[saag] OCB does not have an OID specified, that is a general problem
Phillip Hallam-Baker <phill@hallambaker.com> Mon, 07 June 2021 12:51 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 96F573A14AC for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 05:51:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.402
X-Spam-Level:
X-Spam-Status: No, score=-1.402 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0mrbdcMJWTgl for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 05:51:43 -0700 (PDT)
Received: from mail-yb1-f181.google.com (mail-yb1-f181.google.com [209.85.219.181]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0AC083A14A2 for <saag@ietf.org>; Mon, 7 Jun 2021 05:51:42 -0700 (PDT)
Received: by mail-yb1-f181.google.com with SMTP id g142so5418447ybf.9 for <saag@ietf.org>; Mon, 07 Jun 2021 05:51:42 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ka/7/+M/iDsu51gto3/eiXlYeFMP8tYa3RQm9tW9ETk=; b=rRonuz1kNqrlllZXZzylUWddWtaAC+KO4jJYrVFy1OHgJToMQlabdWOdPAcycf/ezJ VJ/agguCysJ8SrA+X9JG5n8xK4VLlTpY+cdpqIy+fFKKt7lRKmrLma4QT+DcbNCWoLkm G7rT3zcSGmTFEMUAkeX6fXJW9hObThkwZQV0TE7XmQHZhrgQi5cDkv+DHdgKz4mzI6bC qdFLolx9Zx2FdmJ/OoDcuj7NcFBdUJT5qjzCbAB/afITdE8/MKcXGxzCNTq2kq/fR+QO BE0/TS+621O5zJYEVoHu4rYVJ1PGxD4emRURWikMPdyTuhITjIXGzy/38vUV6Er8btO9 J+pg==
X-Gm-Message-State: AOAM5312w1GkDYc+rNlCzVMy+RNe/yo3D2Z64Wku0l7cYbVq/eniioUB 3l0tV+XiyeqC8EILq9h0DZjzD/HA4Q5tLX78Mhlffzfg6mNabA==
X-Google-Smtp-Source: ABdhPJxkFPDH7FstnW6s24oETNXEhUcxJI9zSAfmlUKMDGvsBFpMhzvn7J1T4QlHynS4VDxX3h1k2IzFiNNKdMA8xyA=
X-Received: by 2002:a25:850b:: with SMTP id w11mr22834104ybk.518.1623070301754; Mon, 07 Jun 2021 05:51:41 -0700 (PDT)
MIME-Version: 1.0
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 07 Jun 2021 08:51:30 -0400
Message-ID: <CAMm+Lwizfw6=T28gGOgeGZ=4CEHsQ5BoWcAt5mOWbyJHLVJmuQ@mail.gmail.com>
To: IETF SAAG <saag@ietf.org>, IRTF CFRG <cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="000000000000c8190305c42c8068"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/_vD6tDzvRKvcZF8QAFjpObGqnyE>
Subject: [saag] OCB does not have an OID specified, that is a general problem
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 12:51:48 -0000
Raising this in SAAG because this raises a policy issue and CFRG because that is where the policy should be enforced. It is also relevant to LAMPS but trying to avoid cross posting as everyone on the LAMPS list is likely on SAAG. rfc7253 specifies OCB mode. But there is no OID specified to use OCB with CMS, nor are there identifiers for use with JOSE. This is problematic to say the least. If an algorithm is worth publishing as an RFC, there should be definitive identifiers for general purpose packaging formats specified in that RFC. I would like to propose that in future assignment of relevant OIDs and JOSE identifiers be considered a requirement for similar work. If a spec for a symmetric mode isn't sufficiently specified to enable interoperable implementation in CMS and JOSE, it is not sufficiently specified to be an RFC. This would not cover TLS, IPSEC etc. since they have rather different considerations. Algorithms are curated and selected as suites for TLS for a start. I am not a fan of having multiple registries for specifying identifiers for algorithms. In fact if I had my way, there would be a single IANA text registry because while we could write a spec for a cryptographic algorithm and call it SMTP, that would be silly. It seems to me that one registry for the ASN.1 identifiers and one for text based identifiers is sufficient for all reasonable purposes. To the extent that XML signature and encryption are still a thing, well why don't we just specify a generic URN scheme for IANA registries and have done.
- [saag] OCB does not have an OID specified, that i… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Salz, Rich
- Re: [saag] [CFRG] OCB does not have an OID specif… Roman Danyliw
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Carsten Bormann
- Re: [saag] [CFRG] OCB does not have an OID specif… Richard Outerbridge
- Re: [saag] OCB does not have an OID specified, th… Russ Housley
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker