Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
Alissa Cooper <alissa@cooperw.in> Wed, 01 October 2014 18:11 UTC
Return-Path: <alissa@cooperw.in>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9E0B01A1B7D for <jose@ietfa.amsl.com>; Wed, 1 Oct 2014 11:11:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7] autolearn=unavailable
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z3taKSTg8MnB for <jose@ietfa.amsl.com>; Wed, 1 Oct 2014 11:10:58 -0700 (PDT)
Received: from out5-smtp.messagingengine.com (out5-smtp.messagingengine.com [66.111.4.29]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7449E1A1B7B for <jose@ietf.org>; Wed, 1 Oct 2014 11:10:20 -0700 (PDT)
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41]) by gateway2.nyi.internal (Postfix) with ESMTP id C109D20B83 for <jose@ietf.org>; Wed, 1 Oct 2014 14:10:19 -0400 (EDT)
Received: from frontend2 ([10.202.2.161]) by compute1.internal (MEProxy); Wed, 01 Oct 2014 14:10:19 -0400
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=cooperw.in; h= x-sasl-enc:content-type:mime-version:subject:from:in-reply-to :date:cc:message-id:references:to; s=mesmtp; bh=7WesvUeEj/93L3gw jE3bE5Uy6Bw=; b=PiHRXOTFtn32GNtEPY0QM9iWbc+Ih3pbYF514Ql4ODBRw66y LXpvA9MGfpLYWrs4r7+/7LhOxkPQWvXUSfTOxnfyPsjX+8Y/ZE8rUiI2a5Bzfbjr cBFiFo0fEQ+e84nOCq7nDhFLJ33nRlRl4lH1lijAlEAnbe6JdWTRS7nhe3Q=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d= messagingengine.com; h=x-sasl-enc:content-type:mime-version :subject:from:in-reply-to:date:cc:message-id:references:to; s= smtpout; bh=7WesvUeEj/93L3gwjE3bE5Uy6Bw=; b=JBhwDRfJ3KpVhJtGMUcy /v9UebYqgnpSMfflKxVywCvyhLZsnB96it1dYcRWR8IqpY/sXc2DC0CbMUrAQjCn 1brZOTI15dhUue83vp9nsL+kIsVEnU0sobYyJRYJZo2dxmmDWnuAKdu0m0jRhuM6 VZCf8lu/adclRG5TKHw2YJ8=
X-Sasl-enc: k5W8wYHX4OFJkMU5IsLcl9nN8XsB8j3Xv8A8TzIX9R8v 1412187019
Received: from [10.35.132.83] (unknown [128.107.239.234]) by mail.messagingengine.com (Postfix) with ESMTPA id A8D7468011E; Wed, 1 Oct 2014 14:10:18 -0400 (EDT)
Content-Type: multipart/alternative; boundary="Apple-Mail=_06DCBC15-8569-4C8A-82E1-2660EDD8591B"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Alissa Cooper <alissa@cooperw.in>
In-Reply-To: <4E1F6AAD24975D4BA5B16804296739439BAA7773@TK5EX14MBXC288.redmond.corp.microsoft.com>
Date: Wed, 01 Oct 2014 11:10:18 -0700
Message-Id: <506E5265-A646-4C17-9ACA-3D6817E85F06@cooperw.in>
References: <20140928212955.32419.90607.idtracker@ietfa.amsl.com> <4E1F6AAD24975D4BA5B16804296739439BAA14D8@TK5EX14MBXC288.redmond.corp.microsoft.com> <3BE06C3F-9D49-4BBE-9099-EFE795AE1CD9@gmail.com> <4E1F6AAD24975D4BA5B16804296739439BAA5AAF@TK5EX14MBXC288.redmond.corp.microsoft.com> <4E1F6AAD24975D4BA5B16804296739439BAA7773@TK5EX14MBXC288.redmond.corp.microsoft.com>
To: Mike Jones <Michael.Jones@microsoft.com>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/jose/zLI90mPkpOEda7zVYzPIWzY7sKI
X-Mailman-Approved-At: Wed, 01 Oct 2014 12:50:44 -0700
Cc: "draft-ietf-jose-json-web-algorithms@tools.ietf.org" <draft-ietf-jose-json-web-algorithms@tools.ietf.org>, Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>, "jose-chairs@tools.ietf.org" <jose-chairs@tools.ietf.org>, IESG <iesg@ietf.org>, "jose@ietf.org" <jose@ietf.org>
Subject: Re: [jose] Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT)
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 01 Oct 2014 18:11:00 -0000
I think the suggested change below would be helpful. Thanks, Alissa On Sep 30, 2014, at 3:20 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > A possible wording addition to remove any potential ambiguity is proposed inline below… > > From: Mike Jones [mailto:Michael.Jones@microsoft.com] > Sent: Tuesday, September 30, 2014 11:45 AM > To: Kathleen Moriarty > Cc: Alissa Cooper; The IESG; jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web-algorithms@tools.ietf.org > Subject: RE: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT) > > Replies to your questions are inline below, Kathleen. > > From: Kathleen Moriarty [mailto:kathleen.moriarty.ietf@gmail.com] > Sent: Monday, September 29, 2014 7:42 PM > To: Mike Jones > Cc: Alissa Cooper; The IESG; jose-chairs@tools.ietf.org; jose@ietf.org; draft-ietf-jose-json-web-algorithms@tools.ietf.org > Subject: