Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)

Mike Jones <> Tue, 30 September 2014 18:46 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id 5F0601A877A; Tue, 30 Sep 2014 11:46:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id TgxaRqZjpdei; Tue, 30 Sep 2014 11:46:08 -0700 (PDT)
Received: from ( [IPv6:2a01:111:f400:fc10::792]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 22D0B1A8776; Tue, 30 Sep 2014 11:46:08 -0700 (PDT)
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1039.15; Tue, 30 Sep 2014 18:45:43 +0000
Received: from (2a01:111:f400:7c10::1:186) by (2a01:111:e400:1414::35) with Microsoft SMTP Server (TLS) id 15.0.1039.15 via Frontend Transport; Tue, 30 Sep 2014 18:45:43 +0000
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1029.15 via Frontend Transport; Tue, 30 Sep 2014 18:45:42 +0000
Received: from ([]) by ([]) with mapi id 14.03.0195.002; Tue, 30 Sep 2014 18:45:11 +0000
From: Mike Jones <>
To: Kathleen Moriarty <>
Thread-Topic: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
Thread-Index: AQHP22Nh/Ooxbo9Z6kW9ar3u5z04qZwYtUuwgABED4CAAQo0sA==
Date: Tue, 30 Sep 2014 18:45:10 +0000
Message-ID: <>
References: <> <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_4E1F6AAD24975D4BA5B16804296739439BAA5AAFTK5EX14MBXC288r_"
MIME-Version: 1.0
X-EOPAttributedMessage: 0
X-Forefront-Antispam-Report: CIP:; CTRY:US; IPV:CAL; IPV:NLI; IPV:NLI; EFV:NLI; SFV:NSPM; SFS:(10019020)(438002)(199003)(13464003)(189002)(51444003)(164054003)(24454002)(52044002)(377454003)(92566001)(86362001)(71186001)(19617315012)(85852003)(92726001)(15975445006)(87936001)(15202345003)(44976005)(33656002)(66066001)(16236675004)(76482002)(4396001)(6806004)(19300405004)(110136001)(84326002)(26826002)(104016003)(64706001)(19580395003)(69596002)(84676001)(86612001)(512874002)(19625215002)(76176999)(50986999)(54356999)(81156004)(107046002)(106466001)(80022003)(10300001)(99396003)(77096002)(2656002)(68736004)(20776003)(21056001)(55846006)(230783001)(120916001)(46102003)(106116001)(95666004)(31966008)(19580405001)(97736003)(85306004); DIR:OUT; SFP:1102; SCL:1; SRVR:BY2PR03MB395;; FPR:; MLV:ovrnspm; PTR:InfoDomainNonexistent; A:1; MX:1; LANG:en;
X-Microsoft-Antispam: UriScan:;
X-Microsoft-Antispam: BCL:0;PCL:0;RULEID:;SRVR:BY2PR03MB395;
X-O365ENT-EOP-Header: Message processed by - O365_ENT: Allow from ranges (Engineering ONLY)
X-Forefront-PRVS: 0350D7A55D
Received-SPF: Pass ( domain of designates as permitted sender); client-ip=;;
Authentication-Results: spf=pass (sender IP is;
Cc: "" <>, "" <>, Alissa Cooper <>, The IESG <>, "" <>
Subject: Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 30 Sep 2014 18:46:12 -0000

Replies to your questions are inline below, Kathleen.

From: Kathleen Moriarty []
Sent: Monday, September 29, 2014 7:42 PM
To: Mike Jones
Cc: Alissa Cooper; The IESG;;;
Subject: Re: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)

Sent from my iPhone

On Sep 29, 2014, at 6:42 PM, Mike Jones <<>> wrote:

Thanks for your review, Alissa.  I’ve added the working group to this thread so they're aware of your comments.  Replies are inline below…

-----Original Message-----
From: Alissa Cooper []
Sent: Sunday, September 28, 2014 2:30 PM
To: The IESG
Subject: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)

Alissa Cooper has entered the following ballot position for

draft-ietf-jose-json-web-algorithms-33: No Objection

When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.)

Please refer to

for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:




== Section 3.4 ==

"Signing and validation with the ECDSA P-384 SHA-384 and ECDSA P-521

  SHA-512 algorithms is performed identically to the procedure for

  ECDSA P-256 SHA-256 -- just using the corresponding hash algorithms

  with correspondingly larger result values.  For ECDSA P-384 SHA-384,

  R and S will be 384 bits each, resulting in a 96 octet sequence.  For

  ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a

  132 octet sequence."

For the ECDSA P-521 SHA-512 case, how does the result amount to 132 octets? Is there padding inserted into R and S?

The P-521 curve uses 521-bit R and S values.  It takes 66 octets to represent 521 bits.  There are two 66-octet values, hence 132 octets.


I may be missing something too... It looks like there is a little padding as the info in the draft gets to 65.1 as opposed to 66.  I think that's what Alissa was getting at.  How is that handled?

You’re right that there is 7 bits of zero-valued padding in the highest-order bits of the octet sequence representations of both values when using 521-bit integers.  This allows each to be represented in separate octet sequences that represent big-endian integers.  This padding is specified in [SEC1].  Step two of this section includes this text about the integer-to-octet string conversion:

       The values R
       and S are represented as octet sequences using the Integer-to-
       OctetString Conversion defined in Section 2.3.7<> of SEC1 [SEC1<>]
       (in big endian octet order).

Also, is there space allocated for the "." Separators or is that not necessary?

The base64url encoded signature value contains no “.” character.  The binary signature value consists of the concatenation of the two octet sequences representing R and S, which are of a known fixed length for each particular curve.


== Section 7 ==

Do we use<>? I usually use<>.

== Section 8.4 ==

"An Initialization Vector value MUST never be used multiple times with

   the same AES GCM key."

I think what was intended here was s/MUST never/MUST NOT/

Agreed.  To keep the same level of emphasis, I propose to change “MUST never” to “MUST NOT ever”.

                                                            -- Mike