IETF Logo Mail Archive

Re: [jose] đź”” WGLC of draft-ietf-cose-webauthn-algorithms

Mike Jones <Michael.Jones@microsoft.com> Thu, 24 October 2019 23:16 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 394BB120847; Thu, 24 Oct 2019 16:16:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Nv0rpqJD5dcp; Thu, 24 Oct 2019 16:16:06 -0700 (PDT)
Received: from NAM06-BL2-obe.outbound.protection.outlook.com (mail-bl2nam06on071e.outbound.protection.outlook.com [IPv6:2a01:111:f400:fe55::71e]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5214012084F; Thu, 24 Oct 2019 16:16:06 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QvK4Ifc+VJ37rqAMvnm87MmBfebaIhJX7e6qTJArNdPdVlGLsVMvviqUUVg53ANkMtG8tdahzIxJrTG2QFT5OgEguJwUfap+Fm1xwxTPhebuySohVCAmyZYxctrYuIzmIk8f2GViNUvB89LQNQqWu7S6Ttu+cu3KZ9NCkFV+vn4NZWupRw89k8t4g6/MLPTAhf30CVmn6FiqsW0gwNc7GJoVZpa4GHZFDMYQayOqiocWi5sH8SM5aHuQ4jS/XEt1SVkhEh5rTUCFNUDFiHNWY/opblO0MpeCnfzFphKuB1hjuSSmRT7NRSG1Hp1UlkCDG6MJ871ezHgMftqVqCchDA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TFfv5FgfJVediRRkqGPSQnwNnJIKjbqUZ7DXTQXAoLA=; b=g2+A+Ll7nKCT5A7PahlRWlU10iAnrZcicZxPnJTxUBgk83JSeXO+WatZz5vomORi9gl8Fcl6DQkQxEhHJ+xidvXpoRlSEY+NCr3g+/6pcbHOKdsJjEvh2K24/iNMORbJ/6Ti7dGZXVosoH7GQ+h+wvNdeBFV/N7YpfK3TIcMEkyNzrsxEm3ulPbzYHEzAG8/APB+DgLcAEPddbL6VHn/SZWodb6MALHvZSuFlyfYevIANsb+kClaYDtHefmNSHSgUn/+3xl9/YKp/UUF68ycxoQVyzpUn1I/kUI2DSPAQGKeLA0dtmEe9g6tTJy0LTrd3ZQj5UZ8W5y6DoKNQgLFhg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TFfv5FgfJVediRRkqGPSQnwNnJIKjbqUZ7DXTQXAoLA=; b=jIVmATrIjsWFeVOYPgvH16Wb8/LwCP+Hc2cdW+l3VehhuvGGuQJZiPu2IhnpfxrIWgvwG4bakO+G90nBrnLdhQg3i9gHVTrtYoWiVViiabkHsrgwsstxd2U235bCcbuGh/p1kf0r5zCKe2y3phd1Yf9u1ZbSbvn5WhKl/4a19N4=
Received: from BYAPR00MB0567.namprd00.prod.outlook.com (20.179.56.25) by BYAPR00MB0646.namprd00.prod.outlook.com (20.178.197.31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2403.0; Thu, 24 Oct 2019 23:16:03 +0000
Received: from BYAPR00MB0567.namprd00.prod.outlook.com ([fe80::31af:5686:e43b:ed3a]) by BYAPR00MB0567.namprd00.prod.outlook.com ([fe80::31af:5686:e43b:ed3a%9]) with mapi id 15.20.2430.000; Thu, 24 Oct 2019 23:16:03 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Benjamin Kaduk <kaduk@mit.edu>, Neil Madden <neil.madden@forgerock.com>
CC: Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>, "jose@ietf.org" <jose@ietf.org>, ivaylo petrov <ivaylo@ackl.io>
Thread-Topic: [jose] đź”” WGLC of draft-ietf-cose-webauthn-algorithms
Thread-Index: AQHVcGoPDyyosQB19kOQLL6i8Pbxfqc5ijaAgDEWyYA=
Date: Thu, 24 Oct 2019 23:16:02 +0000
Message-ID: <BYAPR00MB0567DD5F6B6F04595D7002C4F56A0@BYAPR00MB0567.namprd00.prod.outlook.com>
References: <CAJFkdRzEF0wh9-H4dDNQeUHVd_VD8KKv1jOJ7BWs+bKN2e6gBQ@mail.gmail.com> <CAJFkdRy6Bs77gFGG0QGMC1fe_niQC6Of7_2Z8+jjYzpWkuMDBQ@mail.gmail.com> <465EE321-1595-4453-8D4E-E3A6A457C86E@forgerock.com> <012001d56fc0$1fb30e90$5f192bb0$@augustcellars.com> <F6FF776D-FFF9-4330-8A6B-81F783D990C2@forgerock.com> <013c01d56fc8$56cb8b20$0462a160$@augustcellars.com> <MN2PR00MB0576AB42D6324A7F1FFD581EF58B0@MN2PR00MB0576.namprd00.prod.outlook.com> <6D55D5B5-0F0C-4674-92CD-61D5CA25FBC5@forgerock.com> <20190923173707.GM6424@kduck.mit.edu>
