[saag] Public key parameters in the signature algorithm —that is the question
John Mattsson <john.mattsson@ericsson.com> Wed, 23 June 2021 20:35 UTC
Return-Path: <john.mattsson@ericsson.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id D7C383A3FA1
for <saag@ietfa.amsl.com>; Wed, 23 Jun 2021 13:35:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.298
X-Spam-Level:
X-Spam-Status: No, score=-2.298 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.198, DKIM_SIGNED=0.1,
DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001,
RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key)
header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id Dsy6TwHqw3kB for <saag@ietfa.amsl.com>;
Wed, 23 Jun 2021 13:35:30 -0700 (PDT)
Received: from EUR02-AM5-obe.outbound.protection.outlook.com
(mail-eopbgr00060.outbound.protection.outlook.com [40.107.0.60])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 0E37E3A3FA4
for <saag@ietf.org>; Wed, 23 Jun 2021 13:35:29 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none;
b=NcWZIDPQyl852c/wLWp1/OmQOdB1Y0h9qVKN2P+q9oQL2w92KBUWJYdZgmsqKx2h4t42LblF4ztvEwlumMu2YMB9M+CkjttTy4W5czqNkgAoXQHKVKQg8VR2X4N5whjLYIv3cpJoUuoxs5sWTOqXLxqO08DKTrpZLGi3/XKeaMbYztbs81DlMMYmUzwUeOa8se8chkIUOWjqMhkQLEyPWETIr52QBGo87Lu/sCk8Bjykq6qwnbfQ7gdjeONFZI09jQgZoNxbXEgar36rSv0oNQ24slXNwQy8/jZ7/ZSoGW/e4h2DCSeC8Hz10NADo80ydiPhqDJJTGolnBHX9URDpQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com;
s=arcselector9901;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=XseXl7DqX3ro13y+KcbdJGeRy3VhM2yluPVjoEthU/g=;
b=Wj0siXTTSJKBrUy4OcOtgeu1g9upXuX8QzS160ug9VIzH5axhl4pdOjqN/vNrMFbqij1RWGqJWUP029cpM9MsOUht2pEW8Bxe8bT0a73/KuWXRrAza+zgCeT3ASTVgR6zJr1uE1aGcZkrM8afPw+86VLFR1TipIXB6Ht/Ol7ObVh7Vibjx7UKfvEvnSbVFJY+AmWRFktTGyRMb6w37wu523G+0qgXFmY2MObp9knrC3DxmSWyMyVz9NLUsU5IOX1/X/503TVwd6EzHl9CQ28HBd6oawGJSrMfk9F39WiI8wkDgspSKm3QYnpDpFxAFPIDVSzKT33NT/Kc3NZv2yRNA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass
smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com;
dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com;
s=selector1;
h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck;
bh=XseXl7DqX3ro13y+KcbdJGeRy3VhM2yluPVjoEthU/g=;
b=AaqUv69H3D29abZl1iC0SMrjSGOcBCcgyd78k5oQWXRAGxESh4ggJ9Ee5GOGEmQKgdC7xa51kfqru7G02hw1ECJqlqLnatGzcSOhe+aWJxaylEwAwvM3Y6yPHU+QCser7JDIwJS0txHCoDWXPZAcL4/dcCXiwandQNwpEEHIWT8=
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com (2603:10a6:3:4b::8)
by HE1PR07MB4362.eurprd07.prod.outlook.com (2603:10a6:7:9a::30) with
Microsoft SMTP Server (version=TLS1_2,
cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4264.16; Wed, 23 Jun
2021 20:35:24 +0000
Received: from HE1PR0701MB3050.eurprd07.prod.outlook.com
([fe80::b071:a4a:817d:2d3]) by HE1PR0701MB3050.eurprd07.prod.outlook.com
([fe80::b071:a4a:817d:2d3%11]) with mapi id 15.20.4264.019; Wed, 23 Jun 2021
20:35:24 +0000
From: John Mattsson <john.mattsson@ericsson.com>
To: saag <saag@ietf.org>
Thread-Topic: =?Windows-1252?Q?Public_key_parameters_in_the_signature_algorithm_=97that?=
=?Windows-1252?Q?_is_the_question?=
Thread-Index: AQHXaG6TVNtv3OZw7Ua53LZ9cSb8aA==
Date: Wed, 23 Jun 2021 20:35:24 +0000
Message-ID: <HE1PR0701MB30506C4D58CF5F9CF476CAD689089@HE1PR0701MB3050.eurprd07.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed)
header.d=none;ietf.org; dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 63b3c9d1-4ece-40a6-46ef-08d936866d99
x-ms-traffictypediagnostic: HE1PR07MB4362:
x-microsoft-antispam-prvs: <HE1PR07MB43622BED8502EE58EA3AF59889089@HE1PR07MB4362.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: psSmuk1e/omrHFNyYb/1SZ25vPxnIm9N2BwYbsXd2ck5V0/oooxO7D/Mi3yE/oILb3SftPy+zTlSOi1CMz0Hw+YdKdXacSSK5Llupf2VLxQl5NcJnf6Zrs26QJs5Rkr+TIGy8ihrsBlIZlXAKKGH6GvMWYjNxR+Fx2O8Se8s+AnbBzD5RyGgy3/5FsJTfoV6JSTOj2HAWYqszjn6quKVjKbnOpL5aNWcDU2d5zd5csfCOb9wnAgh8qoVLh4D4C4zOGQTpcpZ+CExziPZ9tK6xqJzh2iQdLbJZ5RioVLOgmlCiGxRsP+KNT31KqeY23LMc+rMB02XEmACN6iOn9YZj/QBL9nXdanK/v/lS6S7F8D9owtmZ9w0CtIGwD8BCTy7/ziXn948eamdFFRosUXQYzRSSFDJr0gKqIDZmCbqXcjI5Sskt0QMC+L61+ueHzAmOYADOLh5tJHBkIIxXyXEymnrOFxvLWPEcOGrmW/PcS2bTfalT44rwRAvBNRc3eJi+1FCE93wFuf9VJKuUUNzz7O15STthM8Jsp4xkNdsTLebue4R75mnoDY9flaEgC8QWICtVpaq0XIYqdmWYxN8dxtr3+fpTkmCqNqoHLL5T1JoFRQNfsWqyWd8EXbnizHpTLfNLbv9lvY18FfQrG47mg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
IPV:NLI; SFV:NSPM;
H:HE1PR0701MB3050.eurprd07.prod.outlook.com; PTR:; CAT:NONE;
SFS:(4636009)(366004)(396003)(346002)(136003)(376002)(39860400002)(2906002)(33656002)(8936002)(186003)(55016002)(66946007)(76116006)(6506007)(316002)(7696005)(71200400001)(64756008)(66476007)(122000001)(38100700002)(26005)(44832011)(9686003)(52536014)(66446008)(86362001)(66556008)(6916009)(478600001)(83380400001)(5660300002);
DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?ZxFo5MrxfpLEES8mckA71/D1UnXost/nxPCGkDcgezMpe3oy9jbNcyoM?=
=?Windows-1252?Q?gCyVHIG+Ld6RQatJdcV3k/+Oj8OPJRkpvA6h8aO7pNVgQHu2cU74qIt5?=
=?Windows-1252?Q?QNhuFG+yzvg/Pb5IyZYAkr6VK4NAODXS1zzBT32lGAOlaa7B1+hgxVxt?=
=?Windows-1252?Q?gr7kYcZ9TVs6fJhO+M/vF32+GHNKsOEPNWZ1umr4uxmWkzWxC7S2Nh+D?=
=?Windows-1252?Q?pm//Hcix5BstjnP9YYeWIjULYHaviM9MXRp0/m/5Nqrrab3jI3ORs6Ha?=
=?Windows-1252?Q?0cn47Ho8nwE6l8fTIrt5hX8m5QFn6XsIYJfpgbvkmjslNF+3VKR4JBHb?=
=?Windows-1252?Q?ykJuw9wZHoDc3TT6Sy4/r/Ta/guS19Lob8R2Qf2ejow9HISAWVWBVzPh?=
=?Windows-1252?Q?Tn8oc+dLDVcIQ54mbpQGYQ+21FGpGnXJJT5Io/F6m8Aw3VNtGh1B7Qm0?=
=?Windows-1252?Q?s+KHE8W7ihniaPxco0t1DttEhsKcqUMn9bSQjU/BfjZxiR0GvWXb6pZD?=
=?Windows-1252?Q?SPCQp+Cc+/F/iBec1CHJwgc62nJXNeBVnGNdp8hz1ILHc3Js4rUmfYBk?=
=?Windows-1252?Q?IHRFokDUK9kMFYfKpt5cpwmNDD807qsdGExQLSE4kTnHGuYfwKGInMVn?=
=?Windows-1252?Q?A5YzV+4ZWpAl6QJBpmSkj1c2tSOmZFMSj/gsIdVNpjGxWIRDRIxMjy0R?=
=?Windows-1252?Q?qsGXDdrE1JxSyzU+mFHiEZMQqr5I+qCBIwyROKicy6cpt+9htUuMTAmB?=
=?Windows-1252?Q?nCu8mfkkqppVMY3uQWRRaTtojhErcfBmZ5ktGkPoFz023ILPNgqNPvzI?=
=?Windows-1252?Q?z0wPJAaBiySAdZTvBwdkXENmlFFlVU2Jjd948qS53LOweBzFeK9pt1jj?=
=?Windows-1252?Q?jUaFBSbShqoxQWXbRtzpGj7arpgRN+uQhpITUhjs27E4S5kclCpqCH+/?=
=?Windows-1252?Q?Nu0deGOUlRYMhIOq67e5P2lung+5HoDRsoWh87/NANN2Yogzlzb4uHZq?=
=?Windows-1252?Q?7bRXzQPHnFXF1XP7kPVawkX+mMEDRrbp3A7yaDy6zQkEptwGxRO2pxD3?=
=?Windows-1252?Q?aGhsVYYbA2C/87G9yQKpSWm/BAhu/3Zrne3NT4MvKWRB9CqKA2NzVMCt?=
=?Windows-1252?Q?7dQeTUAqo9mKB766dxINaaSMCKcA7FRCAxaxXfhkOy8kyeLdHb8XRJNg?=
=?Windows-1252?Q?ESPdfN2PV/G9rydDdaBY33+G7YhsjSscQ+uPKy8YICWPxUsFbMqvNviI?=
=?Windows-1252?Q?fQ5cShcHE4JlS67QJbbFjBzrTFDXv989QcsWgWfpv1lsIJk8TGwjNREH?=
=?Windows-1252?Q?FKmD+MDIuAuW+IXIj7aOnrBeK+t81C9bWbrud888Z5Hpxi588FMUytzt?=
=?Windows-1252?Q?FI80ktCUwd9aLeyLeI0RCgEaNfgFUM7bOp0j+4sSpeXOEu5AUxYMiNuk?=
=?Windows-1252?Q?VCLLCwuQ0sG3bOhnxF4Z2w=3D=3D?=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative;
boundary="_000_HE1PR0701MB30506C4D58CF5F9CF476CAD689089HE1PR0701MB3050_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR0701MB3050.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 63b3c9d1-4ece-40a6-46ef-08d936866d99
