IETF Logo Mail Archive

Re: [secdir] Secdir last call review of draft-ietf-cose-webauthn-algorithms-06

"Matthew A. Miller" <linuxwolf+ietf@outer-planes.net> Wed, 27 May 2020 21:55 UTC

Return-Path: <linuxwolf+ietf@outer-planes.net>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D723B3A0CC0 for <secdir@ietfa.amsl.com>; Wed, 27 May 2020 14:55:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=outer-planes-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Uqx3qQWZjBu for <secdir@ietfa.amsl.com>; Wed, 27 May 2020 14:55:05 -0700 (PDT)
Received: from mail-ot1-x32e.google.com (mail-ot1-x32e.google.com [IPv6:2607:f8b0:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A59443A0CC7 for <secdir@ietf.org>; Wed, 27 May 2020 14:55:05 -0700 (PDT)
Received: by mail-ot1-x32e.google.com with SMTP id o13so841080otl.5 for <secdir@ietf.org>; Wed, 27 May 2020 14:55:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=outer-planes-net.20150623.gappssmtp.com; s=20150623; h=subject:to:cc:references:from:autocrypt:message-id:date:user-agent :mime-version:in-reply-to:content-language:content-transfer-encoding; bh=Q84Y/NGysmFIl1Zlaok4i5hAhEX+NSRZWUttoN3MNcE=; b=Y9qV0q+JMLs9cpm5LdBETtA0fNlXBOwhNSbIigRDejrENHDYgnRRfL/LU/cFNUX7G9 TN0MTfFkImbV829TSxjU21YcuF9i41i7dv6gx5htaY4Irq6Cst3H+OaBJ5bgI9IUqU4e RzT/Kgdgc8VvAMNDXNwb+j1Z3FatrxHiGstw5Czko2Wbww8AdGido+7QgKdmqEtD2U/4 hv1ll+VcqloTCsjOI0Z0dD6t9Iqpik5RaPLOqpyQwVY/YtVq4Id7iq5U2OOR+h9nze3q 1fHoBiuPacnhp9joLqqXgW8Ny+N6IeXSePfKOfye4t6pTy8IsAGNY2LuRDdKHzzWwSRM vt4g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:to:cc:references:from:autocrypt :message-id:date:user-agent:mime-version:in-reply-to :content-language:content-transfer-encoding; bh=Q84Y/NGysmFIl1Zlaok4i5hAhEX+NSRZWUttoN3MNcE=; b=Cbh6XFgpGu2SaaYCUbtm2prljhZMm4a5cJYZFfJihn36buEhigYAOUekbJhpBmL4C5 rxmumdYS1NmbXl8r0KbGMr+zOBhofhysjqz2PYWkx6lBsBQSfkTLKhjK1ywwod5V88iq EmXtBZqcQhKEaM9Xr+cCWK+joT5iqJM2oXJ7I4wUOlgyBxlr+JXsNvPPJK9xA/Ou8ykL JKETqxPojMOyI0bayZ9v0UB52z6H/32FpI5t0oYCP/rEDyHy/hIAhUg/5fTv/oXWdtQF HWJpGZwy6XjXNX3XdK3xPmulhCLgvG725I9NZoWNXov85LfR8W6JcHSiqd0uhyvKwhTO 16Og==
X-Gm-Message-State: AOAM532OMXPXpUa28ON9iLZQUUsVYhCr/TZYfZ3yuVtGBvdFFpj9GIcX n35vnXIWZEZan7XggXA98AKQVA==
X-Google-Smtp-Source: ABdhPJwTw1crsPgd/NCnys07B+FdZDWZ0uGepiWGSz0X+ylyBl4vsxHiudOwex8X+wNAb/vDCSY+2w==
X-Received: by 2002:a05:6830:210e:: with SMTP id i14mr135014otc.284.1590616503697; Wed, 27 May 2020 14:55:03 -0700 (PDT)
Received: from mmiller-44677.local ([2601:280:4f00:14a:3d29:5003:84a:2526]) by smtp.gmail.com with ESMTPSA id d15sm1104839otk.41.2020.05.27.14.55.02 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Wed, 27 May 2020 14:55:02 -0700 (PDT)
To: Linda Dunbar <linda.dunbar@futurewei.com>, secdir@ietf.org
Cc: cose@ietf.org, draft-ietf-cose-webauthn-algorithms.all@ietf.org, last-call@ietf.org
References: <159053708200.16306.10159573848968846851@ietfa.amsl.com>
From: "Matthew A. Miller" <linuxwolf+ietf@outer-planes.net>
Autocrypt: addr=linuxwolf+ietf@outer-planes.net; prefer-encrypt=mutual; keydata= mQENBFJoAooBCADQmEtpbpY/4wTeKgZIuyG7HkxIFgiUeqOvtiBKj/pCA73d7Q5hCvQdGcKJ 6uZsYz3Il9oKoKFxVt90iEXspbE39g6ek19e6RsB4j0Q10l4QvH+EqeD760gs0H2yf/eYj9i uk9/VY6axdQlPsmid1zoQgCNjSM7X4/K26WGMs03sbXJpKdoonelzIlJSNfzi0q546iplo72 D2cCm9BriMkQvcGnsm4B9eBIBn3GKmVx1tsmPNeNTyun2DvaLnrYxbA0Ivo1DzZReds9NZ25 uROI/+b+lcg9/kmHzhK+q8NMQCFWmqpS/lZRKxVBSijKGpGr5h8VLVf5iURHtwG+B/QxABEB AAG0M01hdHRoZXcgQS4gTWlsbGVyIDxsaW51eHdvbGYraWV0ZkBvdXRlci1wbGFuZXMubmV0 PokBVAQTAQoAPgIbAwULCQgHAwUVCgkICwUWAgMBAAIeAQIXgBYhBDHXWI3skGkNa8yY4Oz0 ck4QngW7BQJeDg4fBQkVMJSlAAoJEOz0ck4QngW7XCcH/RBVW3Nd0ezXtL9XSn5DHJxRTb5q 6ZVIBQgVIMcH2DVzO/aCs3o1ECONHAazVGQ9b6cwHCtPWJpM0ENGx7DERa/Ay4vDeKXc1TEX VuukdGrX2zWOaFHDT/oU1SEg0C+f3JGnaTwYQ7i2KXkFuYNmqROkB+Z0PDaLu4biCYdjhkIm Yu3frzySHhEX2VVMcJA6lcqdBTE3j2+ywQ7icpiWUcvLuhCeuFER1JjTRchcXwtuiOAKPQCZ BM9B70Q73hiKKK4ylNjhLFKGomkWDqsQ6sAENn6YkWyBuXNr5Y66uFxFS0VY938o/ZoXw4tb qUIdBzMnHkHxxiNUUBb6dPkaEGO5AQ0EUmgCigEIAMD+u4fBiVDul2Mljq3CRlwyZ52RA0vq vm00F5CTBWu+K1SMdMoqKmPEHaQSRRmjE+AwjWHv96cOtWUwwyqrpEgnzof7LHXfM0hk0GUl +ZUeAePtNPyylroD+ohxx2IhE2wVW+W8XGkfyxONVsd89h7Ft05HmQellZPNjE3JUtcwrmN6 fQHgr6+NuAUkC+ygt/MtnkHPeRvp2m7FQ3OqEPKGTn9Q9oIgW9lYG2JEqaSo/ASrwbZowmrl nhKvwJGSmgwHbmvEI9LxH4HKIfGmr5TyYq6o9WDUsnNwDuEeaazxoE3qXFKVvIqfMSDwBaCV 37r7GUle7lT9+oMAKVOPmZ8AEQEAAYkBPAQYAQoAJgIbDBYhBDHXWI3skGkNa8yY4Oz0ck4Q ngW7BQJeM+W5BQkPjlg/AAoJEOz0ck4QngW7a+IIANBU7R3t17LKflQo3nSUoqMBLkjxo9/e yzKAb3u0Fjb5md+9ESrFb03w1ZUkKLh/b6leTFq50IJbfxgDlVgkTn/j0XPOmIHpfDtVYPnA /rI5sqMzjb3qFOPFZFX9Til360uv9Zc5mlkJcM57X4aLRl7wSGRXPqh7v356s+JlvLF8rBtZ 7LU5SrCWeoWZu/7NvqW+UNEOOP2xAlOId4BeYWflkpzNcSPkhAkD2Xvw/GmyOm24Im7Ef2O5 scQhEO/dG+3jU4QnSGFtLXHndHpNM20vD6T+uWUpyp5g27KrIHApWq9M3o6KR68pTOLJrMxc th8xmHLOpuWVAKEABNQRDfE=
Message-ID: <b0165785-034a-0ab8-1028-d971a8206ba1@outer-planes.net>
Date: Wed, 27 May 2020 15:55:01 -0600
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Thunderbird/68.8.0
MIME-Version: 1.0
In-Reply-To: <159053708200.16306.10159573848968846851@ietfa.amsl.com>
Content-Type: text/plain; charset="utf-8"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Qjt51epWg_0bmAUDUK5sV8ErmPQ>
Subject: Re: [secdir] Secdir last call review of draft-ietf-cose-webauthn-algorithms-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 21:55:07 -0000

