IETF Logo Mail Archive

Re: [OAUTH-WG] ECDH-1PU encryption algorithm

Mike Jones <Michael.Jones@microsoft.com> Mon, 10 August 2020 17:33 UTC

Return-Path: <Michael.Jones@microsoft.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 59D963A0B3F for <oauth@ietfa.amsl.com>; Mon, 10 Aug 2020 10:33:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=microsoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id a1kKlHdtcOWN for <oauth@ietfa.amsl.com>; Mon, 10 Aug 2020 10:33:47 -0700 (PDT)
Received: from NAM06-DM3-obe.outbound.protection.outlook.com (mail-eopbgr640107.outbound.protection.outlook.com [40.107.64.107]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18EB03A0B81 for <oauth@ietf.org>; Mon, 10 Aug 2020 10:33:46 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CzWayAuMVTy6MuR1YIT1ZN++WYZONLnQsgnUJa/iK1YOZuyBruLiABhcq85q/7mxhrOfFsFv6kFAjdzs4g3H7ibPL2YI/Ssayomy0M5rw78H3PbcYRMzuUTZw0D23yOpUCEqmMiEyg0nLon8o8h6w/5mj3xicAKK3oBX9JXqaeGsdWLTrEyq+09+xiP5S748cGIDrfKRvXXdH6GSmQuO6PXocfeqqa0tWuJWdNjC+SgWxXBjIWYtS1IoFy59UZTHFTNji6CzaGz+E4FdRoXZiFXqvQeLq54fHhnTEMJWuyymdnoVcxavP0L8D6VfAc8xSlTv62v5JfJJHS97pYTQ6Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QKbZ5nO4QMpGqRMu4Zs5pwFVumReb9nGv5StDttZ6tA=; b=SZrGVDbBuLxeu9I60hxWhWMYRvSZqPh4KZE5DKDqgf1BMVXzRAFmCcdmaqZBtM0487djqaCyr0nd09m1HjuuQ6Q2LJNHoLznGT01SXoeQ1qLcr8nT2vEBGwl/wCzZEONMA79XdtEjKSzxo6RsJOOkmIU9iKS5Q05VsULCsXMnYaw78L0FJ64lo4SOU9a4mH/HH0aEAEtVI1iw0/Y4Vg6138HfgXQhL5W72BTMcztJiBEhuRNKSkItNpwMHqpdvMMjbJUtSUwXj2K4+MAd63+dGDID0PnZ/O7EUr1Kw3xdCjQIbGtsea7q1sPSmqOIY8U6LkwcaQsdStxmiARz6ENog==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=microsoft.com; dmarc=pass action=none header.from=microsoft.com; dkim=pass header.d=microsoft.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=QKbZ5nO4QMpGqRMu4Zs5pwFVumReb9nGv5StDttZ6tA=; b=WjD9er7sG5spBg3d2QbvelOPL2XtW33/I/tiftNcN0ZElLnzvSKJSSdVeyHkIFQVD/XnBcLuQwAm3MXW/BqLE/0SMFOdyRIn4B49RbokGuLPjUvo7CgXpNopb+xEeQJpuhWPDzTG5P0hit+jbb95dlHHo+1O2DWeyQrBIFfQNBk=
Received: from MN2PR00MB0688.namprd00.prod.outlook.com (2603:10b6:208:199::23) by BL0PR00MB0307.namprd00.prod.outlook.com (2603:10b6:207:1e::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3312.0; Mon, 10 Aug 2020 17:33:45 +0000
Received: from MN2PR00MB0688.namprd00.prod.outlook.com ([fe80::21a7:c5f5:46ed:7417]) by MN2PR00MB0688.namprd00.prod.outlook.com ([fe80::21a7:c5f5:46ed:7417%5]) with mapi id 15.20.3318.000; Mon, 10 Aug 2020 17:33:45 +0000
From: Mike Jones <Michael.Jones@microsoft.com>
To: Dick Hardt <dick.hardt@gmail.com>, Filip Skokan <panva.ip@gmail.com>
CC: oauth <oauth@ietf.org>
Thread-Topic: [OAUTH-WG] ECDH-1PU encryption algorithm
Thread-Index: AdZvPGNrmaieZepATZmREah+emUFTg==
Date: Mon, 10 Aug 2020 17:33:45 +0000
Message-ID: <MN2PR00MB068857CCC85EB4D127F633E6F5441@MN2PR00MB0688.namprd00.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ActionId=6c9f99f0-4b85-49b6-aff4-ed5275ccca96; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_ContentBits=0; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Enabled=true; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Method=Standard; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_Name=Internal; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SetDate=2020-08-10T17:29:38Z; MSIP_Label_f42aa342-8706-4288-bd11-ebb85995028c_SiteId=72f988bf-86f1-41af-91ab-2d7cd011db47;