Re: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT) > > > > Sent from my iPhone > > On Sep 29, 2014, at 6:42 PM, Mike Jones <Michael.Jones@microsoft.com> wrote: > > Thanks for your review, Alissa. I’ve added the working group to this thread so they're aware of your comments. Replies are inline below… > > -----Original Message----- > From: Alissa Cooper [mailto:alissa@cooperw.in] > Sent: Sunday, September 28, 2014 2:30 PM > To: The IESG > Cc: jose-chairs@tools.ietf.org; draft-ietf-jose-json-web-algorithms@tools.ietf.org > Subject: Alissa Cooper's No Objection on draft-ietf-jose-json-web-algorithms-33: (with COMMENT) > > Alissa Cooper has entered the following ballot position for > draft-ietf-jose-json-web-algorithms-33: No Objection > > When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) > > > Please refer to http://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > http://datatracker.ietf.org/doc/draft-ietf-jose-json-web-algorithms/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > == Section 3.4 == > "Signing and validation with the ECDSA P-384 SHA-384 and ECDSA P-521 > SHA-512 algorithms is performed identically to the procedure for > ECDSA P-256 SHA-256 -- just using the corresponding hash algorithms > with correspondingly larger result values. For ECDSA P-384 SHA-384, > R and S will be 384 bits each, resulting in a 96 octet sequence. For > ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a > 132 octet sequence." > > For the ECDSA P-521 SHA-512 case, how does the result amount to 132 octets? Is there padding inserted into R and S? > > The P-521 curve uses 521-bit R and S values. It takes 66 octets to represent 521 bits. There are two 66-octet values, hence 132 octets. > > Mike, > > I may be missing something too... It looks like there is a little padding as the info in the draft gets to 65.1 as opposed to 66. I think that's what Alissa was getting at. How is that handled? > > You’re right that there is 7 bits of zero-valued padding in the highest-order bits of the octet sequence representations of both values when using 521-bit integers. This allows each to be represented in separate octet sequences that represent big-endian integers. This padding is specified in [SEC1]. Step two of this section includes this text about the integer-to-octet string conversion: > > The values R > and S are represented as octet sequences using the Integer-to- > OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] > (in big endian octet order). > > Thinking about it some more, we could add the following parenthetical remark after the sentence “For ECDSA P-521 SHA-512, R and S will be 521 bits each, resulting in a 132 octet sequence” to remove any possible ambiguity: > > (Note that the Integer-to-OctetString Conversion defined in Section 2.3.7 of SEC1 [SEC1] used to represent R and S as octet sequences adds zero-valued high-order padding bits when needed to round the size up to a multiple of 8 bits; thus, each 521-bit integer is represented using 528 bits in 66 octets.) > > Would that work for people? It may be overkill, given the reference to SEC1 two paragraphs earlier, but it should be 100% clear. > > Also, is there space allocated for the "." Separators or is that not necessary? > > The base64url encoded signature value contains no “.” character. The binary signature value consists of the concatenation of the two octet sequences representing R and S, which are of a known fixed length for each particular curve. > > Thanks, > Kathleen > == Section 7 == > > Do we use iesg@iesg.org? I usually use iesg@ietf.org. > > == Section 8.4 == > "An Initialization Vector value MUST never be used multiple times with > the same AES GCM key." > > I think what was intended here was s/MUST never/MUST NOT/ > > Agreed. To keep the same level of emphasis, I propose to change “MUST never” to “MUST NOT ever”. > > -- Mike >
- Re: [jose] Alissa Cooper's No Objection on draft-… Mike Jones
- Re: [jose] Alissa Cooper's No Objection on draft-… Kathleen Moriarty
- Re: [jose] Alissa Cooper's No Objection on draft-… Mike Jones
- Re: [jose] Alissa Cooper's No Objection on draft-… Mike Jones
- Re: [jose] Alissa Cooper's No Objection on draft-… Alissa Cooper
- Re: [jose] Alissa Cooper's No Objection on draft-… Mike Jones