IETF Logo Mail Archive

Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem

Phillip Hallam-Baker <phill@hallambaker.com> Sat, 12 June 2021 03:52 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E1C43A1BAF for <saag@ietfa.amsl.com>; Fri, 11 Jun 2021 20:52:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.401
X-Spam-Level:
X-Spam-Status: No, score=-1.401 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.248, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Jlv-Ti-QraVN for <saag@ietfa.amsl.com>; Fri, 11 Jun 2021 20:52:53 -0700 (PDT)
Received: from mail-yb1-f176.google.com (mail-yb1-f176.google.com [209.85.219.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B82633A1BAD for <saag@ietf.org>; Fri, 11 Jun 2021 20:52:53 -0700 (PDT)
Received: by mail-yb1-f176.google.com with SMTP id c14so7182034ybk.3 for <saag@ietf.org>; Fri, 11 Jun 2021 20:52:53 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=cPQMhmndeSurZz02e5aIqLSF9L6+yazrn3Y1apcB924=; b=LvtoB8KxbjeECkWmo7n2pTcQQK0ogLAcZlHVxRiy7q3yU8JxKBJNixrqVbAy/rriq2 +ZJ6rYDDASWSWTmEApYF9vzdAyMDsNEVCBzkKLfc8KAZvdgfSJkOKXIA90uUnFoJSAV9 2rrDSxQmGfFgfAlTa1rKe2awFAhO1cfhdHjorpRe3Ru5W095u0838AMnO0lzKZTftfzR 6+tkBaAxbbfcxP7/cW/bkUkTXt9S8n994czWI73nyMLrEzlQEemtQ4se2j2siZpUDd9C 1FGP5dsiNRZklFWCg50rMx11V5gQVCYXQfa9ZZaEtfNNpnivKKnEo3gim2bObqVlOKdP eorw==
X-Gm-Message-State: AOAM532VRMi8od509UFnz25UueQo+4WHyZT/5IwMB9Eq6fc8SZ6kYDb6 Tlm80vRW42ld4z67JaiRu1QLOzjMsHwBhU0T8nI=
X-Google-Smtp-Source: ABdhPJybJYAotYgKGh4TpLwrGcbD14vOXF6k0e2P08MbhfrTCZ06P0WSJDU6H2d6Ue9wcSlcUtP+jZEcEhpo1mLownk=
X-Received: by 2002:a25:660b:: with SMTP id a11mr10189838ybc.172.1623469972744; Fri, 11 Jun 2021 20:52:52 -0700 (PDT)
MIME-Version: 1.0
References: <CAMm+LwgUwj8w-2k63PN7EkOQzrD1-QW+EsXwx_K8fgkZCp0HzA@mail.gmail.com> <D7B065DF-F0D8-451B-ADFA-2382A6440F10@gmail.com> <CAMm+Lwj0f73a9mAtCtruEGVRhWiMixkqTD97zTCm3ULWMqMcRA@mail.gmail.com> <E1AB703D-FCC4-4787-AA18-7A681E5C8691@gmail.com>
In-Reply-To: <E1AB703D-FCC4-4787-AA18-7A681E5C8691@gmail.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 11 Jun 2021 23:52:41 -0400
Message-ID: <CAMm+LwjJqRYpSfZMhv8oAXa+KuvfL38-U=_SR-PVHM41=j9A4w@mail.gmail.com>
To: Neil Madden <neil.e.madden@gmail.com>
Cc: IETF SAAG <saag@ietf.org>, IRTF CFRG <Cfrg@irtf.org>
Content-Type: multipart/alternative; boundary="0000000000000770dc05c4898f3f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/qFXXYblP-Rp4eGsH8fNDjXcHp4w>
Subject: Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 12 Jun 2021 03:52:58 -0000

On Fri, Jun 11, 2021 at 6:00 AM Neil Madden <neil.e.madden@gmail.com> wrote:

> On 8 Jun 2021, at 17:36, Phillip Hallam-Baker <phill@hallambaker.com>
> wrote:
>
>
>
> Not at all. My point is that the purpose of a registry is limited to
> assigning a signifier to one or more signified. It is not for IANA to
> specify that RSA is required or not, that is a WG decision.
>
>
> And yet that is exactly what is recorded in the IANA JOSE registry. I
> appreciate that you’d like things to be different, but that’s not the
> reality today. A WG established the IANA registry and set up the procedures
> by which alterations to it are made, as described in RFC 7518 that
> established the registry (p34):
>

Yes, like I said. It was a mistake. There is no need to compound it.

> And merely assigning a code point does not change the recommendations for
> implementing algorithms in a 'JOSE Library'.
>
> It absolutely does in this case.
>

Only because there is a column giving the recommendation status. My point
is that is a mistake.

By your own admission the Mesh is doing something entirely non-standard
> with JOSE anyway, so you are also free to also adopt OCB as a non-standard
> algorithm.
>

It will become the standard if people use it. Which is precisely the point:
Code point registrations are properties of algorithms, not one particular
protocol that might use them. There should never have been a JOSE algorithm
registry in the first place, it should have been a registry of algorithms
that JOSE was merely the first consumer of.

I remember when the IANA Content Type Registry was the MIME Type. If MIME
had made recommendations for supported types, should those have been
binding on the Web?

v2.23.0 | Report a Bug | By Email