X-MS-Exchange-CrossTenant-originalarrivaltime: 23 Jun 2021 20:35:24.1185 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: MJmIDyjxQ3GvvH1p+CDoZU5ZB/5RmoOxi5uG8Fa4nXZ70VI5hZVHGc++JkdpTMDMknUejGqRr+ykgRShm12fA9QXiKqj5tiuZeqqrMOmcRo=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR07MB4362
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/xYtBF3vh2elbPcZQ1RiCVm9tdWs>
Subject: [saag] =?windows-1252?q?Public_key_parameters_in_the_signature_a?=
=?windows-1252?q?lgorithm_=97that_is_the_question?=
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>,
<mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>,
<mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 23 Jun 2021 20:35:35 -0000
Hi, There has been a lot of discussions in various groups recently on whether to have public key parameters also in the signature algorithm or not. There are significant differences between IETF protocols like PKIX, JOSE, COSE, TLS 1.2, TLS 1.3, and IKEv2. Many of the protocols are also internally inconsistent. The inconsistency has led to a lot of confusion for developers and people writing specifications. Looking at IETF protocols with signature algorithm registers: - PKIX/X.509 is consistent. There is no duplication of parameters between the public key algorithm and the signature algorithms. - TLS 1.2 is consistent. None of the signature algorithms include public key parameters. - COSE is inconsistent. COSE largely following PKIX. The exception is the signature algorithm ES256K that includes the public key parameter secp256k1. - JOSE is inconsistent. JOSE is mostly doing the opposite as COSE and includes many public key parameters in the signature algorithms. Exceptions are EdDSA that do not include the curve, and the RSA algorithms that do not include the key size. - IKEv2 is inconsistent. IKEv2 started its own registry where the ECDSA signature algorithms is bound to a curve, but the RSA signature algorithm does not include the key size. IKEv2 have since specified a way to use PKIX/X.509 registries where signature algorithms do not include any public key parameters. - TLS 1.3 is inconsistent. ECDSA, EdDSA, sm2sig_sm3, and gost include the curve, but eccsi_sha256, iso_ibs1, iso_ibs2, and iso_chinese_ibs. RSA does not include the key length. - draft-ietf-httpbis-message-signatures is inconsistent. ECDSA includes curve, but RSA does not include key length and JOSE EdDSA does not include curve. I have seen at least the following arguments to include public key parameters in the signature algorithm: 1. An implementation should know based on the signature algorithm that is support calculating the signature. 2. The security level should follow from the signature algorithm 3. Avoid using the same public key with two different algorithms My observations and thoughts: - I think consistency is the most important property here. - The protocols except PKIX, COSE, and TLS 1.2 seems to try to achieve 1. but fail as they are not consistent. - None of the protocols above seem to strive for 2. - Adding public key parameters to the signature algorithm does not seem to achieve 3. A way to achieve 3. would e.g., be to add signature algorithm OIDs to the Extended Key Usage and only use algorithms specified there. Cheers, John
- [saag] Public key parameters in the signature alg… John Mattsson
- Re: [saag] Public key parameters in the signature… Benjamin Kaduk
- Re: [saag] Public key parameters in the signature… Martin Thomson