IETF Logo Mail Archive

Re: [OAUTH-WG] Signature crypto

Stephen Farrell <stephen.farrell@cs.tcd.ie> Wed, 25 November 2009 16:57 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: oauth@core3.amsl.com
Delivered-To: oauth@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 818D528C14E for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 08:57:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.599
X-Spam-Level:
X-Spam-Status: No, score=-3.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAQ8RpNHAyp5 for <oauth@core3.amsl.com>; Wed, 25 Nov 2009 08:57:30 -0800 (PST)
Received: from TX2EHSOBE010.bigfish.com (tx2ehsobe005.messaging.microsoft.com [65.55.88.15]) by core3.amsl.com (Postfix) with ESMTP id 7286428C140 for <oauth@ietf.org>; Wed, 25 Nov 2009 08:57:30 -0800 (PST)
Received: from mail17-tx2-R.bigfish.com (10.9.14.249) by TX2EHSOBE010.bigfish.com (10.9.40.30) with Microsoft SMTP Server id 8.1.240.5; Wed, 25 Nov 2009 16:57:25 +0000
Received: from mail17-tx2 (localhost.localdomain [127.0.0.1]) by mail17-tx2-R.bigfish.com (Postfix) with ESMTP id 5414BA68606; Wed, 25 Nov 2009 16:57:25 +0000 (UTC)
X-SpamScore: -48
X-BigFish: VPS-48(zz14e0P1432R9370J98dN168aJzz1202hzz1033ILz2dh87h6bh61h)
X-Spam-TCS-SCL: 0:0
X-FB-DOMAIN-IP-MATCH: fail
Received: from mail17-tx2 (localhost.localdomain [127.0.0.1]) by mail17-tx2 (MessageSwitch) id 1259168198838984_31347; Wed, 25 Nov 2009 16:56:38 +0000 (UTC)
Received: from TX2EHSMHS045.bigfish.com (unknown [10.9.14.249]) by mail17-tx2.bigfish.com (Postfix) with ESMTP id 96C4415D8084; Wed, 25 Nov 2009 16:56:37 +0000 (UTC)
Received: from imx2.tcd.ie (134.226.1.156) by TX2EHSMHS045.bigfish.com (10.9.99.145) with Microsoft SMTP Server id 14.0.482.32; Wed, 25 Nov 2009 16:56:35 +0000
Received: from Vams.imx2 (imx2.tcd.ie [134.226.1.156]) by imx2.tcd.ie (Postfix) with SMTP id 156C668006; Wed, 25 Nov 2009 16:56:35 +0000 (GMT)
Received: from imx2.tcd.ie ([134.226.1.156]) by imx2.tcd.ie ([134.226.1.156]) with SMTP (gateway) id A01CC605D8C; Wed, 25 Nov 2009 16:56:35 +0000
Received: from [134.226.36.180] (sfarrell.dsg.cs.tcd.ie [134.226.36.180]) by imx2.tcd.ie (Postfix) with ESMTP id E6C0A68003; Wed, 25 Nov 2009 16:56:34 +0000 (GMT)
Message-ID: <4B0D61C8.6070408@cs.tcd.ie>
Date: Wed, 25 Nov 2009 16:56:40 +0000
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
User-Agent: Thunderbird 2.0.0.23 (X11/20090812)
MIME-Version: 1.0
To: "Tschofenig, Hannes (NSN - FI/Espoo)" <hannes.tschofenig@nsn.com>
References: <90C41DD21FB7C64BB94121FBBC2E72343785183009@P3PW5EX1MB01.EX1.SECURESERVER.NET><4B0D3698.8070706@cs.tcd.ie> <3a880e2c0911250618w358579d9o38b5ad90cb9242af@mail.gmail.com> <3D3C75174CB95F42AD6BCC56E5555B4501EE54E2@FIESEXC015.nsn-intra.net>
In-Reply-To: <3D3C75174CB95F42AD6BCC56E5555B4501EE54E2@FIESEXC015.nsn-intra.net>
X-Enigmail-Version: 0.96.0
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: 7bit
X-AntiVirus-Status: MessageID = A11CC605D8C
X-AntiVirus-Status: Host: imx2.tcd.ie
X-AntiVirus-Status: Action Taken:
X-AntiVirus-Status: NONE
X-AntiVirus-Status: Checked by TCD Vexira. (version=1.60.2 VDF=10.113.28)
X-Reverse-DNS: imx2.tcd.ie
Cc: oauth@ietf.org
Subject: Re: [OAUTH-WG] Signature crypto
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/oauth>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Nov 2009 16:57:31 -0000

5280 is a special case since its a profile that gets
referenced by other RFCs so there's always a 2nd RFC
involved there. While one could imagine OAuth having
a separate RFC that just specifies a current algorithm
set, I'm not sure that'd be best...it might, but I'd
suspect not. My reason for that is that I'd expect that
we'd rev. something else in the protocol about as
often as (or more often than) we'd change the mandatory
to implement algorithm. But I guess we'll see.

