Re: [sacm] [COSE] CoSWID review
Michael Richardson <mcr+ietf@sandelman.ca> Wed, 20 November 2019 06:11 UTC
Return-Path: <mcr@sandelman.ca>
X-Original-To: sacm@ietfa.amsl.com
Delivered-To: sacm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B0011202DD; Tue, 19 Nov 2019 22:11:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kOBkQ-1OfxDS; Tue, 19 Nov 2019 22:11:34 -0800 (PST)
Received: from relay.sandelman.ca (relay.cooperix.net [176.58.120.209]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 31F99120802; Tue, 19 Nov 2019 22:11:34 -0800 (PST)
Received: from dooku.sandelman.ca (dhcp-896a.meeting.ietf.org [31.133.137.106]) by relay.sandelman.ca (Postfix) with ESMTPS id 6DDEA1F450; Wed, 20 Nov 2019 06:11:32 +0000 (UTC)
Received: by dooku.sandelman.ca (Postfix, from userid 179) id 53AA2FD7; Wed, 20 Nov 2019 14:11:31 +0800 (+08)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: cose@ietf.org, 'sacm' <sacm@ietf.org>
In-reply-to: <011a01d59e88$954f7110$bfee5330$@augustcellars.com>
References: <CAHbuEH7OH_89+e4_BmXJN4LgxzTTQ9MtKF_03XK--a8K4AO11w@mail.gmail.com> <lejxf9f4owwm819gnwiwhlo0.1573973274271@email.android.com> <CAHcK3jMef-SK+AH4RC+EQs1LQ6wZCDAPGLCxqUyE+MFn=n-H+g@mail.gmail.com> <CAHbuEH75-jbPTqprpzjOdhRTVjtBcKy4+M6gW=zEog140ZEw5Q@mail.gmail.com>, <CAHbuEH6SjQRriP-2Sr4k12_hRk88VR3vpTsSW7phqEdKCJoRqg@mail.gmail.com>, <BN7PR09MB281982821C9CD2D11A5F546AF04C0@BN7PR09MB2819.namprd09.prod.outlook.com> <BN7PR09MB28195DC7222FF17789AAC7EBF04C0@BN7PR09MB2819.namprd09.prod.outlook.com>, <010401d59e80$7f4be360$7de3aa20$@augustcellars.com> <BN7PR09MB2819937DE42C9A1FA0F7C675F04C0@BN7PR09MB2819.namprd09.prod.outlook.com> <011a01d59e88$954f7110$bfee5330$@augustcellars.com>
Comments: In-reply-to Jim Schaad <ietf@augustcellars.com> message dated "Tue, 19 Nov 2019 11:22:30 +0800."
X-Mailer: MH-E 8.6; nmh 1.6; GNU Emacs 24.5.1
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Date: Wed, 20 Nov 2019 14:11:31 +0800
Message-ID: <10015.1574230291@dooku.sandelman.ca>
Archived-At: <https://mailarchive.ietf.org/arch/msg/sacm/yqF0eAG3wvK37TudCGc8MbZjNP0>
Subject: Re: [sacm] [COSE] CoSWID review
X-BeenThere: sacm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: SACM WG mail list <sacm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sacm>, <mailto:sacm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sacm/>
List-Post: <mailto:sacm@ietf.org>
List-Help: <mailto:sacm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sacm>, <mailto:sacm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Nov 2019 06:11:36 -0000
In order to understand this thread, I took a look at draft-ietf-cose-hash-algs.
MINOR:
* I think that the term "Thumbprint" is not often used, and that fingerprint is
a more common term to use.
My understand is that there is a proposal to use an existing registry for the
list ("COSE Algorithms"), but that this registry has things which are not
hash algorithms.
There are I think, three entities that care, and I think that there is an
over-generality being applied which is causing people to have concerns.
1) There are people who look at the list of algorithms to decide which one to
use for a particular application. I hope these aren't end-users, but
rather application writers who need to decide which ones they need to
implement. Better is that they are defining some protocol/profile which
uses COSE. It's Thread or OPC or Azure IoT, etc.
I think that we can depend upon those people to be able to discard things
which are of the wrong shape.
2) There is code which creates signatures or hashes to put into objects.
It knows which algorithm it is using (it's been programmed to use that
one), and finding the right number is trivial.
3) There is code which is validating things, and it needs to know which
algorithm is using to avoid the situation where it becomes possible for an
attacker to replace a stronger hash with a weaker one for which a
pre-image attack is easier to perform.
In case (3), the verifyer has to be ready to accept any hash from the "list",
and it has to be a valid hash. But, it also has to be for code which the
verifier has implemented. I recall attacks against verifies of
certificates that had hard coded SHA1 (or maybe it was MD5) and ignored the
ASN.1 inside the signature which specified the actual algorithm to use.
If an attacker tells me to use the "RC4 hash", and I don't have a hash like
that, then I reject the number because I don't have it, not because it's not a hash.
But, maybe I just don't get the problem.
--
Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
-= IPv6 IoT consulting =-
- [sacm] CoSWID review Kathleen Moriarty
- Re: [sacm] CoSWID review Kathleen Moriarty
- Re: [sacm] CoSWID review Waltermire, David A. (Fed)
- [sacm] Fw: CoSWID review Waltermire, David A. (Fed)
- Re: [sacm] CoSWID review Waltermire, David A. (Fed)
- Re: [sacm] [COSE] CoSWID review Jim Schaad
- Re: [sacm] [COSE] CoSWID review Waltermire, David A. (Fed)
- Re: [sacm] [COSE] CoSWID review Jim Schaad
- Re: [sacm] [COSE] CoSWID review Michael Richardson
- Re: [sacm] [COSE] CoSWID review Jim Schaad
- Re: [sacm] CoSWID review Waltermire, David A. (Fed)