[secdir] Re: Secdir last call review of draft-ietf-jose-fully-specified-algorithms-08
Michael Jones <michael_b_jones@hotmail.com> Mon, 31 March 2025 17:15 UTC
Return-Path: <michael_b_jones@hotmail.com>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A0D93154CE6F; Mon, 31 Mar 2025 10:15:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: 0.125
X-Spam-Level:
X-Spam-Status: No, score=0.125 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FORGED_HOTMAIL_RCVD2=0.874, FREEMAIL_FROM=0.001, RCVD_IN_BL_SPAMCOP_NET=1.347, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_PASS=-0.001] autolearn=no autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=hotmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EviCRTb0H16V; Mon, 31 Mar 2025 10:15:56 -0700 (PDT)
Received: from SJ2PR03CU001.outbound.protection.outlook.com (mail-westusazolkn19012051.outbound.protection.outlook.com [52.103.2.51]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 80517154CDAF; Mon, 31 Mar 2025 10:15:50 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=eSXh/KVMOfl7XcZO24TZIcvvVn2I8tjpW57eXqd3UfwvN+ucsxsm6hqL+l+QTmCd2Qwp+vq2A3bTM5lBa2ZN388bY89etCm+77KWep3CfdswQZQI47A2Sph1eXpkJLKF9cCHvgPYM2uFZPsjqjaUFW0RnhwBUdNrzRHE7jl96EpfNh/Hrcuq5EI7m9OkXFvaqMAmUMYDuvFwx8yEJC7T0v8EQOkn8rt0TcMvAed3oGa80oZIzwluJF0R/FGvt2COg+0WzqdxIheCZToO5Z5LWwToioctVkz+h8xVTsB500pGB1rTP/snbKcxGz3w6sUiOYuzDMBTeV24yKwOmF45pw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=U0326x1dBUUrGYL7GSFJPs1v32nGZNIIW48BRr7uXNo=; b=NWK7VB6Uy2jAdXaQ/aBQmjjCDFwR/uLqaL55wgBrye26FladsRpxZ4xM6CCXBNEdiry1FQAqTWj22wTBSebjFGZAG5WkVGCaWswRuUOPObp0ngWtk1+l5SO06dBFWZyo5NhIfyHx2eNBqVgICJZYtEjrpTtEe82OW5aWPDMEcc9GWoRf6qhdWlF0ycN1rzgpsWYGOIy+ceRnvLefLVpBSSFggCNjD5aySJzYPtzsITUc1eaUSwNKMCoN38hOfGTDfpejqpT68nXfM4aLIaiQwb5qjO3a1toeCNwhLcKK7eG8mZHkJnBPHxZ3AaZUk5A3jyeeI+FENBPYWuBPPm1FWA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=none; dmarc=none; dkim=none; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=hotmail.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=U0326x1dBUUrGYL7GSFJPs1v32nGZNIIW48BRr7uXNo=; b=VvtOzOCfR7V6eudSePa06NoJf5HyDoxNxdjyy9ZuvTDLswwUlFYZAqOI/1X80QY+Y0v/QOsJ6kViQDMox2D58XRw7h8srclaGFyXySO0cosUFORjLCOYcMQ5vnT1VCbj04Xd+/DfqIFRTtroTwEhQQDj4aDf8ku/EEh3uTLgmIJOckdBf5UWzMkqMPALzKPJm57D8l4jKO+7nD+6Q9fLvBCJBFg16YY2HbRu2MJBKeyrSAQ4yyvY8cwciusf6mP0hewh7Oketyma8KZGkJrZ7lYbOH5UNIblmBK4JgZsDHs79BU0pPxgGNeXYalWUNghIWv01GLwy7GxVGAFvAASag==
Received: from PH7PR02MB9292.namprd02.prod.outlook.com (2603:10b6:510:275::9) by CO1PR02MB8854.namprd02.prod.outlook.com (2603:10b6:303:163::15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8534.44; Mon, 31 Mar 2025 17:15:46 +0000
Received: from PH7PR02MB9292.namprd02.prod.outlook.com ([fe80::e455:8c0f:5367:f8b2]) by PH7PR02MB9292.namprd02.prod.outlook.com ([fe80::e455:8c0f:5367:f8b2%4]) with mapi id 15.20.8534.043; Mon, 31 Mar 2025 17:15:46 +0000
