Re: [OAUTH-WG] ECDH-1PU encryption algorithm

Dave Tonge <dave.tonge@momentumft.co.uk> Mon, 10 August 2020 06:18 UTC

Return-Path: <dave.tonge@moneyhub.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6C37B3A13FF for <oauth@ietfa.amsl.com>; Sun, 9 Aug 2020 23:18:01 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.987
X-Spam-Level:
X-Spam-Status: No, score=-1.987 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=momentumft.co.uk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RgOH-RefByXa for <oauth@ietfa.amsl.com>; Sun, 9 Aug 2020 23:17:59 -0700 (PDT)
Received: from mail-pg1-x52b.google.com (mail-pg1-x52b.google.com [IPv6:2607:f8b0:4864:20::52b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5C3A23A0433 for <oauth@ietf.org>; Sun, 9 Aug 2020 23:17:59 -0700 (PDT)
Received: by mail-pg1-x52b.google.com with SMTP id x6so4265969pgx.12 for <oauth@ietf.org>; Sun, 09 Aug 2020 23:17:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=momentumft.co.uk; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=2CRrRMGAliyaneg0T9FkHraZuJpx1WtKGq6YOshDLN8=; b=X1o1axOROX9bEa2baZ3fDSuqcBvbmfC0k5+au92RqJJNLStT3iNiV9EbxZu/Pr+a// zNyF40hwxv4sNnNfP3YI6GuVSeqaIyGM1qFL7xy2IJh024cmHwldankuDNg5rndoakK7 bMn0jOZJ9eEJQuAhcqKP0n667Ep9mEaH7Nooo=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=2CRrRMGAliyaneg0T9FkHraZuJpx1WtKGq6YOshDLN8=; b=k/2kzyiZK6asvW/rB0oZMsGTchWNaeNR4KLUvDsn6Ovy7O5kxr40HHBWvUDqeJraK/ AmoTe+jpjs/r2GXpPkb/HEXEkRSX6Al0f/kphCXNVn55BMeYy9LtQO9f19RNooXzkLGk YfZcpq2Zxhydz1TmouPmmJVj/FM88JvTPce8924FqaYMFz9zTdxV8h+DUXJu4IGR7mwe im+J+GJG3RZt9jXyYKwDNdrIm5DHdgZJR7Wo+IviaAoaQ1RN53N8/HhxAKrN8mp2mQ5T tbUT1nZsE2q9A2yyLukyRBEluIYlPn0AxyeAhawrAjFiUtIJRyutyURqaDeO+WV43GB0 di6A==
X-Gm-Message-State: AOAM530/pfMthTbQKtU8CayCcP6L8xH+9x6TlhrMzvc0SCT21X0bHWHg bMd7MGT7TYsVv+TRrVxj29iwi7y+buNeYn2K3Ll5Cn3PUYhj3o24XDm5Ww6Js6cbOj0g/1LPQgZ mqD8C8N60blIzLnyThi9eSw==
X-Google-Smtp-Source: ABdhPJwget8VThC+e9gyFqHA2JLujHmltQVqmQ8GfmPYWQgQ+i233k0SgVzYJhemdr1KmsOeGu5EC81V1trrRo4JDdY=
X-Received: by 2002:a63:4c48:: with SMTP id m8mr21027943pgl.290.1597040278637; Sun, 09 Aug 2020 23:17:58 -0700 (PDT)
MIME-Version: 1.0
References: <0DEE1AC7-2EA7-420F-B0B5-6F96A3D04D1C@forgerock.com>
In-Reply-To: <0DEE1AC7-2EA7-420F-B0B5-6F96A3D04D1C@forgerock.com>
From: Dave Tonge <dave.tonge@momentumft.co.uk>
Date: Mon, 10 Aug 2020 08:17:47 +0200
Message-ID: <CAP-T6TQFDht6n2=zt7cujQfouEmeOA02e0-sLF_vR96JSFhGaA@mail.gmail.com>
To: Neil Madden <neil.madden@forgerock.com>
Cc: oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000080317205ac7fea44"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/3lIrVbgJRYAHIkS4IgGKWVdpx-c>
Subject: Re: [OAUTH-WG] ECDH-1PU encryption algorithm
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 06:18:01 -0000

Hi Neil

I'd be interested in seeing this draft discussed.

