IETF Logo Mail Archive

Re: [OAUTH-WG] ECDH-1PU encryption algorithm

Thibault Normand <thibault.normand@gmail.com> Fri, 21 August 2020 15:23 UTC

Return-Path: <thibault.normand@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6D2E3A0B3D for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2020 08:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id osYx-xEddAp9 for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1253A0A5E for <oauth@ietf.org>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
Received: by mail-wm1-x341.google.com with SMTP id 9so2279035wmj.5 for <oauth@ietf.org>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MPJXc/QoyCQN1YDNj3xu+7xmjp2+AkrdJWI06O34Uqc=; b=j07cwhI7M7j7b1/aLucPi+UtTkIuNwnPTReL/bGfJTy0QIxkvmkyIyLas2I4jDHB1l VS+369D5WC/GDQhgnUpVrbwaRjNi91bQRlMWy+2hMvgvj9ZUXwweKLmOigVpe7Sov3yp 9SxE9HACV4q5gae51Tg0w9UjSTkliXKoYSYONMp1zOiI9nJkPgSb6LDhGXWNysN6OO6f W0Buytp4velmE5mz6ADUg5hSAR3JSHPwXyx0onAOaXIX4qPM5eMWnpwOtmIEB7TGzKEa LuIFC61pImLV0zx3ny+Ap7la9Gsl7IN1KpKBRXsZdBMNuKL55xRzn5WiVjZtPbxDSt6g k+0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MPJXc/QoyCQN1YDNj3xu+7xmjp2+AkrdJWI06O34Uqc=; b=DLfGFqQFKcaskMmWpQe7jTdecpW7K1NY0Oj0+ehgVwPz1um8mSrvLaDi7CVWZFKEWn q8YCb/xWMeft2ejnapE3pySLwltNC2wD/rDnxbPx7d7K4tpEozmPMqWmeYLazaa7Tbad GrLx1UrzRmdzWdxWjG01gz4d3zISZqd9ML9IOraT5pjSuGb65vUaGlSCNTh816g2dTz6 tsZZ4euEWaH9HGIu5Nt734g8sRsVzOqYPwbyl+s7mdUBz+awraIAdOmUdMbxl/obUBdA Hqv88BRTdn5kAI5SaXgy8KLA4LRdeNiBx/IwdAASmEySiscad7hWaMXASbaeJreCFMTW dL3Q==
X-Gm-Message-State: AOAM53319IoBRLlYih/5nOyS9gPwMoNKvtbtDV2BXEaV8SwsFOHR//P1 aMjprq6LAtP3Yh+GfhpR7UJl0i2cFT8rd++I6Lk=
X-Google-Smtp-Source: ABdhPJxPnzw0eScU+CJicduAZBtje0Rx+3XOloghZuQWQDhHA+vAlyCkFbR3+P8JWBygjI4QrqJLEzsMLBzbzt21V24=
X-Received: by 2002:a7b:c40b:: with SMTP id k11mr3691643wmi.107.1598023391469; Fri, 21 Aug 2020 08:23:11 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR00MB068857CCC85EB4D127F633E6F5441@MN2PR00MB0688.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB068857CCC85EB4D127F633E6F5441@MN2PR00MB0688.namprd00.prod.outlook.com>
From: Thibault Normand <thibault.normand@gmail.com>
Date: Fri, 21 Aug 2020 17:23:00 +0200
Message-ID: <CADMp+sJrNqsw4=9jEiQNXKNU8p3RvTbXxVRH=B+Z-ESGAj+e2w@mail.gmail.com>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Cc: Dick Hardt <dick.hardt@gmail.com>, Filip Skokan <panva.ip@gmail.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000097644405ad64d056"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cE4GaJWF_3zJzxVeaeNNs_yUkRU>
Subject: Re: [OAUTH-WG] ECDH-1PU encryption algorithm
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 15:23:16 -0000

Hello,

Id' like to add that I've made a Gist with a one file implementation in Go
to try to make it simple to understand.
https://gist.github.com/Zenithar/cf58b003fcf341a3b1593c30b50b0820

I hope it helps new users
Regards,

Le lun. 10 août 2020 à 19:34, Mike Jones <Michael.Jones=
40microsoft.com@dmarc.ietf.org> a écrit :

