Re: [OAUTH-WG] ECDH-1PU encryption algorithm
Thibault Normand <thibault.normand@gmail.com> Fri, 21 August 2020 15:23 UTC
Return-Path: <thibault.normand@gmail.com>
X-Original-To: oauth@ietfa.amsl.com
Delivered-To: oauth@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A6D2E3A0B3D for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2020 08:23:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id osYx-xEddAp9 for <oauth@ietfa.amsl.com>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
Received: from mail-wm1-x341.google.com (mail-wm1-x341.google.com [IPv6:2a00:1450:4864:20::341]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2F1253A0A5E for <oauth@ietf.org>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
Received: by mail-wm1-x341.google.com with SMTP id 9so2279035wmj.5 for <oauth@ietf.org>; Fri, 21 Aug 2020 08:23:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=MPJXc/QoyCQN1YDNj3xu+7xmjp2+AkrdJWI06O34Uqc=; b=j07cwhI7M7j7b1/aLucPi+UtTkIuNwnPTReL/bGfJTy0QIxkvmkyIyLas2I4jDHB1l VS+369D5WC/GDQhgnUpVrbwaRjNi91bQRlMWy+2hMvgvj9ZUXwweKLmOigVpe7Sov3yp 9SxE9HACV4q5gae51Tg0w9UjSTkliXKoYSYONMp1zOiI9nJkPgSb6LDhGXWNysN6OO6f W0Buytp4velmE5mz6ADUg5hSAR3JSHPwXyx0onAOaXIX4qPM5eMWnpwOtmIEB7TGzKEa LuIFC61pImLV0zx3ny+Ap7la9Gsl7IN1KpKBRXsZdBMNuKL55xRzn5WiVjZtPbxDSt6g k+0g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=MPJXc/QoyCQN1YDNj3xu+7xmjp2+AkrdJWI06O34Uqc=; b=DLfGFqQFKcaskMmWpQe7jTdecpW7K1NY0Oj0+ehgVwPz1um8mSrvLaDi7CVWZFKEWn q8YCb/xWMeft2ejnapE3pySLwltNC2wD/rDnxbPx7d7K4tpEozmPMqWmeYLazaa7Tbad GrLx1UrzRmdzWdxWjG01gz4d3zISZqd9ML9IOraT5pjSuGb65vUaGlSCNTh816g2dTz6 tsZZ4euEWaH9HGIu5Nt734g8sRsVzOqYPwbyl+s7mdUBz+awraIAdOmUdMbxl/obUBdA Hqv88BRTdn5kAI5SaXgy8KLA4LRdeNiBx/IwdAASmEySiscad7hWaMXASbaeJreCFMTW dL3Q==
X-Gm-Message-State: AOAM53319IoBRLlYih/5nOyS9gPwMoNKvtbtDV2BXEaV8SwsFOHR//P1 aMjprq6LAtP3Yh+GfhpR7UJl0i2cFT8rd++I6Lk=
X-Google-Smtp-Source: ABdhPJxPnzw0eScU+CJicduAZBtje0Rx+3XOloghZuQWQDhHA+vAlyCkFbR3+P8JWBygjI4QrqJLEzsMLBzbzt21V24=
X-Received: by 2002:a7b:c40b:: with SMTP id k11mr3691643wmi.107.1598023391469; Fri, 21 Aug 2020 08:23:11 -0700 (PDT)
MIME-Version: 1.0
References: <MN2PR00MB068857CCC85EB4D127F633E6F5441@MN2PR00MB0688.namprd00.prod.outlook.com>
In-Reply-To: <MN2PR00MB068857CCC85EB4D127F633E6F5441@MN2PR00MB0688.namprd00.prod.outlook.com>
From: Thibault Normand <thibault.normand@gmail.com>
Date: Fri, 21 Aug 2020 17:23:00 +0200
Message-ID: <CADMp+sJrNqsw4=9jEiQNXKNU8p3RvTbXxVRH=B+Z-ESGAj+e2w@mail.gmail.com>
To: Mike Jones <Michael.Jones=40microsoft.com@dmarc.ietf.org>
Cc: Dick Hardt <dick.hardt@gmail.com>, Filip Skokan <panva.ip@gmail.com>, oauth <oauth@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000097644405ad64d056"
Archived-At: <https://mailarchive.ietf.org/arch/msg/oauth/cE4GaJWF_3zJzxVeaeNNs_yUkRU>
Subject: Re: [OAUTH-WG] ECDH-1PU encryption algorithm
X-BeenThere: oauth@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: OAUTH WG <oauth.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/oauth>, <mailto:oauth-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/oauth/>
List-Post: <mailto:oauth@ietf.org>
List-Help: <mailto:oauth-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/oauth>, <mailto:oauth-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 21 Aug 2020 15:23:16 -0000
Hello, Id' like to add that I've made a Gist with a one file implementation in Go to try to make it simple to understand. https://gist.github.com/Zenithar/cf58b003fcf341a3b1593c30b50b0820 I hope it helps new users Regards, Le lun. 10 août 2020 à 19:34, Mike Jones <Michael.Jones= 40microsoft.com@dmarc.ietf.org> a écrit : > I’m likewise supportive of the work. Note that COSE working group is > currently open whereas JOSE is closed, so if you want working group review, > I’d submit specs to COSE soon. > > > > As background, I worked the spec > https://tools.ietf.org/html/draft-ietf-cose-webauthn-algorithms-08 in > COSE which also performs JOSE registrations. So that’s definitely a viable > path forward. (This document is currently in AUTH48 status, and so is > about to become an RFC.) > > > > Filip, the JOSE working group closed after RFCs 7515-7518 and 7520 were > completed. Note that it’s possible to register algorithms, etc. in the > IANA JOSE registries https://www.iana.org/assignments/jose/jose.xhtml > without the spec coming from a working group – and indeed, without coming > from a working group at all. > > > > -- Mike > > > > *From:* OAuth <oauth-bounces@ietf.org> *On Behalf Of * Dick Hardt > *Sent:* Monday, August 10, 2020 10:27 AM > *To:* Filip Skokan <panva.ip@gmail.com> > *Cc:* oauth <oauth@ietf.org> > *Subject:* Re: [OAUTH-WG] ECDH-1PU encryption algorithm > > > > I'm supportive of this work. > > > > It is not