In-Reply-To: <20190923173707.GM6424@kduck.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=85c7ff30-657f-44b0-98df-0000e88661bd; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2019-10-24T23:15:24Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Michael.Jones@microsoft.com;
x-originating-ip: [2001:4898:80e8:2:d470:4f7:8cbd:3a65]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: 9dfd2758-d00d-46de-b239-08d758d823ac
x-ms-traffictypediagnostic: BYAPR00MB0646:
x-microsoft-antispam-prvs: <BYAPR00MB06468241A339FD9BF68ABA9DF56A0@BYAPR00MB0646.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6790;
x-forefront-prvs: 0200DDA8BE
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(366004)(346002)(396003)(136003)(376002)(39860400002)(51444003)(189003)(199004)(13464003)(10290500003)(66556008)(64756008)(186003)(53546011)(102836004)(46003)(6506007)(81166006)(6116002)(25786009)(8990500004)(8936002)(256004)(76116006)(66946007)(33656002)(66446008)(14444005)(66476007)(76176011)(10090500001)(81156014)(5660300002)(52536014)(2906002)(71190400001)(71200400001)(14454004)(6246003)(99286004)(4326008)(478600001)(22452003)(316002)(2171002)(229853002)(7696005)(6436002)(86362001)(446003)(74316002)(7736002)(11346002)(966005)(9686003)(486006)(6306002)(110136005)(55016002)(54906003)(476003)(305945005); DIR:OUT; SFP:1102; SCL:1; SRVR:BYAPR00MB0646; H:BYAPR00MB0567.namprd00.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: microsoft.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: RC+DogWRWG0oxlcVyeXAmSqEMV0K0Ug77dhrANgAvOKNr1QqyGZU+fHMQ5kjgzX0vbqjMg9J8giDyIIM/9yTXIWwVcwsW/4sN4w4FaFuYjQ8HlIWRsbzlh1DFoVESl22Y6KW0ESGqo2C/offwbQmWCT+5azYAI3dAoMhrs2YMPWN/GgJH/HMaUVGtwdUsSfbP2pwuoypTFr8AlUWIgLTkQjh54JAPYXwq6HXKYZVZgW7yHMv/r5YzLLYCcOGElNmiXKp43ms1UAAZgdJ/Kq66YEJxeZGJ+wedbP6SUep2fJS2Y4AJowxuEP+cSbDufTxg1b/az/0kj307QMFtDP3La9TS1Wv0t64pszc/FSzzOYj0Hz+VfAdXwcBSRdern/9Bs+kYJmfx37Zgt/jmwBvfrweIoN6csK8tH/6DbxhWLc=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9dfd2758-d00d-46de-b239-08d758d823ac
X-MS-Exchange-CrossTenant-originalarrivaltime: 24 Oct 2019 23:16:03.0105 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: m6/aBUVE3JplvsWqo80oKqhqyklB3ucO3H/plAdjKtkh9P1AdAx1bmDofW5HSQHgseNxnPewpoadcupQ9UVCoA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BYAPR00MB0646
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/tUbcVmKowUQO-wI5Pu_aDnt4PPQ>
Subject: Re: [jose] đź”” WGLC of draft-ietf-cose-webauthn-algorithms
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Oct 2019 23:16:15 -0000

These issue resolutions have been incorporated in https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-02.  Thanks again for your useful reviews!

