IETF Logo Mail Archive

Re: [Last-Call] [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard

"Salz, Rich" <rsalz@akamai.com> Wed, 03 June 2020 16:57 UTC

Return-Path: <rsalz@akamai.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5D3C03A09C9; Wed, 3 Jun 2020 09:57:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dlshEpXGYai6; Wed, 3 Jun 2020 09:57:09 -0700 (PDT)
Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 913533A08E4; Wed, 3 Jun 2020 09:57:09 -0700 (PDT)
Received: from pps.filterd (m0050096.ppops.net [127.0.0.1]) by m0050096.ppops.net-00190b01. (8.16.0.42/8.16.0.42) with SMTP id 053Gt9uW026715; Wed, 3 Jun 2020 17:57:02 +0100
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=jan2016.eng; bh=o4vJoS4sR6va7HYOYXz0Bzm7vKQGBxgGgiMrJcALpQk=; b=LK3SVrlF+ZmY9VeJuy2tEoyiERz1WtaSai8JIGk+bnxD+uvz83wBsS/jWxgqez1Y70il cOiZChU9VXaY88ETTpUiOUr9SmxFl2JkWEd9562PuWL1DAAL13vCuRL0+eB7LKqqWpZL apJSwEkw8TfpSvTP2L2CjO338KCBf7azSgqIiufBCkjQhs56joKlaa9IgYqWkZyNcUV0 mC2L6SJI32L5oDDWLtZMNn+7KB3mStqVVazi8LQ+pzTwRNtWT6QvxSA/eDYAMDKZl7Op poR/gZv2RkjabchaBw5/SQo7tuXsMzdo71mKxc/u4oFa9DcmqUcn+7YOR9J0A6R550N0 jQ==
Received: from prod-mail-ppoint4 (a72-247-45-32.deploy.static.akamaitechnologies.com [72.247.45.32] (may be forged)) by m0050096.ppops.net-00190b01. with ESMTP id 31d8rum1sw-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 03 Jun 2020 17:57:02 +0100
Received: from pps.filterd (prod-mail-ppoint4.akamai.com [127.0.0.1]) by prod-mail-ppoint4.akamai.com (8.16.0.27/8.16.0.27) with SMTP id 053Gleuq016420; Wed, 3 Jun 2020 12:57:01 -0400
Received: from email.msg.corp.akamai.com ([172.27.165.112]) by prod-mail-ppoint4.akamai.com with ESMTP id 31bjtvne9t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Wed, 03 Jun 2020 12:57:00 -0400
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.165.119) by ustx2ex-dag1mb3.msg.corp.akamai.com (172.27.165.121) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Wed, 3 Jun 2020 11:56:59 -0500
Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.165.119]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.165.119]) with mapi id 15.00.1497.006; Wed, 3 Jun 2020 11:56:59 -0500
From: "Salz, Rich" <rsalz@akamai.com>
To: Mike Jones <Michael.Jones@microsoft.com>, Eric Rescorla <ekr@rtfm.com>
CC: "last-call@ietf.org" <last-call@ietf.org>, Jim Schaad <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Thread-Topic: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
Thread-Index: AdYxXK5oD21D1OE4Q7aiB+KOED7TnwIaeXCgAAJy8wA=
Date: Wed, 03 Jun 2020 16:56:58 +0000
Message-ID: <29A8131D-0E3B-41EA-9A4B-6EA05D94DEB8@akamai.com>
References: <DM6PR00MB068462959AADE20D1CE2BDE4F5B50@DM6PR00MB0684.namprd00.prod.outlook.com> <MN2PR00MB0688C598816D9CFDC595BFCDF5880@MN2PR00MB0688.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB0688C598816D9CFDC595BFCDF5880@MN2PR00MB0688.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.37.20051002
x-ms-exchange-messagesentrepresentingtype: 1
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [172.19.118.24]
Content-Type: multipart/alternative; boundary="_000_29A8131D0E3B41EA9A4B6EA05D94DEB8akamaicom_"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-03_13:2020-06-02, 2020-06-03 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=999 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-2004280000 definitions=main-2006030132
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.216, 18.0.687 definitions=2020-06-03_13:2020-06-02, 2020-06-03 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 spamscore=0 adultscore=0 phishscore=0 clxscore=1011 impostorscore=0 mlxscore=0 bulkscore=0 lowpriorityscore=0 cotscore=-2147483648 mlxlogscore=999 priorityscore=1501 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2004280000 definitions=main-2006030133
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/6KqXCyIH9zYIBngfCmLdBOTYx5A>
Subject: Re: [Last-Call] [COSE] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 16:57:11 -0000