From: Michael Jones <michael_b_jones@hotmail.com>
To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>, "secdir@ietf.org" <secdir@ietf.org>
Thread-Topic: Secdir last call review of draft-ietf-jose-fully-specified-algorithms-08
Thread-Index: AQHbnYICEWtQtFM5cEyrogkFvCqvCbOGJb7ggAdf/7A=
Date: Mon, 31 Mar 2025 17:15:46 +0000
Message-ID: <PH7PR02MB92923B44693DC2AFB6DB632CB7AD2@PH7PR02MB9292.namprd02.prod.outlook.com>
References: <174290595797.1681632.3610605798049858789@dt-datatracker-5b9b68c5b6-zxk6z> <PH7PR02MB92921F2B336BDB0703B68381B7A12@PH7PR02MB9292.namprd02.prod.outlook.com>
In-Reply-To: <PH7PR02MB92921F2B336BDB0703B68381B7A12@PH7PR02MB9292.namprd02.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: PH7PR02MB9292:EE_|CO1PR02MB8854:EE_
x-ms-office365-filtering-correlation-id: 18c9e59b-461e-4be3-5429-08dd7077ad1a
x-microsoft-antispam: BCL:0;ARA:14566002|19110799003|8060799006|8062599003|7092599003|461199028|15080799006|3412199025|440099028|102099032;
x-microsoft-antispam-message-info: 9paXIH8H32j9so/34BVGcrYpE/DSefksE3wZwToSdnO6HAZRqHc6p91FQAhQkwJK1+LBWWmEY4P3lqrJbpi2IfZkhWK43kAH3VtU94OE0Gi6GLaQbRl+wJosCLsQ0WDpRUHJn/GW1BZ4Pk0+veC0mfEFh9BCuck/F464IdxomdzxoY8EZinjX4+54Wpj9GSC8AdwESxvyzm1u+kc5zagWWMW1fgVy/b+Tz87xWEimEgrChdDWUPXutIMrlxSxEATFqhAT/fBT/JTBOhJAV0Psa6V8pvUhYCwlGHGSATMfzVtu3bQPK6+0t3y3h2/xl/5XEWxdnTENdoqzQYUTZQGtBLRvRKhV02FDeooUqeNmdIrTXvf3P+Z1uGJ79l8vnD6DJrCpfN3C1GXjQHPrYvtMjooewOIaNVQqNIhDb3lQMxlVB9QZLUSwB4EK9yARLnSpEWF+4RR8GjDA7rXOeHagMTW0IkJ/2c7mHhMs4v4jPOqO/h+mAclBIxK8Hk5gF47jzdKU1egDuMLSCny4vdizud15Mlmui3rQJXswBPKbhsgzPbO2PqntTHvvUdcgFmjp+vNGUgDbdkFhrX1i2nYHJXvMXYi2zZ+wqQX6wejfZoY2KHRskDTgy5aVeh5rKDcgBB0soqFB96Eqw4SQN3FGcbQdWBoY8t/FkjTE/SmDDUAoKsUmn491U1whod3/FKg76/hvJzEnt3vknlMRASTCMnEp7m17uThW/YUoz9LE/SqDF2ojmnesipUhB6m+U8cnkfydUOMkgqyO5REQJ3wMPBBHv7szL0C/axzt2KwYXe7L1VCdML/J7K+04Syr7Z0TPCspzsYXZNCwvm4rtjiX+cQSgnlH1fTnLeKcX4BPk4+KweHf1HMj32bOWXE61zD5RYbjMuFZ4+ohFTFE3Fw1mWIW6nl6Gi5lSvv7lJjCQeTZeHCqaLJJkplYb5m+nXxAR/odILaw5+d2EfDXpH5KAd/DzHb+Pu/MbNwNWY60wXmuSflUNwh1E1OHNKq9Ud/3tk05bVKDiDBiawSnKeN7l08Ozs6iDhj+NyhSKeH5NfW1CJDj8dle+lsIR8r/Buh5QDaDUBvPLMP3LSINAWiAC+pej5nTYGMhOkdU/1C4Ss=
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: LuMgkl2YdJwzpUnY+xzgDLySmzb3cOiG5ilY/DFyr31X6z2GaMO3kLkeYxXAGWt6dmOBgAgNXVjRIiq6BoATnYEtbZERInPU+pMxwPjbSuYGVjnAd5IsiSuqcFJ1HBvE5sJK3inGPi6EI2VwWwuvLlnl86Gta+t2ohSl8ysm9DkQom0V690WsNDR7GRM2cJKpFk7tHoaeEFF+Vts1ot97UTTOuOVs2dwGi3hp6vzZpIQ4fJgIbLFVA75p41x7u0zQzT5JI2df41bP4Gq+sORRH2ixLFEISAiNkAzf+TsPGnFR1p9/P80gUqZ8Yb3vOMQRearUmBB8r++3A8gD/R2YmcjGYY+36Z+SMhy80OGzyTeovKUg3GtG+AKJhMtnHbqVfQ8l0D7lQnLeA+aXU5KDaZvauX61hMXkINBAfclF64TXVxoQsaeXoQT0IzdaTfnGBxQdU25viKCupeVxz9Vejx5xl1BC4bL4PZXYvGon2lJ0z7uDWXCOwrOh927zipHODczZhNCWWAqTj/nDteu1D0Arb82modWcaqMYre1DDTXyGQiYAwmgTUl7y7MFSQ1ABHpFKmtWT+HRZnYXtbwULR4FyO/3swpJfK0J1PTuaLZD5Gw44I+Jl7KVbXHOqM5BcWWZbCAmwJpHW9LgO+LL4iIP707AuhivvY7KYpqS2kZByE33RBN+2B1x1WYKr3kZlIKtWiMeAM7/J9xQiuZTCBavqgVO4Jd5PpTsoe93t9/WurU5VIv1VTGpN4oKtignSUutI7fDvxiQiLXksCXew8E+dCXa9QskUIr6z/PpDu0oPo9RsLUetai0ilNAO6+WUY44qFYXGSGfLoVnBpE5iQIAUmwHCTvi0t2ODJHazFNZjewrK8vtDREC899UE6fIK0eKXSRb5oEDXZbqMrf1UvClpMKWsyAFH2MLSfOGy/w+z5angP5rYUPouXTsNS76Ydx9bcZZh8Bq7QfUTjnxtf93kChxjErYbFULDlPFoGAChIjiYdnEJlXSjx2uoujmzFu5ACyjwuf+LrcJtHeET/Xq4P1GjYqwmwDhu5ftauJtvUdJF8odlVR2VXD2/sEpjubTbObd3SEDbI1wd6s2B82yMqMdfsPGmwwerdyILA9mTtrwY0KuJq+iuvKpXTccwIPr4w6LSXzB+nUG2HqyD4RfaJvuvFco5rWngEla3aw1JXwVQB4tu/t2SPBGL5grYL7XEjJfa/F+KkGt3IKjd2eJcl5RWLvWF9dW4mTI//mRbiZvDqVZQfiJ8kiJHYW8586kv33dWhvY4dJ1+TYIW8E4/KYqe+JcQc1zR5v03Px5QH2GZqMtjtcQh8XlxYM
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: sct-15-20-4755-11-msonline-outlook-3d941.templateTenant
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: PH7PR02MB9292.namprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-RMS-PersistedConsumerOrg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-CrossTenant-Network-Message-Id: 18c9e59b-461e-4be3-5429-08dd7077ad1a
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Mar 2025 17:15:46.3495 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 84df9e7f-e9f6-40af-b435-aaaaaaaaaaaa
X-MS-Exchange-CrossTenant-rms-persistedconsumerorg: 00000000-0000-0000-0000-000000000000
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR02MB8854
Message-ID-Hash: KVVR7AIHHWDSIGAESRMAZ5KMK7KOURTK
X-Message-ID-Hash: KVVR7AIHHWDSIGAESRMAZ5KMK7KOURTK
X-MailFrom: michael_b_jones@hotmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "draft-ietf-jose-fully-specified-algorithms.all@ietf.org" <draft-ietf-jose-fully-specified-algorithms.all@ietf.org>, "jose@ietf.org" <jose@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: Secdir last call review of draft-ietf-jose-fully-specified-algorithms-08
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/hV_BGAg0QOI74Bw9S-91DHDZ1dQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Any thoughts, Kathleen? We'd like to update the draft to incorporate your feedback before the telechat. Thanks, -- Mike -----Original Message----- From: Michael Jones <michael_b_jones@hotmail.com> Sent: Wednesday, March 26, 2025 5:46 PM To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>; secdir@ietf.org Cc: draft-ietf-jose-fully-specified-algorithms.all@ietf.org; jose@ietf.org; last-call@ietf.org Subject: RE: Secdir last call review of draft-ietf-jose-fully-specified-algorithms-08 Hi Kathleen, Thanks for your review. We have a mitigation for your first issue. But before we add it to the draft, I wanted to better