Re: [Last-Call] Secdir last call review of draft-ietf-cose-webauthn-algorithms-06
Linda Dunbar <linda.dunbar@futurewei.com> Wed, 03 June 2020 19:49 UTC
Return-Path: <linda.dunbar@futurewei.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5D763A0EE1; Wed, 3 Jun 2020 12:49:00 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.09
X-Spam-Level:
X-Spam-Status: No, score=-2.09 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, T_SPF_PERMERROR=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=futurewei.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y9-6Idoai1B2; Wed, 3 Jun 2020 12:48:59 -0700 (PDT)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2102.outbound.protection.outlook.com [40.107.92.102]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F30FE3A0EE0; Wed, 3 Jun 2020 12:48:58 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QxWpiNrTLDLbtUrmA4ye5eGe6lCwGxl035MNnhOMIQjgeOoyKGkYQZsixd9u4CIyyzjTh+bpP+6NVaCMDqHt3qYt673DwYFl/veicRpJc7aVteVS1syFg4FEy4rdy2iPkreSLitdpIY85LUqrhW4ochKGgRPC3S+SdiABjBDOpOCLxO1/ftoXY68EN+nYx3BN58wDiqJxA322JcRSwIl+bjm7O0C/4OAIxKtSkKrSL01ln4V8LOer4ASFwOuNj2rcNJGT8p4nDKvQIZ/IepYdJo8GuVNdBeQUlbHpOCnUdQoUzbjf+Zt7qAyS2S6NMIRsykK7Siis0gWkJY5c/7MMw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pkvndGe5dNzAFO4eDi1s75MdfMwfNOsye2WOzNLnKXs=; b=csVkpiXYZ8+tqm5q1VhQeYxgWBKLd+yY4AaolBIIKzzH6jTIZIPShxJGFyl19PkO6HoiESUYeaADvHdejGBzITtcnwCCgTkL4U+vtmZsJm09irDDfpL+wQQM0UZtrU3aefngNzfXa/yaoemOZLnhlHMOw/GG3LhrPOF9W5Ab9e7LXrlU8+zAT9iJxelTRYpWIS5njD4GzhuAnSah0OwvwPOTuw1l6kZEPfteiirnyXBW5e1vp8+zTDZI8RgW2VSrbBY2izikD6Bd9shi9G4Ot9QMN0FFeoQ+kSgI7YyEHpcvlDf1ym/P9RFKhcarQ6XsyFi4oaqJr6AIYGhf5Bw2sQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=futurewei.com; dmarc=pass action=none header.from=futurewei.com; dkim=pass header.d=futurewei.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=Futurewei.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pkvndGe5dNzAFO4eDi1s75MdfMwfNOsye2WOzNLnKXs=; b=lIRRvmJRsiyMRwVm+d7L7b03jXXzA+erJDhs5nggahSFCt0inzqXPlBck0dHqYq/a+WBcMdbPhUGuZ6B3GdtTTGyThOPeTHK1UUB2gmgbL22XhPtbIE7VSG7ax8toU8iHT71biJw+GYKnNlzLXmvI3i3/cXk3m6pEJTURIqKdD8=
Received: from DM6PR13MB2330.namprd13.prod.outlook.com (2603:10b6:5:cc::16) by DM6PR13MB2874.namprd13.prod.outlook.com (2603:10b6:5:144::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3066.12; Wed, 3 Jun 2020 19:48:56 +0000
Received: from DM6PR13MB2330.namprd13.prod.outlook.com ([fe80::95a6:b46f:dc31:3fdd]) by DM6PR13MB2330.namprd13.prod.outlook.com ([fe80::95a6:b46f:dc31:3fdd%7]) with mapi id 15.20.3045.024; Wed, 3 Jun 2020 19:48:56 +0000
From: Linda Dunbar <linda.dunbar@futurewei.com>
To: Mike Jones <Michael.Jones@microsoft.com>, "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>, "secdir@ietf.org" <secdir@ietf.org>
CC: "cose@ietf.org" <cose@ietf.org>, "draft-ietf-cose-webauthn-algorithms.all@ietf.org" <draft-ietf-cose-webauthn-algorithms.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-cose-webauthn-algorithms-06
Thread-Index: AQHWNHF88QTcU9SYR0Gbkbt6ssDowai8okawgAqDUQCAADFioA==
Date: Wed, 03 Jun 2020 19:48:56 +0000
Message-ID: <DM6PR13MB23304B3F79D64C2AF49509CB85880@DM6PR13MB2330.namprd13.prod.outlook.com>