Hello Linda,

Thanks for the review.  Speaking on the author's behalf, SHA-2 is
defined as the collection of hash algorithms, including all of those
cited (SHA-256, SHA-384, SHA-512).  Do you believe it is critical to
call this out explicitly?


- m&m

Matthew A. Miller
On 20/05/26 17:51, Linda Dunbar via Datatracker wrote:
> Reviewer: Linda Dunbar
> Review result: Not Ready
> 
> I have reviewed this document as part of the security directorate's ongoing
> effort to review all IETF documents being processed by the IESG.  These
> comments were written primarily for the benefit of the security area directors.
>  Document editors and WG chairs should treat these comments just like any other
>  last call comments.
> 
> This document is to list down the COSE&JOSE Algorithms to be registered to
> IANA. But it seems the description is not complete. In the Section 2: among the
> 4 algorithms listed under RSASSA-PKCS1-v1_5, three are NOT recommended, one is
> deprecated. Under the Security Consideration (Section 5), Section 5.2 describes
> why SHA-2 is "Not Recommended", Section 5.3 describes why SHA-1 is
> "Deprecated".  What about the description on why SHA-512,  SHA-384, and SHA-256
> are not recommended?  Is the missing description intended?
> 
> Best Regards,
> 
> Linda Dunbar
> 
> 
>

v2.23.0 | Report a Bug | By Email