
Cc: John Bradley <ve7jtb@ve7jtb.com>, "Peck, Michael A" <mpeck@mitre.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] RSASSA-PSS signature
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Mar 2013 20:24:12 -0000
Yes, I know the current JWA says that. That's a bug. I just submitted an issue. We have discussed this several times in the working group, most recently in Atlanta, where there was a fair degree of agreement on removing requirements levels. --Richard On Tue, Mar 12, 2013 at 4:11 PM, Mike Jones <Michael.Jones@microsoft.com>wrote: > Your statement that there are no MTI algorithms is actually incorrect. > The current JWA draft specifies REQUIRED (and RECOMMENED and OPTIONAL) > algorithms, and indeed, as currently chartered, we are required to define > the set of MTI algorithms.**** > > ** ** > > The spreadsheet characterizing platform support for possible algorithms > that John referred to is attached. As you can see, RSA PKCS1-v1_5 is the > only ubiquitously implemented asymmetric encryption algorithm.**** > > ** ** > > -- Mike**** > > ** ** > > *From:* jose-bounces@ietf.org [mailto:jose-bounces@ietf.org] *On Behalf > Of *Richard Barnes > *Sent:* Tuesday, March 12, 2013 12:49 PM > *To:* John Bradley > *Cc:* Peck, Michael A; jose@ietf.org > *Subject:* Re: [jose] RSASSA-PSS signature**** > > ** ** > > Since we are not putting requirements on algorithms (i.e., there is no > MTI), there's no harm to having PSS in the algorithms list. Only benefit! > **** > > --Richard**** > > ** ** > > ** ** > > On Tue, Mar 12, 2013 at 3:24 PM, John Bradley <ve7jtb@ve7jtb.com> wrote:** > ** > > This has had a fair amount of discussion. While I think almost everyone > would prefer PSS, many implementations are going to be in scripting > languages where the underlying libraries only support PKCS1-v1_5.**** > > ** ** > > We did a survey of platforms to evaluate if we could move to PSS and the > result lead us not to make PSS as the MTI. In think that was reported out > at the Atlanta IETF meeting.**** > > Nat may be able to forward that to you, I don't have it handy.**** > > ** ** > > If we were talking about starting from scratch and not building on > existing platforms likely the answer would have been different.**** > > ** ** > > The algorithms are extensible so PSS can be added. The other > consideration is that many of the people who care will be using ECESA > signatures anyway.**** > > ** ** > > John B.**** > > ** ** > > On 2013-03-12, at 2:52 PM, "Peck, Michael A" <mpeck@mitre.org> wrote:**** > > ** ** > > draft-ietf-jose-json-web-algorithms-08 includes RSASSA-PKCS1-v1_5 > signatures but not RSASSA-PSS.**** > > **** > > The Security Considerations states:**** > > While Section 8 of RFC 3447 [RFC3447] explicitly calls for people not** > ** > > to adopt RSASSA-PKCS1 for new applications and instead requests that*** > * > > people transition to RSASSA-PSS, this specification does include**** > > RSASSA-PKCS1, for interoperability reasons, because it commonly**** > > implemented.**** > > **** > > Shouldn’t RSASSA-PSS at least be included as an option?**** > > I’m also not sure if I fully understand the interoperability concerns. > JWS is a new specification, so it makes sense to me to use whatever > algorithms are currently considered best practice, without need to worry > about backwards compatibility?**** > > **** > > Mike**** > > **** > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** > > > _______________________________________________ > jose mailing list > jose@ietf.org > https://www.ietf.org/mailman/listinfo/jose**** > > ** ** >
- [jose] RSASSA-PSS signature Peck, Michael A
- Re: [jose] RSASSA-PSS signature John Bradley
- Re: [jose] RSASSA-PSS signature Richard Barnes
- Re: [jose] RSASSA-PSS signature Mike Jones
- Re: [jose] RSASSA-PSS signature Richard Barnes
- Re: [jose] RSASSA-PSS signature Mike Jones
- Re: [jose] RSASSA-PSS signature John Bradley
- Re: [jose] RSASSA-PSS signature Peck, Michael A
- Re: [jose] RSASSA-PSS signature John Bradley
- Re: [jose] RSASSA-PSS signature Richard Barnes
- Re: [jose] RSASSA-PSS signature John Bradley
- Re: [jose] RSASSA-PSS signature Brian Campbell