IETF Logo Mail Archive

Re: [jose] [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens

Scott Arciszewski <scott@paragonie.com> Sat, 28 April 2018 16:55 UTC

Return-Path: <scott@paragonie.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 449E312E056 for <jose@ietfa.amsl.com>; Sat, 28 Apr 2018 09:55:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.909
X-Spam-Level:
X-Spam-Status: No, score=-1.909 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, T_DKIMWL_WL_MED=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=paragonie-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tmlFOcYRDhlx for <jose@ietfa.amsl.com>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
Received: from mail-ot0-x236.google.com (mail-ot0-x236.google.com [IPv6:2607:f8b0:4003:c0f::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CA4D126D0C for <jose@ietf.org>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
Received: by mail-ot0-x236.google.com with SMTP id l22-v6so5418180otj.0 for <jose@ietf.org>; Sat, 28 Apr 2018 09:55:47 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=paragonie-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=4biAjrMI+o6kjvoOrDmCizicTqEjFK6fqHqohZ9NJEE=; b=qiQKjiJsd2EQP7RlunwmO4yapyzGnwT4GDMqgqkOYjPL62IxPxvNjUVEVVwYE6GV/h XOPnXWbZRY3LtXDVYYmqlw1zYmIGS1zgenHF9saVLAUWsrIWrgHnj2Yp112VtoNx30Mi CB+TxN6vEj/P4wim2tVza0Y4vKAhPgTCV+i8l0aU5J7pTsiMRvbnaF1k6jnX6vKmUZFA gA3L4z7RQr9P/XqjvgQ29YqkTjzPQlP2YdiyMrwVf5W/jc/BS9YO668iOqHYJ2oJ3p/H cD350jWtlCK8DUv8Mn8NcwkgYD8BLyYc2Tj6enfL4x2/ZDymL5TvPKDLqDj7JD12bU2I 8+Vw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=4biAjrMI+o6kjvoOrDmCizicTqEjFK6fqHqohZ9NJEE=; b=JMo+nFXtKVp4jXNaEFj45wcQjrSLUPEQVcfNZn6uZrXKqTYcID2r3TZ8jrwXUk7zKO DzM99P6PM6VY934Wyf2N0G+te4qbcMcIXhH7XeZz01xcE8iA5RD/4DBZJrg9ZRPM+4ci 8B19SmtZtyXGgYXsPOqYNuDf2s+9bCkdmXgRhKmoLtSJtYsxtjM6ZMZEwYO6mUu9P6yY RvWerjfXUJc/eu6gt8Egsp6UPhxnCYvRbxd7psCfFRT1FVfxS+THoOZyjCM/HENSGGkA Pxi8m2QjdyBMCgTwebv+bR6DIE72Bjm4yDLQVWLI1wWu9R0/YstVQwIl1A0Yc1UtU8Xs 0Ukw==
X-Gm-Message-State: ALQs6tD3paA6TFnTR/bJcyft6+xaWXKfS5Xfu+GNCB+L4D11k2wmY7R0 XaavceKpnzNgIpewV4zrkvCU2A1qu6HgqHzCrsIBYQ==
X-Google-Smtp-Source: AB8JxZp08kVFsQwIUL8PUFRPwBZe2Nn9heJXT5rRT0F67CODC/umgCCe2FgHhuE6cL19OZFRy292NuUJWZGAT4Eg0+0=
X-Received: by 2002:a9d:2fd3:: with SMTP id b19-v6mr4093615otd.184.1524934545655; Sat, 28 Apr 2018 09:55:45 -0700 (PDT)
MIME-Version: 1.0
Received: by 2002:a9d:55e9:0:0:0:0:0 with HTTP; Sat, 28 Apr 2018 09:55:45 -0700 (PDT)
In-Reply-To: <2838C1FA-F11E-4E8E-ABB4-65C5485A03BC@akamai.com>
References: <CAKws9z15m6WY+-mz5D01vxB4s-TE7nQN56=ssYt=vz3z4gAj6A@mail.gmail.com> <DBC2F048-C949-4362-8FD0-A43A54767B03@gmail.com> <CAKws9z277JLfv7Pb9wSkJ7zYR8FzoAfiXuFS6Vq0x32-3bWx7Q@mail.gmail.com> <2838C1FA-F11E-4E8E-ABB4-65C5485A03BC@akamai.com>
From: Scott Arciszewski <scott@paragonie.com>
Date: Sat, 28 Apr 2018 12:55:45 -0400
Message-ID: <CAKws9z027n4Kbg2SgoXyM_z04VdAfE7BFfYTehkucOWsm6tizg@mail.gmail.com>
To: "Salz, Rich" <rsalz@akamai.com>
Cc: Neil Madden <neil.e.madden@gmail.com>, "cfrg@ietf.org" <cfrg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000e65d9e056aeb7d3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/ytM45KrmPwH3W_iO3TMRXSNkzKw>
Subject: Re: [jose] [Cfrg] RFC Draft: PASETO - Platform-Agnotic SEcurity TOkens
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Apr 2018 16:55:49 -0000

Yes, seriously. Allow me to explain:

Secure cryptography is not backwards compatible with insecure cryptography.
You can't decrypt an RC4-encrypted message by using AES-GCM.

When engineers develop systems that allow for backwards compatibility on
top of incompatible primitives, they're creating room for downgrade attacks
[1] [2].

Making a replacement rather than another iteration doesn't carry that risk.

And keep in mind, my target audience is the sort that has absolutely no
idea how to tell "trivially broken" cryptography from "has a
certificational weakness but is otherwise fine".

[1] https://www.openssl.org/~bodo/ssl-poodle.pdf
[2] https://robotattack.org

Whether or not you agree with my decision (your appetite for risk,
envisioned use case, and target audience might all be totally different
than my own), I don't think it deserves incredulity. (Seriously?)

Scott Arciszewski
Chief Development Officer
Paragon Initiative Enterprises <https://paragonie.com>

On Sat, Apr 28, 2018 at 12:49 PM, Salz, Rich <rsalz@akamai.com> wrote:

> Scott,
>
>
>
> If “good and safe” crypto is not 100% in the JOSE ecosystem, you think the
> solution is a new standard which uses some novel techniques?  Seriously?
> To me, a draft which started the process to deprecate the old/bad things
> seems more effectsive.
>

v2.23.0 | Report a Bug | By Email