Thank you for accommodating the feedback!

From: Mike Jones <Michael.Jones@microsoft.com>
Date: Wednesday, June 3, 2020 at 12:50 PM
To: Eric Rescorla <ekr@rtfm.com>, Rich Salz <rsalz@akamai.com>
Cc: "last-call@ietf.org" <last-call@ietf.org>, "ietf@augustcellars.com" <ietf@augustcellars.com>, "cose@ietf.org" <cose@ietf.org>
Subject: RE: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard

https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-07<https://urldefense.proofpoint.com/v2/url?u=https-3A__tools.ietf.org_html_draft-2Dietf-2Dcose-2Dwebauthn-2Dalgorithms-2D07&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=DvfsL_9B8lxskQQnz5n1hVZdxOcmcspl9ELLMoJYh9s&s=esjhelKNCOaAstmxHzyCBJlfSkzc5XMRDTxea9HuXMw&e=> now registers secp256k1 and ES256K as “Recommended: No”, per your requests.

                                                       -- Mike

From: Mike Jones
Sent: Saturday, May 23, 2020 4:49 PM
To: Eric Rescorla <ekr@rtfm.com>; rsalz@akamai.com
Cc: last-call@ietf.org; Jim Schaad <ietf@augustcellars.com>; cose@ietf.org
Subject: Re: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard

I can certainly change the COSE recommendation status from Yes to No, if that’s the prevailing opinion.  Those that have decided to use secp256k1 over the NIST and 25519 curves will likely continue to do so no matter what we decide in this regard.

I’ll wait until the last call expires on Wednesday to see what other comments may come in and then publish an updated draft.

                                                       Thanks all,
                                                       -- Mike

From: COSE <cose-bounces@ietf.org<mailto:cose-bounces@ietf.org>> On Behalf Of Eric Rescorla
Sent: Saturday, May 23, 2020 2:36 PM
To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:rsalz=40akamai.com@dmarc.ietf.org>>
Cc: last-call@ietf.org<mailto:last-call@ietf.org>; Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; cose@ietf.org<mailto:cose@ietf.org>
Subject: Re: [COSE] [Last-Call] Last Call: <draft-ietf-cose-webauthn-algorithms-05.txt> (COSE and JOSE Registrations for WebAuthn Algorithms) to Proposed Standard

Good catch. We definitely should not be recommending sep256k1.

-Ekr


On Sat, May 23, 2020 at 1:30 PM Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org<mailto:40akamai.com@dmarc.ietf.org>> wrote:
>    I believe that the IESG needs to debate if this document should be the one
    which makes the secp256k1 curve a recommended IETF curve to use.

A good point, albeit slightly subtle.  +1.



--
last-call mailing list
last-call@ietf.org<mailto:last-call@ietf.org>
https://www.ietf.org/mailman/listinfo/last-call<https://urldefense.proofpoint.com/v2/url?u=https-3A__www.ietf.org_mailman_listinfo_last-2Dcall&d=DwMGaQ&c=96ZbZZcaMF4w0F4jpN6LZg&r=4LM0GbR0h9Fvx86FtsKI-w&m=DvfsL_9B8lxskQQnz5n1hVZdxOcmcspl9ELLMoJYh9s&s=3Ykwsawl45_2B5UEHJYv3Vi7wGccDfprp-3-slYzL4g&e=>

v2.23.0 | Report a Bug | By Email