IETF Logo Mail Archive

Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 08 June 2021 00:58 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 82D523A19BA for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 17:58:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gnrn5f-OwjVY for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 17:58:26 -0700 (PDT)
Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2BC63A19BB for <saag@ietf.org>; Mon, 7 Jun 2021 17:58:25 -0700 (PDT)
Received: by mail-yb1-f176.google.com with SMTP id m9so21221378ybo.5 for <saag@ietf.org>; Mon, 07 Jun 2021 17:58:25 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=GOFyZ7YbXdKr6vWwJh1htyzNFjZ2/TgJbV8cc/pfujo=; b=i7l/wbCyXmY3G/FK3q5teetJZHHSBCF86SuYxvOTgE2mNqG//O/fKSN8+1OiuGDocX irnf8xi7jqKj8itBBcXx9dqWVb1HSIV6H6j1vwXJpHQIa07WT4hOzWUFmrVmZJTiLLsq igwXisRZpE+SnaKDhmzcAZxYuhTfAKf6tNbh/+FEY0mmLbdbEdHi8jFLRYWhfv29U9n6 vGwMvWAcOFXtZy/LybBJbeZQA4FY9ZtL8kCahG3AsBpmZpm1F0ToZYjdrWht0wTEx2+k 6ykN1dVus/42R0L4kOiy7a4D+Awt6yEx0LocuOxleN70cao2yu2oZgLT2jnaGk/1/5zn v/HA==
X-Gm-Message-State: AOAM531tmb6DOZlHIi1ufrWFn0fYmRPRDA8WPBLfxbP/o7KjI1722NPc aQrcyaV6yLjN2j4Cis2G7fcoFWFxSYG8f8dDoGI=
X-Google-Smtp-Source: ABdhPJxJyzwuJWSK/1zvlcYVpbtk96mINRWhw11reFuPOGiDbuKGa3PcV6CZGdUsbGI3VtKr45J/i2AgDdWRpdfWSlY=
X-Received: by 2002:a05:6902:102a:: with SMTP id x10mr26147812ybt.213.1623113904559; Mon, 07 Jun 2021 17:58:24 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+Lwizfw6=T28gGOgeGZ=4CEHsQ5BoWcAt5mOWbyJHLVJmuQ@mail.gmail.com> <CE8CC19F-4D05-4E71-84E3-5087F3576E02@gmail.com>
In-Reply-To: <CE8CC19F-4D05-4E71-84E3-5087F3576E02@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 07 Jun 2021 20:58:12 -0400
Message-ID: <CAMm+LwgUwj8w-2k63PN7EkOQzrD1-QW+EsXwx_K8fgkZCp0HzA@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: IETF SAAG <saag@ietf.org>, IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000b61aed05c436a7be"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/PVAfkVMV-3wIsvKe-LiSoGAYC4k>
Subject: Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Jun 2021 00:58:28 -0000

On Mon, Jun 7, 2021 at 10:02 AM Neil Madden <neil.e.madden@gmail.com> wrote:

> Unless there is a compelling reason to do so, I’d prefer that registering
> algorithm identifiers for JOSE be a manual (and rare) step. JOSE provides
> no way for consumers to advertise which Encryption Methods they support
> (“enc” - which is what OCB would be), so adding new options here can only
> harm interoperability.
>
> (This is in contrast to key agreement algorithms - “alg” - as these can be
> advertised in the JSON Web Key metadata).
>

I don't agree. JOSE has no algorithm negotiation mechanism because it is a
format, not a protocol. After we went through the whole
recommended/required algorithm thing on JOSE, it suddenly occurred to me
that this was precisely none of JOSE's business. It is for the protocols
and services built using XML Signature, JOSE, CMS etc. to decide what
algorithms to require and/or recommend.

JWK is a protocol built on top of JOSE, so it makes sense for that protocol
to specify recommended algorithms. But the recommendations made in the JOSE
spec have absolutely no bearing on the Mesh which uses parts of JOSE
because being written six years later, the state of the art has moved on.
The Mesh does not support RSA at all and the elliptic curve algs are X448
and Ed448. The curve 25519 versions are not supported for profile signing,
etc. etc.

I would expect the same to apply in the COSE world. Merely defining a code
point for JOSE or CMS does not make a statement about the algorithm
recommendation status. All it does is specify the one canonical identifier
every application will use. It is not at all important what that identifier
is (provided it is not an absurd length) it is critical that everyone use
the same identifier though.

v2.23.0 | Report a Bug | By Email