S.

Tschofenig, Hannes (NSN - FI/Espoo) wrote:
> This case is interesting. 
>  
> Until recently I have also thought that one has to specify a
> mandatory-to-implement algorithm in a security protocol since otherwise
> interoperability would really suffer. When working in KEYPROV I learned
> through Russ Housley that this is actually not true. 
> 
> He said:
> "
> Some specifications in the security area do not pick a mandatory to
> implement algorithm.  RFC 5280 is one example.  Instead the companion
> specifications tell what algorithm is appropriate for a particular
> environment. 
> "
>  
> There are a few reasons why you often cannot agree on a specific
> algorithm. Examples are different usage scenarios that demand a certain
> algorithm, certain software packages that may or may not support certain
> algorithms at a specific point in time, different performance/hardware
> requirements, IPR concerns, etc.
>  
> In any case it is likely that the chosen algorithm will get replaced in
> a few years from now and one does not want to update the specification
> every time. Hence, having some form of crypto-agility is generally a
> good idea since you might want to negotiate a set of algorithms anyway
> and it is quite likely that an algorithm is found that both parties
> support. 
>  
> Ciao
> Hannes
> 
> 
> 
> ________________________________
> 
> 	From: oauth-bounces@ietf.org [mailto:oauth-bounces@ietf.org] On
> Behalf Of ext Infinity Linden (Meadhbh Hamrick)
> 	Sent: 25 November, 2009 16:19
> 	To: Stephen Farrell
> 	Cc: OAuth WG (oauth@ietf.org)
> 	Subject: Re: [OAUTH-WG] Signature crypto
> 	
> 	
> 	+1 to stephen's comment. 
> 
> 	when it comes to algorithm support and selection, i think the
> consensus that's emerged is we should require an algorithm that "looks
> good" at the moment the spec is being drafted, but allow the use of
> other optional algorithms. ("looks good" here means that there are no
> known successful attacks against the math of the algorithm and there's a
> general consensus amongst cryptographers that there won't be one in the
> next 20 years.)
> 
> 	the rationale behind this may have to do with the experience
> some implementers had with MOSS / MIME Object Security Services (aka
> RFC1848.) MOSS was specified to address issues people had raised with
> PEM (Privacy Enhanced Mail). The problem with MOSS is that it was near
> infinitely flexible and you could create an implementation that strictly
> adhered to the specification, but was non-interoperable if you chose to
> support a different set of optional encipherment algorithms.
> 
> 	so the concern here is that if you allow all hash algorithms to
> be optional, you'll find some outlier who wants to use HAVAL with Rabin
> Williams to generate signatures and will sell this solution into the
> marketplace, then go out of business. people who bought the solution
> won't think anything's wrong 'til they try to hook it up to someone else
> who's using a more traditional SHA256+RSA or ECDSA solution. a great
> wailing and gnashing of teeth will follow.
> 
> 	but if we REQUIRE that everyone use SHA256 but allow other hash
> algorithms, then we won't have this problem.
> 
> 	-cheers
> 	-meadhbh
> 
> 	--
> 	  infinity linden (aka meadhbh hamrick)  *  it's pronounced
> "maeve"
> 	        http://wiki.secondlife.com/wiki/User:Infinity_Linden
> 	
> 	
> 	
> 	On Wed, Nov 25, 2009 at 05:52, Stephen Farrell
> <stephen.farrell@cs.tcd.ie> wrote:
> 	
> 
> 
> 
> 		Eran Hammer-Lahav wrote:
> 		> I think we have consensus that the spec should not
> mandate a particular hash algorithm. This still leave the issue of
> assigning algorithms short names for the purpose of negotiation and
> declaration. Is there a registry available for such algorithms we can
> use or do we need to create a new one?
> 		
> 		
> 		Sorry to have missed out on the thread where that was
> discussed, but
> 		it'd be odd for an IETF security spec to not mandate
> some algorithms
> 		and quite likely to generate comments later in the
> process if there's
> 		no well-defined way to ensure interop. Do we have that?
> 		
> 		Ta,
> 		S.
> 		
> 
> 		_______________________________________________
> 		OAuth mailing list
> 		OAuth@ietf.org
> 		https://www.ietf.org/mailman/listinfo/oauth
> 		
> 
> 
>

v2.23.0 | Report a Bug | By Email