IETF Logo Mail Archive

Re: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?

Yaron Sheffer <yaronf.ietf@gmail.com> Tue, 01 May 2018 20:16 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0FF2512EAB3 for <oauth@ietfa.amsl.com>; Tue, 1 May 2018 13:16:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kHT9nOz2Iu1G for <oauth@ietfa.amsl.com>; Tue, 1 May 2018 13:16:48 -0700 (PDT)
Received: from mail-wm0-x22c.google.com (mail-wm0-x22c.google.com [IPv6:2a00:1450:400c:c09::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EFF612EAA5 for <oauth@ietf.org>; Tue, 1 May 2018 13:16:48 -0700 (PDT)
Received: by mail-wm0-x22c.google.com with SMTP id j5so20724274wme.5 for <oauth@ietf.org>; Tue, 01 May 2018 13:16:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-language:content-transfer-encoding; bh=XfIkVVJDOv0f6tfn8huoBxilcsG2H10nfTzrJO16uEw=; b=NAGYk3uA8Ry9/RdCyEyWcSEIlwk3l+sIczHSptn/6PCZUFxsjKgEpA57FipnI1EWxU 5YWe8aLWrR6oHtoLHkaJzcGAa9JmjCJg3A05PN5MZkHyHBddbbGPu9Ubb7Uwz3nFu2Ck lG8YtToNq2bKUBZ8eDEqjrkJpFGswl5N93kizGyWm7TphrkIN5dHSm+8FDsJNaV9v1TX niGF+760Lu+cQIjMZ3A8uwoqgN8rahzCZJLLfVpsYPZvRM3oG38eb/I19rirN5vGn7hw PkDxP+9sY1PmEtXkKufuGIITciVOTyr7AKL4kAuG1yAw5rf7nwUC/wGhOr5Y60xznqEv jv/Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-language :content-transfer-encoding; bh=XfIkVVJDOv0f6tfn8huoBxilcsG2H10nfTzrJO16uEw=; b=Nr+eUUc1ETaauFdAVVrjFNJlEtB4HbDw+qzLzs7lJ942xrPnyNMm0ssQXSySPMROkN ifr50LRTUZOGst6hRsqQPtofXeaJfBeFQEcudqwU9S3RhdVfprPBbJDmNb7IyS3uQg3j kRAQ27KRBm133uh9IpLPaJDITAuiIfR2V6296mk9wS5wUFDVyxh9lYp9zH1ceHlCIpor eNpADHpXXdgQBCKthL3tuxTcs5yBseOm9Cg4od95Yl/mx/Xc7xxWTRjYwcUvKWnQz40y pJPu0El7byGdBBa1v9Gs0J4E+xNfLVoAg8lYaGjKBQi7FeEmZdyLPIcJ4xWeEttO95eR D58w==
X-Gm-Message-State: ALQs6tDcwvL5Kuh43yCNww/oAlJhd+Sxc9xws3llhfIiwuk1yeIhMRk8 mUlAXCi+GhPKXh078+l4ZNdiXCq4
X-Google-Smtp-Source: AB8JxZoCwe98fqN4QdVMmt7gn1HlWLnsHVZZdzE1M1ZF6Rvfs2Amdklpq/Ro2vYvJRS+u3b3lYHoyQ==
X-Received: by 10.28.218.80 with SMTP id r77mr9774993wmg.105.1525205806768; Tue, 01 May 2018 13:16:46 -0700 (PDT)
Received: from [10.0.0.140] (bzq-79-178-9-247.red.bezeqint.net. [79.178.9.247]) by smtp.gmail.com with ESMTPSA id x70sm10741072wma.9.2018.05.01.13.16.44 for <oauth@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Tue, 01 May 2018 13:16:45 -0700 (PDT)
To: oauth@ietf.org
References: <mailman.3596.1525113878.4527.oauth@ietf.org>
From: Yaron Sheffer <yaronf.ietf@gmail.com>
Message-ID: <b3117b14-59e8-f8ca-14c9-913683472a42@gmail.com>
Date: Tue, 01 May 2018 23:16:42 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <mailman.3596.1525113878.4527.oauth@ietf.org>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/23U-ciFb-8out2WnPyXX-kZHKJg>
Subject: Re: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 May 2018 20:16:51 -0000

Will add to the draft. Thank you Jeff!

> ------------------------------
> 
> From: =JeffH <Jeff.Hodges@KingsMountain.com>
> To: IETF OAuth WG <oauth@ietf.org>
> Subject: [OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?
> Message-ID: <0c2d1ad2-1239-26e0-87c1-9be2bd1e79c4@KingsMountain.com>
> Content-Type: text/plain; charset=utf-8; format=flowed
> 
> In search of CurveSwap:
> Measuring elliptic curve implementations in the wild
> Luke Valenta, Nick Sullivan, Antonio Sanso, Nadia Heninger
> https://eprint.iacr.org/2018/298.pdf   (see section 7.1)
> 
> ...is perhaps a suitable reference for section 3.4 of -jwt-bcp ?
> 
> https://tools.ietf.org/html/draft-ietf-oauth-jwt-bcp-01#section-3.4
> 
> 
> HTH,
> =JeffH

v2.23.0 | Report a Bug | By Email