authentication-results: gmail.com; dkim=none (message not signed) header.d=none;gmail.com; dmarc=none action=none header.from=microsoft.com;
x-originating-ip: [50.47.88.234]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: ef8d1b67-e60e-4589-280b-08d83d53885d
x-ms-traffictypediagnostic: BL0PR00MB0307:
x-microsoft-antispam-prvs: <BL0PR00MB0307083FADDD475B9B97E2CCF5441@BL0PR00MB0307.namprd00.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Ox2N3uK/HJS0na9oBoBHS5HJzBJjefNvq8gGh+pkCfzfXni2zuKMReeSucS8NjXiqgPf9cV3RMqy1td5N7dTqIdCD+KHo5tlv/imsl5gVYtejp/Fl/pnoG4llWxq3WquvJyoyePJR9/SonvxzgnkyzIekClFvWWdA6DI7Wk9HFXEXjZvgXCwsAhbh5GPHDbpfQueIXlCE1spsGSKe4wksAGdzvJ/fz/ns6P4X+Nn3qZjlWqIsNzZdxDZImsKprPP1JYnVsIjXiwLHC1CkNBlWRBdtTQHrURs1To1GMkZcxbpeRBuzGRx2hsQTc7KFm4x/mBeFiPuLMriGcUK382IeTQLX/gUbLxqaVv7LTQ1bIiW7cA7wmT3Y4R7qVvjzKGvzr2O8WL9hBS/6pZ8zZIVJA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:MN2PR00MB0688.namprd00.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(346002)(39860400002)(136003)(396003)(376002)(33656002)(5660300002)(2906002)(71200400001)(83380400001)(166002)(53546011)(6506007)(52536014)(82960400001)(82950400001)(478600001)(26005)(66946007)(86362001)(10290500003)(316002)(66556008)(66476007)(8990500004)(110136005)(186003)(8676002)(9686003)(64756008)(66446008)(4326008)(8936002)(55016002)(966005)(7696005)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: m+x/rNdNpZVXu6es7UerRFrwveVWZm9+J23K1H2O+qShfp1AjGhqYLuj64Z5GLF9J2YZrNMCg26kQZFUMuY6xXscf8iiISUJMY5+bJojCpATU2VcKg5ioSljFG5rAzkvdTHmp6O84l95JLQEM3S3ws7v/zpCtFoj87+oyaMECVjpodCrzYslrQsAK683L7cdadCnpjJKTENjJQIvvP06i/cr4oxUCzh3nzSWRncd+ib2Hk80cNHp41A4WegZSqKpXPkWGU4UwF6nhH6SeNlAwZwKG/5BRRKxBs31T0PMMnR4YSIsnbTtRQvIegoAoL/kUApDYciHyYUhMYD0001zq4TpDl91w5vYS/6ZhFgarA/YLxZlnh67FUIbhNJqOursSvQ+/MnmNFL4Fy+BjcbXscthQS5CKJy45UyuoPkDa8sZd7alXEnT86j/Og3OMggw4J5aBQGzEYEfIV/emEUAuqDjM6nSYOfzx9+iRWXAKeLJx2WwlTQSvJn0BrauPmPbZmiUNeyu3LMgrcSzxMk+07dg9KUHsreBxsrCSjUj8wT6HOM1bZv53E8r8zBHjfmygeUkCV6glq8rbw/N+zr+2izZa+L53KP8Fg0jqjWgjwYtXOyGsh2fZLf9QYQ2ZTAwOLTpaTC09nauAU/dfyfVvQ==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_MN2PR00MB068857CCC85EB4D127F633E6F5441MN2PR00MB0688namp_"
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: MN2PR00MB0688.namprd00.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: ef8d1b67-e60e-4589-280b-08d83d53885d
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2020 17:33:45.1634 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 72f988bf-86f1-41af-91ab-2d7cd011db47
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: G6aw1PzMlB0OdhdsdP8UTNRvzELvfKKpRI+LblTX5sge+K/lqRiAjnvzABcY0LYbs4AfXKVUkDxN4o1hO3HEiA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL0PR00MB0307
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/edHwO6tIW68sj7KbYDcNlu5OGoo>
Subject: Re: [OAUTH-WG] ECDH-1PU encryption algorithm
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Aug 2020 17:33:49 -0000

I’m likewise supportive of the work.  Note that COSE working group is currently open whereas JOSE is closed, so if you want working group review, I’d submit specs to COSE soon.

As background, I worked the spec https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-08 in COSE which also performs JOSE registrations.  So that’s definitely a viable path forward.  (This document is currently in AUTH48 status, and so is about to become an RFC.)

Filip, the JOSE working group closed after RFCs 7515-7518 and 7520 were completed.  Note that it’s possible to register algorithms, etc. in the IANA JOSE registries https://www.iana.org/assignments/jose/jose.xhtml without the spec coming from a working group – and indeed, without coming from a working group at all.

                                                          -- Mike

From: OAuth <oauth-bounces@ietf.org> On Behalf Of Dick Hardt
Sent: Monday, August 10, 2020 10:27 AM
To: Filip Skokan <panva.ip@gmail.com>
Cc: oauth <oauth@ietf.org>
Subject: Re: [OAUTH-WG] ECDH-1PU encryption algorithm

I'm supportive of this work.

It is not clear that it is in the charter of the OAuth WG.


On Mon, Aug 10, 2020 at 9:01 AM Filip Skokan <panva.ip@gmail.com<mailto:panva.ip@gmail.com>> wrote:
Hi Neil,

I'm interested in seeing both AES SIV and ECDH-1PU for JOSE. Not sure how to go about it tho since JOSE is a concluded WG.

Out of curiosity, why is it a concluded WG? Did IETF/JOSE WG not consider the need to further maintain/expand the JOSE algorithms as time goes on?

S pozdravem,
Filip Skokan


On Mon, 10 Aug 2020 at 10:29, Neil Madden <neil.madden@forgerock.com<mailto:neil.madden@forgerock.com>> wrote:
Thanks Vladimir,

Responses below

> On 8 Aug 2020, at 10:40, Vladimir Dzhuvinov <vladimir@connect2id.com<mailto:vladimir@connect2id.com>> wrote:
>
> Hi Neil,
>
> I definitely like the elegance of the proposed alg for JOSE, it provides
> something that isn't currently available in the various classes of algs
> made standard in JOSE.
>
> I also wanted to ask what's happening with AES SIV for JOSE, if there's
> traction / feedback / support there as well?
>
> https://tools.ietf.org/html/draft-madden-jose-siv-mode-02

Thanks for bringing this up. I’ve not received much feedback about this one, and I haven’t been very good at pushing it. If there is interest then I’d certainly be interested in bringing this forward too.

That draft might be a better fit for eg the COSE WG though, which could then also register identifiers for JOSE. What do you think?

>
> Vladimir
>
>
>>> On 05/08/2020 13:01, Neil Madden wrote:
>> Hi all,
>> You may remember me from such I-Ds
>> as https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03, which
>> proposes adding a new encryption algorithm to JOSE. I’d like to
>> reserve a bit of time to discuss it at one of the upcoming interim
>> meetings.
>> The basic idea is that in many cases in OAuth and OIDC you want to
>> ensure both confidentiality and authenticity of some token - for
>> example when transferring an ID token containing PII to the client
>> through the front channel, or for access tokens intended to be handled
>> by a specific RS without online token introspection (such as the JWT
>> access token draft). If you have a shared secret key between the AS
>> and the client/RS then you can use symmetric authenticated encryption
>> (alg=dir or alg=A128KW etc). But if you need to use public key
>> cryptography then currently you are limited to a nested
>> signed-then-encrypted JOSE structure, which produces much larger token
>> sizes.
>> The draft adds a new “public key authenticated encryption” mode based
>> on ECDH in the NIST standard “one-pass unified” model. The primary
>> advantage for OAuth usage is that the tokens produced are more compact
>> compared to signing+encryption (~30% smaller for typical access/ID
>> token sizes in compact serialization). Performance-wise, it’s roughly
>> equivalent. I know that size concerns are often a limiting factor in
>> choosing whether to encrypt tokens, so this should help.
>> In terms of implementation, it’s essentially just a few extra lines of
>> code compared to an ECDH-ES implementation. (Some JOSE library APIs
>> might need an adjustment to accommodate the extra private key needed
>> for encryption/public key for decryption).
>> I’ve received a few emails off-list from people interested in using it
>> for non-OAuth use-cases such as secure messaging applications. I think
>> these use-cases can be accommodated without significant changes, so I
>> think the OAuth WG would be a good venue for advancing this.
>> I’d be interested to hear thoughts and discussion on the list prior to
>> any discussion at an interim meeting.
>> — Neil

_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth
_______________________________________________
OAuth mailing list
OAuth@ietf.org<mailto:OAuth@ietf.org>
https://www.ietf.org/mailman/listinfo/oauth

v2.23.0 | Report a Bug | By Email