Dave

On Wed, 5 Aug 2020 at 12:02, Neil Madden <neil.madden@forgerock.com> wrote:

> Hi all,
>
> You may remember me from such I-Ds as
> https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03, which proposes
> adding a new encryption algorithm to JOSE. I’d like to reserve a bit of
> time to discuss it at one of the upcoming interim meetings.
>
> The basic idea is that in many cases in OAuth and OIDC you want to ensure
> both confidentiality and authenticity of some token - for example when
> transferring an ID token containing PII to the client through the front
> channel, or for access tokens intended to be handled by a specific RS
> without online token introspection (such as the JWT access token draft). If
> you have a shared secret key between the AS and the client/RS then you can
> use symmetric authenticated encryption (alg=dir or alg=A128KW etc). But if
> you need to use public key cryptography then currently you are limited to a
> nested signed-then-encrypted JOSE structure, which produces much larger
> token sizes.
>
> The draft adds a new “public key authenticated encryption” mode based on
> ECDH in the NIST standard “one-pass unified” model. The primary advantage
> for OAuth usage is that the tokens produced are more compact compared to
> signing+encryption (~30% smaller for typical access/ID token sizes in
> compact serialization). Performance-wise, it’s roughly equivalent. I know
> that size concerns are often a limiting factor in choosing whether to
> encrypt tokens, so this should help.
>
> In terms of implementation, it’s essentially just a few extra lines of
> code compared to an ECDH-ES implementation. (Some JOSE library APIs might
> need an adjustment to accommodate the extra private key needed for
> encryption/public key for decryption).
>
> I’ve received a few emails off-list from people interested in using it for
> non-OAuth use-cases such as secure messaging applications. I think these
> use-cases can be accommodated without significant changes, so I think the
> OAuth WG would be a good venue for advancing this.
>
> I’d be interested to hear thoughts and discussion on the list prior to any
> discussion at an interim meeting.
>
> — Neil
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Dave Tonge
CTO
[image: Moneyhub Enterprise]
<http://www.google.com/url?q=http%3A%2F%2Fmoneyhubenterprise.com%2F&sa=D&sntz=1&usg=AFQjCNGUnR5opJv5S1uZOVg8aISwPKAv3A>
Moneyhub Financial Technology, 5th Floor, 10 Temple Back, Bristol, BS1 6FL
t: +44 (0)117 280 5120

Moneyhub Enterprise is a trading style of Moneyhub Financial Technology
Limited which is authorised and regulated by the Financial Conduct
Authority ("FCA"). Moneyhub Financial Technology is entered on the
Financial Services Register (FRN 809360) at fca.org.uk/register.
Moneyhub Financial
Technology is registered in England & Wales, company registration number
06909772 .
Moneyhub Financial Technology Limited 2018 ©

DISCLAIMER: This email (including any attachments) is subject to copyright,
and the information in it is confidential. Use of this email or of any
information in it other than by the addressee is unauthorised and unlawful.
Whilst reasonable efforts are made to ensure that any attachments are
virus-free, it is the recipient's sole responsibility to scan all
attachments for viruses. All calls and emails to and from this company may
be monitored and recorded for legitimate purposes relating to this
company's business. Any opinions expressed in this email (or in any
attachments) are those of the author and do not necessarily represent the
opinions of Moneyhub Financial Technology Limited or of any other group
company.

-- 


Moneyhub Enterprise is a trading style of Moneyhub Financial Technology 
Limited which is authorised and regulated by the Financial Conduct 
Authority ("FCA"). Moneyhub Financial Technology is entered on the 
Financial Services Register (FRN 809360) at https://register.fca.org.uk/ 
<https://register.fca.org.uk/>. Moneyhub Financial Technology is registered 
in England & Wales, company registration number 06909772. Moneyhub 
Financial Technology Limited 2020 © Moneyhub Enterprise, Regus Building, 
Temple Quay, 1 Friary, Bristol, BS1 6EA. 

DISCLAIMER: This email 
(including any attachments) is subject to copyright, and the information in 
it is confidential. Use of this email or of any information in it other 
than by the addressee is unauthorised and unlawful. Whilst reasonable 
efforts are made to ensure that any attachments are virus-free, it is the 
recipient's sole responsibility to scan all attachments for viruses. All 
calls and emails to and from this company may be monitored and recorded for 
legitimate purposes relating to this company's business. Any opinions 
expressed in this email (or in any attachments) are those of the author and 
do not necessarily represent the opinions of Moneyhub Financial Technology 
Limited or of any other group company.