clear that it is in the charter of the OAuth WG. > > > > > > On Mon, Aug 10, 2020 at 9:01 AM Filip Skokan <panva.ip@gmail.com> wrote: > > Hi Neil, > > > > I'm interested in seeing both AES SIV and ECDH-1PU for JOSE. Not sure how > to go about it tho since JOSE is a concluded WG. > > > > Out of curiosity, why is it a concluded WG? Did IETF/JOSE WG not consider > the need to further maintain/expand the JOSE algorithms as time goes on? > > > S pozdravem, > *Filip Skokan* > > > > > > On Mon, 10 Aug 2020 at 10:29, Neil Madden <neil.madden@forgerock.com> > wrote: > > Thanks Vladimir, > > Responses below > > > On 8 Aug 2020, at 10:40, Vladimir Dzhuvinov <vladimir@connect2id.com> > wrote: > > > > Hi Neil, > > > > I definitely like the elegance of the proposed alg for JOSE, it provides > > something that isn't currently available in the various classes of algs > > made standard in JOSE. > > > > I also wanted to ask what's happening with AES SIV for JOSE, if there's > > traction / feedback / support there as well? > > > > https://tools.ietf.org/html/draft-madden-jose-siv-mode-02 > > Thanks for bringing this up. I’ve not received much feedback about this > one, and I haven’t been very good at pushing it. If there is interest then > I’d certainly be interested in bringing this forward too. > > That draft might be a better fit for eg the COSE WG though, which could > then also register identifiers for JOSE. What do you think? > > > > > Vladimir > > > > > >>> On 05/08/2020 13:01, Neil Madden wrote: > >> Hi all, > >> You may remember me from such I-Ds > >> as https://tools.ietf.org/html/draft-madden-jose-ecdh-1pu-03, which > >> proposes adding a new encryption algorithm to JOSE. I’d like to > >> reserve a bit of time to discuss it at one of the upcoming interim > >> meetings. > >> The basic idea is that in many cases in OAuth and OIDC you want to > >> ensure both confidentiality and authenticity of some token - for > >> example when transferring an ID token containing PII to the client > >> through the front channel, or for access tokens intended to be handled > >> by a specific RS without online token introspection (such as the JWT > >> access token draft). If you have a shared secret key between the AS > >> and the client/RS then you can use symmetric authenticated encryption > >> (alg=dir or alg=A128KW etc). But if you need to use public key > >> cryptography then currently you are limited to a nested > >> signed-then-encrypted JOSE structure, which produces much larger token > >> sizes. > >> The draft adds a new “public key authenticated encryption” mode based > >> on ECDH in the NIST standard “one-pass unified” model. The primary > >> advantage for OAuth usage is that the tokens produced are more compact > >> compared to signing+encryption (~30% smaller for typical access/ID > >> token sizes in compact serialization). Performance-wise, it’s roughly > >> equivalent. I know that size concerns are often a limiting factor in > >> choosing whether to encrypt tokens, so this should help. > >> In terms of implementation, it’s essentially just a few extra lines of > >> code compared to an ECDH-ES implementation. (Some JOSE library APIs > >> might need an adjustment to accommodate the extra private key needed > >> for encryption/public key for decryption). > >> I’ve received a few emails off-list from people interested in using it > >> for non-OAuth use-cases such as secure messaging applications. I think > >> these use-cases can be accommodated without significant changes, so I > >> think the OAuth WG would be a good venue for advancing this. > >> I’d be interested to hear thoughts and discussion on the list prior to > >> any discussion at an interim meeting. > >> — Neil > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > > _______________________________________________ > OAuth mailing list > OAuth@ietf.org > https://www.ietf.org/mailman/listinfo/oauth > -- Thibault Normand "Il existe moins bien mais c'est plus cher !" http://www.zenithar.org
- [OAUTH-WG] ECDH-1PU encryption algorithm Neil Madden
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Vladimir Dzhuvinov
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Dave Tonge
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Neil Madden
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Filip Skokan
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Dick Hardt
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Mike Jones
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Vladimir Dzhuvinov
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Matthew A. Miller
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Neil Madden
- Re: [OAUTH-WG] ECDH-1PU encryption algorithm Thibault Normand