				-- Mike

-----Original Message-----
From: Benjamin Kaduk <kaduk@mit.edu> 
Sent: Monday, September 23, 2019 10:37 AM
To: Neil Madden <neil.madden@forgerock.com>
Cc: Mike Jones <Michael.Jones@microsoft.com>; Jim Schaad <ietf@augustcellars.com>; cose@ietf.org; jose@ietf.org; ivaylo petrov <ivaylo@ackl.io>
Subject: Re: [jose] đź”” WGLC of draft-ietf-cose-webauthn-algorithms

On Sat, Sep 21, 2019 at 11:47:53AM +0100, Neil Madden wrote:
> On 21 Sep 2019, at 01:44, Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org> wrote:
> > 
> > RSA SHA-1 is used by TPMs, which produce attestations used by W3C WebCrypto.  That can’t be changed.  That’s why an algorithm identifier is needed for it.  It’s use is prohibited for new applications but TPMs are an existing application.  I can work to make this clearer when resolving the WGLC comments.
> 
> I think clarifying the text along those lines would help a lot. It is worrying that these TPMs have to continue to use a known weak signature method and they apparently cannot be changed, but at least with the MUST NOT you give people a clue that this is something they want to run away from pretty quickly.
> 
> >  
> > As for secp256k1, the “ES256K” algorithm is registered, whose definition is “ECDSA using secp256k1 curve and SHA-256”.  That’s only for signing.  The draft is currently silent on whether the registered curve can also be used for other things.  I think that’s how it should be, unless there are security reasons to the contrary.
> 
> Well section 4.4 registers secp256k1 as a JWK Elliptic Curve so it will be usable with the existing ECDH-ES family of algorithms without any additional registrations. There *are* some security concerns about using secp256k1 outside of signatures - see e.g. [1] which lists the theoretical problems with the curve. In particular, fast implementations of scalar multiplication (used in ECDH) for secp256k1 are not constant time making it a riskier choice for ECDH than for ECDSA. As far as I'm aware though, that just puts it in the same category as the other NIST/SECG standard curves that are already registered for JOSE. So I'm not against it being available for both JWS and JWE usage, I'd just like that to be an explicit documented decision rather than an accident.

I'm also inclined to agree that making an explicit statement is preferred; I have less-strong feelings about whether that statement is to allow or disallow the usage.

-Ben

> [1]: 
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcryp
> to.stackexchange.com%2Fa%2F68286%2F26028&amp;data=02%7C01%7CMichael.Jo
> nes%40microsoft.com%7Cfa969966b9eb45afa24808d7404cbdca%7C72f988bf86f14
> 1af91ab2d7cd011db47%7C1%7C0%7C637048570666413397&amp;sdata=HWxwbJIZZfN
> gHhyX1GIJ8%2FahQC8FsrMH0SnLxrrX%2BDo%3D&amp;reserved=0 
> <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fcry
> pto.stackexchange.com%2Fa%2F68286%2F26028&amp;data=02%7C01%7CMichael.J
> ones%40microsoft.com%7Cfa969966b9eb45afa24808d7404cbdca%7C72f988bf86f1
> 41af91ab2d7cd011db47%7C1%7C0%7C637048570666413397&amp;sdata=HWxwbJIZZf
> NgHhyX1GIJ8%2FahQC8FsrMH0SnLxrrX%2BDo%3D&amp;reserved=0>
> 
> -- Neil

> _______________________________________________
> jose mailing list
> jose@ietf.org
> https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> ietf.org%2Fmailman%2Flistinfo%2Fjose&amp;data=02%7C01%7CMichael.Jones%
> 40microsoft.com%7Cfa969966b9eb45afa24808d7404cbdca%7C72f988bf86f141af9
> 1ab2d7cd011db47%7C1%7C0%7C637048570666413397&amp;sdata=Q6DuWQduwTgUYcx
> OnZ7znz0bwfMSGYdCeSSb1PZiRjs%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email