References: <159053708200.16306.10159573848968846851@ietfa.amsl.com> <b0165785-034a-0ab8-1028-d971a8206ba1@outer-planes.net> <SN6PR13MB233474057AF4F89E18FA9F1F858E0@SN6PR13MB2334.namprd13.prod.outlook.com> <MN2PR00MB0688AC2E5644E4D409E42747F5880@MN2PR00MB0688.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB0688AC2E5644E4D409E42747F5880@MN2PR00MB0688.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=efc2d60a-0ed4-43b6-8f8a-000013c750c0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-06-03T16:50:06Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: microsoft.com; dkim=none (message not signed) header.d=none;microsoft.com; dmarc=none action=none header.from=futurewei.com;
x-originating-ip: [72.180.73.64]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 01afa5be-88d5-4943-b2c8-08d807f726e8
x-ms-traffictypediagnostic: DM6PR13MB2874:
x-microsoft-antispam-prvs: <DM6PR13MB2874964E91516020C2652D2F85880@DM6PR13MB2874.namprd13.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-forefront-prvs: 04238CD941
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: bRhi0Bbd/N+/DXK/elaq2duyZMSKsiWtDda8vg960Pn95TfVoqmBqwkUMx4bXl0NM5tvoXUdw63QrZcgJ+yzN4338CL89b8lo1L0wYT9TKrYBlMI2BG3uLsMxjjtVLai6hVVoaz4OE9FBK5W8Tetn8W+5WbGddY1Tn709uRWvN0VM7ts7L0B+Iu9UXEVoyIfUx5Up+gsaxHTqTDBmSvTi9KNSMmUVz5JUZaRILmv2qMd5aZWY7/LFcKRmVMoSCEcHyJyF8CJw/9qUDer/n7vz7oQU6id7jfPCPx75xMURmbcfQRil5QBCpbQUeQfxqZODgMusyRb94RdQ7h0KJgGsxlfjImrpwG9iKGwH4DYfF1yLoIDNkHvEThjuJzEPU8I3jf9Rk5/9+X4hWHMsR2DTw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR13MB2330.namprd13.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(376002)(346002)(366004)(136003)(39850400004)(55016002)(2906002)(9686003)(8676002)(86362001)(64756008)(966005)(71200400001)(83380400001)(45080400002)(7696005)(66476007)(66446008)(44832011)(66946007)(66556008)(5660300002)(8936002)(316002)(6506007)(478600001)(33656002)(54906003)(110136005)(26005)(53546011)(186003)(52536014)(76116006)(4326008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: WER4U6aAKRAOsTNPApORATawod+jbsKBR6Z4NDc4cyuva4s3xmgfMTDKK7qhclUHfnfMBTHmJKYdoi+SWdMIX91IWR0J64RcjHumnfPCGRqP8vkfrjMMJFTXAtqb2VxSVqHiO5TJn6sm9jm+0nh/k8bDaeYUP/obw0CQkOWoPjmpAgoKQ7VCBQ+cqdqNAI2YYNHR4WLwm8V/p+quHdjV6FCOHvqLfDYzuz6pVMtnD1m5FtuitMVuq+RjjiRsC/q2lpfBZpCk7TII8RwXh4CGBTGpFll+qR626WpysxGftEHljyI3wcP/XcC2Wn7DHf3fzKf9nPfVm7j4/id6A22rlCvpB7aEawNt7mZJ70edzfB8brQoV3hewWlYg/2QJ6+HoPcSwuxj7rNyzEEd85MGAgWfoC8WGPSDhrwpgFNjn/hlMK0kEYdmYgZ0ctoMQLtmlGNqAqldLyqVfDSrWNaYgL0ioUjKfpsmL1kBhpmoA8c=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: Futurewei.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 01afa5be-88d5-4943-b2c8-08d807f726e8
X-MS-Exchange-CrossTenant-originalarrivaltime: 03 Jun 2020 19:48:56.3276 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 0fee8ff2-a3b2-4018-9c75-3a1d5591fedc
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: vrTTdsVEMucKhZoPj5tWGjfrKjCe8z/SH11fC/sEYSSYhHOJ/TpFQep4xkaz5yHsbggG0i9751WnzoV/88Ue2g==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR13MB2874
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/GLNWyzbOepQHlAD9fOsgkAl2v9c>
Subject: Re: [Last-Call] Secdir last call review of draft-ietf-cose-webauthn-algorithms-06
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jun 2020 19:49:01 -0000
