Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem
Neil Madden <neil.e.madden@gmail.com> Mon, 07 June 2021 14:02 UTC
Return-Path: <neil.e.madden@gmail.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 48FBE3A1791 for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 07:02:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FW_kq8ODfkUz for <saag@ietfa.amsl.com>; Mon, 7 Jun 2021 07:02:23 -0700 (PDT)
Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABE2B3A176B for <saag@ietf.org>; Mon, 7 Jun 2021 07:02:23 -0700 (PDT)
Received: by mail-wm1-x32f.google.com with SMTP id v206-20020a1cded70000b02901a586d3fa23so37819wmg.4 for <saag@ietf.org>; Mon, 07 Jun 2021 07:02:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mwEvYBtid768Bgv7tfHrzsFiTZnRz7w4RSsj/vJ2K/Y=; b=GHjx2M1R49fFOqpT7KDnfZM4HZP9Ss6V+oE8bM59FzFV2QslHRzfKbLJc+mS3g57ZV BXLXggX5IgS1O055F8wzlKjVsYksuAK7/xzt2EWUsK/I6b2IVeXL+z2B4syk3FCRjIw8 8IvZhtFmZMxOQk6nhZk0UcHZK7+9mzK3KI0msT3Q2+z1cqO8KQbljwnANf7he5Req4Og K8/cUSjvencwoVrMQxYz+pf3QK639/Z3GHw/mN5Rqyt34xVN79b57noWuGOSKFjYW0WF 9zV5wXaoxXR6UkRvJIsNO805gHFms35wlgV++20XZpmFed7IuojQUWB2fiSh/jVgP/Sh wvOQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=mwEvYBtid768Bgv7tfHrzsFiTZnRz7w4RSsj/vJ2K/Y=; b=sT+bKVOio7B7hpo8gsEdybiMCskRAQI46Vy6w829JE7rJwVwGO/ws/Mlw7Hz1ENm0e P2Q1aUO/cEQWcsml3RCeRNWK4WXMOVTGzpFtGWfdtM9O9y5r/92aUnDxLalEMsXxM70j RiKSPLcE2w1quVMyEVmZ8qwg1ReR+dwQtYK8H9ja7j9gTfnR4bSpsy8SxyjKloE5ApQ+ c8mt/gbyku4MENigg2Up9FWIYkK+z45O/OBy8mGii//O5J2Afj8dHLDkLACQL4tLQzUB //HY2+CKu/unpaopgvnSY5AhDUX62AH2DdFGAu9cLKqhYeDH0K7LQsUf1ME26+HrFvNW PAvg==
X-Gm-Message-State: AOAM532BVRG1RyiHSpMzS2QLqNn4JL/z6/pNqdCCcADceWZRgkziO64G qop65sOmxt77JjepehEBA2KxAxSEK0gy/A==
X-Google-Smtp-Source: ABdhPJw2vhgA6kEorG8Q+3EzStJvmRixmf6ab8sLWsZmfpTfQg4DyDlwY1AwRXoWkWk/Am16jTqJ8Q==
X-Received: by 2002:a05:600c:4282:: with SMTP id v2mr16904371wmc.18.1623074537024; Mon, 07 Jun 2021 07:02:17 -0700 (PDT)
Received: from [10.0.0.6] (113.87.75.194.dyn.plus.net. [194.75.87.113]) by smtp.gmail.com with ESMTPSA id b26sm17391587wmj.25.2021.06.07.07.02.15 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Jun 2021 07:02:16 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.120.23.2.6\))
From: Neil Madden <neil.e.madden@gmail.com>
In-Reply-To: <CAMm+Lwizfw6=T28gGOgeGZ=4CEHsQ5BoWcAt5mOWbyJHLVJmuQ@mail.gmail.com>
Date: Mon, 07 Jun 2021 15:02:14 +0100
Cc: IETF SAAG <saag@ietf.org>, IRTF CFRG <cfrg@irtf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <CE8CC19F-4D05-4E71-84E3-5087F3576E02@gmail.com>
References: <CAMm+Lwizfw6=T28gGOgeGZ=4CEHsQ5BoWcAt5mOWbyJHLVJmuQ@mail.gmail.com>
To: Phillip Hallam-Baker <phill@hallambaker.com>
X-Mailer: Apple Mail (2.3608.120.23.2.6)
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/yOoB7ZhOYhiirx2OXQBUgAMDJF0>
Subject: Re: [saag] [CFRG] OCB does not have an OID specified, that is a general problem
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Jun 2021 14:02:38 -0000
Unless there is a compelling reason to do so, I’d prefer that registering algorithm identifiers for JOSE be a manual (and rare) step. JOSE provides no way for consumers to advertise which Encryption Methods they support (“enc” - which is what OCB would be), so adding new options here can only harm interoperability. (This is in contrast to key agreement algorithms - “alg” - as these can be advertised in the JSON Web Key metadata). — Neil > On 7 Jun 2021, at 13:51, Phillip Hallam-Baker <phill@hallambaker.com> wrote: > > Raising this in SAAG because this raises a policy issue and CFRG because that is where the policy should be enforced. It is also relevant to LAMPS but trying to avoid cross posting as everyone on the LAMPS list is likely on SAAG. > > > rfc7253 specifies OCB mode. But there is no OID specified to use OCB with CMS, nor are there identifiers for use with JOSE. > > This is problematic to say the least. If an algorithm is worth publishing as an RFC, there should be definitive identifiers for general purpose packaging formats specified in that RFC. > > I would like to propose that in future assignment of relevant OIDs and JOSE identifiers be considered a requirement for similar work. If a spec for a symmetric mode isn't sufficiently specified to enable interoperable implementation in CMS and JOSE, it is not sufficiently specified to be an RFC. > > This would not cover TLS, IPSEC etc. since they have rather different considerations. Algorithms are curated and selected as suites for TLS for a start. > > I am not a fan of having multiple registries for specifying identifiers for algorithms. In fact if I had my way, there would be a single IANA text registry because while we could write a spec for a cryptographic algorithm and call it SMTP, that would be silly. > > It seems to me that one registry for the ASN.1 identifiers and one for text based identifiers is sufficient for all reasonable purposes. To the extent that XML signature and encryption are still a thing, well why don't we just specify a generic URN scheme for IANA registries and have done. > _______________________________________________ > CFRG mailing list > CFRG@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg
- [saag] OCB does not have an OID specified, that i… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Salz, Rich
- Re: [saag] [CFRG] OCB does not have an OID specif… Roman Danyliw
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Carsten Bormann
- Re: [saag] [CFRG] OCB does not have an OID specif… Richard Outerbridge
- Re: [saag] OCB does not have an OID specified, th… Russ Housley
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker
- Re: [saag] [CFRG] OCB does not have an OID specif… Neil Madden
- Re: [saag] [CFRG] OCB does not have an OID specif… Phillip Hallam-Baker