IETF Logo Mail Archive

Re: [OAUTH-WG] Signature crypto

"Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com> Wed, 25 November 2009 14:19 UTC

Return-Path: <infinity@lindenlab.com>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 856C728C22C for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 06:19:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.976
X-Spam-Level:
X-Spam-Status: No, score=-1.976 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lU8e96+TKTDq for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 06:19:13 -0800 (PST)
Received: from mail-fx0-f213.google.com (mail-fx0-f213.google.com [209.85.220.213]) by core3.amsl.com (Postfix) with ESMTP id 161773A68AB for <oauth@ietf.org>; Wed, 25 Nov 2009 06:19:12 -0800 (PST)
Received: by fxm5 with SMTP id 5so7004507fxm.28 for <oauth@ietf.org>; Wed, 25 Nov 2009 06:19:03 -0800 (PST)
MIME-Version: 1.0
Received: by 10.239.181.11 with SMTP id k11mr769346hbg.203.1259158743539; Wed, 25 Nov 2009 06:19:03 -0800 (PST)
In-Reply-To: <4B0D3698.8070706@cs.tcd.ie>
References: <90C41DD21FB7C64BB94121FBBC2E72343785183009@P3PW5EX1MB01.EX1.SECURESERVER.NET> <4B0D3698.8070706@cs.tcd.ie>
From: "Infinity Linden (Meadhbh Hamrick)" <infinity@lindenlab.com>
Date: Wed, 25 Nov 2009 06:18:43 -0800
Message-ID: <3a880e2c0911250618w358579d9o38b5ad90cb9242af@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: multipart/alternative; boundary="001485f87fb49fe000047932bddf"
Cc: "OAuth WG (oauth@ietf.org)" <oauth@ietf.org>
Subject: Re: [OAUTH-WG] Signature crypto
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 14:19:14 -0000

+1 to stephen's comment.

when it comes to algorithm support and selection, i think the consensus
that's emerged is we should require an algorithm that "looks good" at the
moment the spec is being drafted, but allow the use of other optional
algorithms. ("looks good" here means that there are no known successful
attacks against the math of the algorithm and there's a general consensus
amongst cryptographers that there won't be one in the next 20 years.)

the rationale behind this may have to do with the experience some
implementers had with MOSS / MIME Object Security Services (aka RFC1848.)
MOSS was specified to address issues people had raised with PEM (Privacy
Enhanced Mail). The problem with MOSS is that it was near infinitely
flexible and you could create an implementation that strictly adhered to the
specification, but was non-interoperable if you chose to support a different
set of optional encipherment algorithms.

so the concern here is that if you allow all hash algorithms to be optional,
you'll find some outlier who wants to use HAVAL with Rabin Williams to
generate signatures and will sell this solution into the marketplace, then
go out of business. people who bought the solution won't think anything's
wrong 'til they try to hook it up to someone else who's using a more
traditional SHA256+RSA or ECDSA solution. a great wailing and gnashing of
teeth will follow.

but if we REQUIRE that everyone use SHA256 but allow other hash algorithms,
then we won't have this problem.

-cheers
-meadhbh

--
  infinity linden (aka meadhbh hamrick)  *  it's pronounced "maeve"
        http://wiki.secondlife.com/wiki/User:Infinity_Linden


On Wed, Nov 25, 2009 at 05:52, Stephen Farrell <stephen.farrell@cs.tcd.ie>wrote:

>
>
> Eran Hammer-Lahav wrote:
> > I think we have consensus that the spec should not mandate a particular
> hash algorithm. This still leave the issue of assigning algorithms short
> names for the purpose of negotiation and declaration. Is there a registry
> available for such algorithms we can use or do we need to create a new one?
>
> Sorry to have missed out on the thread where that was discussed, but
> it'd be odd for an IETF security spec to not mandate some algorithms
> and quite likely to generate comments later in the process if there's
> no well-defined way to ensure interop. Do we have that?
>
> Ta,
> S.
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>

v2.23.0 | Report a Bug | By Email