understand your second issue. Are you saying that an attacker could vary the algorithms used when signing content? That's of course true, but the attack scenario is not clear to me. Are you saying that an attacker might be identifiable from the algorithm it chooses to use and that by changing algorithms, they could somewhat obscure their identity? Can you describe an example of a scenario where this could occur in practice, so I can better understand it? Also, as you wrote, this consideration applies whether the algorithms are fully-specified or polymorphic. So it seems like it may have broader application than the specific algorithms defined in this document and this documents advice to avoid polymorphic algorithms. Does it, for instance, apply to all of JOSE and all of COSE and all of X.509? Without understanding the attack better, I can't tell. Thanks, -- Mike -----Original Message----- From: Kathleen Moriarty via Datatracker <noreply@ietf.org> Sent: Tuesday, March 25, 2025 5:33 AM To: secdir@ietf.org Cc: draft-ietf-jose-fully-specified-algorithms.all@ietf.org; jose@ietf.org; last-call@ietf.org Subject: Secdir last call review of draft-ietf-jose-fully-specified-algorithms-08 Reviewer: Kathleen Moriarty Review result: Has Issues Greetings! Sorry for my late review. In reviewing the draft, there are 2 easily resolvable findings. The first is that the term "cross mode" is used and never defined. Tracing back to the reference provided, the closest I could find to "cross mode" was the following text in RFC 9459: "To avoid cross-protocol concerns, implementations MUST NOT use the same keying material with more than one mode. For example, the same keying material must not be used with AES-CTR and AES-CBC." Matching the language or proving a definition would help to resolve this concern. Second, as I was reading the draft, anther security consideration became clear and should be added. An attacker can easily avoid fingerprinting detection or signature detection by rotating the ciphersuite whether it be defined or polymorphic. If programmed to rotate, then the results will look different. Awareness of flexibility in protocols to conduct attacks should be explicitly stated so that OWASP can write up mitigations sooner rather than later when attacks become prevalent. Thank you for addressing the concerns! I did check the has issues, but do think these are very easily addressed. Best regards, Kathleen
- [secdir] Secdir last call review of draft-ietf-jo… Kathleen Moriarty via Datatracker
- [secdir] Re: Secdir last call review of draft-iet… Michael Jones
- [secdir] Re: Secdir last call review of draft-iet… Michael Jones
- [secdir] Re: Secdir last call review of draft-iet… Kathleen Moriarty
- [secdir] Re: [jose] Re: Secdir last call review o… Orie