Mike, Thank you for the change. Linda -----Original Message----- From: Mike Jones <Michael.Jones@microsoft.com> Sent: Wednesday, June 3, 2020 11:52 AM To: Linda Dunbar <linda.dunbar@futurewei.com>; Matthew A. Miller <linuxwolf+ietf@outer-planes.net>; secdir@ietf.org Cc: cose@ietf.org; draft-ietf-cose-webauthn-algorithms.all@ietf.org; last-call@ietf.org Subject: RE: Secdir last call review of draft-ietf-cose-webauthn-algorithms-06 Thanks again for your review, Linda. https://nam11.safelinks.protection.outlook.com/?url=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-ietf-cose-webauthn-algorithms-07%23section-5.2&data=02%7C01%7Clinda.dunbar%40futurewei.com%7C4025d38884ae4d1a9a5b08d807de6562%7C0fee8ff2a3b240189c753a1d5591fedc%7C1%7C1%7C637267999048635328&sdata=oGsafk80fAFxgfMfx3wUPwlrVexjGyVvsHDZfrKdpyo%3D&reserved=0 adds the requested clarification that SHA-256, SHA-384, and SHA-512 are the SHA-2 hash functions. -- Mike -----Original Message----- From: Linda Dunbar <linda.dunbar@futurewei.com> Sent: Wednesday, May 27, 2020 5:22 PM To: Matthew A. Miller <linuxwolf+ietf@outer-planes.net>; secdir@ietf.org Cc: cose@ietf.org; draft-ietf-cose-webauthn-algorithms.all@ietf.org; last-call@ietf.org Subject: [EXTERNAL] RE: Secdir last call review of draft-ietf-cose-webauthn-algorithms-06 Matthew, That is what I was thinking. Can you add a sentence in Section 5.2 to say that this is for the collection of SHA-256, SHA-384, SHA-512 algorithms? Otherwise, the two sections of the document don't match. Thank you Linda Dunbar -----Original Message----- From: Matthew A. Miller <linuxwolf+ietf@outer-planes.net> Sent: Wednesday, May 27, 2020 4:55 PM To: Linda Dunbar <linda.dunbar@futurewei.com>; secdir@ietf.org Cc: cose@ietf.org; draft-ietf-cose-webauthn-algorithms.all@ietf.org; last-call@ietf.org Subject: Re: Secdir last call review of draft-ietf-cose-webauthn-algorithms-06 Hello Linda, Thanks for the review. Speaking on the author's behalf, SHA-2 is defined as the collection of hash algorithms, including all of those cited (SHA-256, SHA-384, SHA-512). Do you believe it is critical to call this out explicitly? - m&m Matthew A. Miller On 20/05/26 17:51, Linda Dunbar via Datatracker wrote: > Reviewer: Linda Dunbar > Review result: Not Ready > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the security area directors. > Document editors and WG chairs should treat these comments just like > any other last call comments. > > This document is to list down the COSE&JOSE Algorithms to be > registered to IANA. But it seems the description is not complete. In > the Section 2: among the > 4 algorithms listed under RSASSA-PKCS1-v1_5, three are NOT > recommended, one is deprecated. Under the Security Consideration > (Section 5), Section 5.2 describes why SHA-2 is "Not Recommended", > Section 5.3 describes why SHA-1 is "Deprecated". What about the > description on why SHA-512, SHA-384, and SHA-256 are not recommended? Is the missing description intended? > > Best Regards, > > Linda Dunbar > > >
- [Last-Call] Secdir last call review of draft-ietf… Linda Dunbar via Datatracker
- Re: [Last-Call] Secdir last call review of draft-… Matthew A. Miller
- Re: [Last-Call] Secdir last call review of draft-… Linda Dunbar
- Re: [Last-Call] Secdir last call review of draft-… Mike Jones
- Re: [Last-Call] Secdir last call review of draft-… Linda Dunbar