> I’m likewise supportive of the work.  Note that COSE working group is
> currently open whereas JOSE is closed, so if you want working group review,
> I’d submit specs to COSE soon.
>
>
>
> As background, I worked the spec
> https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-08 in
> COSE which also performs JOSE registrations.  So that’s definitely a viable
> path forward.  (This document is currently in AUTH48 status, and so is
> about to become an RFC.)
>
>
>
> Filip, the JOSE working group closed after RFCs 7515-7518 and 7520 were
> completed.  Note that it’s possible to register algorithms, etc. in the
> IANA JOSE registries https://www.iana.org/assignments/jose/jose.xhtml
> without the spec coming from a working group – and indeed, without coming
> from a working group at all.
>
>
>
>                                                           -- Mike
>
>
>
> *From:* OAuth <oauth-bounces@ietf.org> *On Behalf Of * Dick Hardt
> *Sent:* Monday, August 10, 2020 10:27 AM
> *To:* Filip Skokan <panva.ip@gmail.com>
> *Cc:* oauth <oauth@ietf.org>
> *Subject:* Re: [OAUTH-WG] ECDH-1PU encryption algorithm
>
>
>
> I'm supportive of this work.
>
>
>
> It is not clear that it is in the charter of the OAuth WG.
>
>
>
>
>
> On Mon, Aug 10, 2020 at 9:01 AM Filip Skokan <panva.ip@gmail.com> wrote:
>
> Hi Neil,
>
>
>
> I'm interested in seeing both AES SIV and ECDH-1PU for JOSE. Not sure how
> to go about it tho since JOSE is a concluded WG.
>
>
>
> Out of curiosity, why is it a concluded WG? Did IETF/JOSE WG not consider
> the need to further maintain/expand the JOSE algorithms as time goes on?
>
>
> S pozdravem,
> *Filip Skokan*
>
>
>
>
>
> On Mon, 10 Aug 2020 at 10:29, Neil Madden <neil.madden@forgerock.com>
> wrote:
>
> Thanks Vladimir,
>
> Responses below
>
> > On 8 Aug 2020, at 10:40, Vladimir Dzhuvinov <vladimir@connect2id.com>
> wrote:
> >
> > Hi Neil,
> >
> > I definitely like the elegance of the proposed alg for JOSE, it provides
> > something that isn't currently available in the various classes of algs
> > made standard in JOSE.
> >
> > I also wanted to ask what's happening with AES SIV for JOSE, if there's
> > traction / feedback / support there as well?
> >
> > https://tools.ietf.org/html/draft-madden-jose-siv-mode-02
>
> Thanks for bringing this up. I’ve not received much feedback about this
> one, and I haven’t been very good at pushing it. If there is interest then
> I’d certainly be interested in bringing this forward too.
>
> That draft might be a better fit for eg the COSE WG though, which could
> then also register identifiers for JOSE. What do you think?
>
> >
> > Vladimir
> >
> >
> >>> On 05/08/2020 13:01, Neil Madden wrote:
> >> Hi all,
> >> You may remember me from such I-Ds
> >> as https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03, which
> >> proposes adding a new encryption algorithm to JOSE. I’d like to
> >> reserve a bit of time to discuss it at one of the upcoming interim
> >> meetings.
> >> The basic idea is that in many cases in OAuth and OIDC you want to
> >> ensure both confidentiality and authenticity of some token - for
> >> example when transferring an ID token containing PII to the client
> >> through the front channel, or for access tokens intended to be handled
> >> by a specific RS without online token introspection (such as the JWT
> >> access token draft). If you have a shared secret key between the AS
> >> and the client/RS then you can use symmetric authenticated encryption
> >> (alg=dir or alg=A128KW etc). But if you need to use public key
> >> cryptography then currently you are limited to a nested
> >> signed-then-encrypted JOSE structure, which produces much larger token
> >> sizes.
> >> The draft adds a new “public key authenticated encryption” mode based
> >> on ECDH in the NIST standard “one-pass unified” model. The primary
> >> advantage for OAuth usage is that the tokens produced are more compact
> >> compared to signing+encryption (~30% smaller for typical access/ID
> >> token sizes in compact serialization). Performance-wise, it’s roughly
> >> equivalent. I know that size concerns are often a limiting factor in
> >> choosing whether to encrypt tokens, so this should help.
> >> In terms of implementation, it’s essentially just a few extra lines of
> >> code compared to an ECDH-ES implementation. (Some JOSE library APIs
> >> might need an adjustment to accommodate the extra private key needed
> >> for encryption/public key for decryption).
> >> I’ve received a few emails off-list from people interested in using it
> >> for non-OAuth use-cases such as secure messaging applications. I think
> >> these use-cases can be accommodated without significant changes, so I
> >> think the OAuth WG would be a good venue for advancing this.
> >> I’d be interested to hear thoughts and discussion on the list prior to
> >> any discussion at an interim meeting.
> >> — Neil
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>
> _______________________________________________
> OAuth mailing list
> OAuth@ietf.org
> https://www.ietf.org/mailman/listinfo/oauth
>


-- 
Thibault Normand
"Il existe moins bien mais c'est plus cher !"
http://www.zenithar.org

v2.23.0 | Report a Bug | By Email