Re: [woes] Support multiple Crypto algorithms? was RE: Proposed charter, post-Quebec edition

Joe Hildebrand <joe.hildebrand@webex.com> Tue, 09 August 2011 18:33 UTC

Return-Path: <Joe.Hildebrand@webex.com>
X-Original-To: woes@ietfa.amsl.com
Delivered-To: woes@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5BC211E80C0 for <woes@ietfa.amsl.com>; Tue, 9 Aug 2011 11:33:44 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.352
X-Spam-Level:
X-Spam-Status: No, score=-104.352 tagged_above=-999 required=5 tests=[AWL=0.180, BAYES_00=-2.599, RCVD_IN_DNSWL_MED=-4, RCVD_NUMERIC_HELO=2.067, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CUuuetX3S9vV for <woes@ietfa.amsl.com>; Tue, 9 Aug 2011 11:33:44 -0700 (PDT)
Received: from gw2.webex.com (gw2.webex.com [64.68.122.209]) by ietfa.amsl.com (Postfix) with SMTP id 4D43D11E8098 for <woes@ietf.org>; Tue, 9 Aug 2011 11:33:43 -0700 (PDT)
Received: from SRV-EXSC03.webex.local ([192.168.252.197]) by gw2.webex.com with Microsoft SMTPSVC(6.0.3790.4675); Tue, 9 Aug 2011 11:34:11 -0700
Received: from 64.101.74.200 ([64.101.74.200]) by SRV-EXSC03.webex.local ([192.168.252.200]) with Microsoft Exchange Server HTTP-DAV ; Tue, 9 Aug 2011 18:34:11 +0000
User-Agent: Microsoft-Entourage/12.24.0.100205
Date: Tue, 09 Aug 2011 12:34:10 -0600
From: Joe Hildebrand <joe.hildebrand@webex.com>
To: Thomas Hardjono <hardjono@MIT.EDU>, "woes@ietf.org" <woes@ietf.org>
Message-ID: <CA66D9C2.DABE%joe.hildebrand@webex.com>
Thread-Topic: [woes] Support multiple Crypto algorithms? was RE: Proposed charter, post-Quebec edition
Thread-Index: AcxWPNcHBGaoFzKlTHKeGEC10gBurwAgJQrQAAFgpis=
In-Reply-To: <DADD7EAD88AB484D8CCC328D40214CCD0E7504252B@EXPO10.exchange.mit.edu>
Mime-version: 1.0
Content-type: text/plain; charset="ISO-8859-1"
Content-transfer-encoding: quoted-printable
X-OriginalArrivalTime: 09 Aug 2011 18:34:11.0939 (UTC) FILETIME=[EEF21B30:01CC56C2]
Subject: Re: [woes] Support multiple Crypto algorithms? was RE: Proposed charter, post-Quebec edition
X-BeenThere: woes@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: "Web Object Encryption and Signing \(woes\) BOF discussion list" <woes.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/woes>, <mailto:woes-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/woes>
List-Post: <mailto:woes@ietf.org>
List-Help: <mailto:woes-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/woes>, <mailto:woes-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Aug 2011 18:33:44 -0000

One of the goals of JOSE is to increase the number of interoperable
implementations.  I don't think a lack of MTI algorithms will further that
goal.


On 8/9/11 12:02 PM, "Thomas Hardjono" <hardjono@MIT.EDU> wrote:

> 
> As far as I can remember, CMS (RFC3852 and RFC5652) does not choose any
> specific algorithm.
> 
> Therefore it make sense for JOSE to follow the same approach.
> 
> /thomas/
> 
> 
> 
> __________________________________________
> 
> From: woes-bounces@ietf.org [mailto:woes-bounces@ietf.org] On Behalf Of
> Phillip Hallam-Baker
> Sent: Monday, August 08, 2011 10:34 PM
> To: Joe Hildebrand
> Cc: woes@ietf.org
> Subject: Re: [woes] Support multiple Crypto algorithms? was RE: Proposed
> charter, post-Quebec edition
> 
> 
> On Mon, Aug 8, 2011 at 8:48 PM, Joe Hildebrand <joe.hildebrand@webex.com>
> wrote:
> Agree. Algorithm agility is a must, but large numbers of supported
> algorithms out of the gate are not. Having a small set of algorithms
> widely-implemented will increase interoperability drastically, particularly
> considering that in some of the target operating environments, we'll need to
> wait for people with adequate cryptographic skills to help.
> 
> I do really like the idea of splitting the MTI specification into a small
> separate draft, so that it can be rev'd easily as needed.
> 
> +1
> 
> And that way we can have two profiles (or more) to address different
> implementation situations.
> 
> Web Services implementation constraints are frequently asymmetric. There is
> one portion built on some all-singing/dancing platform like .NET or whatever
> and that talks to a thin client embedded in Jscript or a mobile device or
> what-have-you.
> 
> If we can avoid creating yet another crypto-registry (i.e. re-use the PEM or
> whatever algorithm registry) then all the spec needs to say is that X is the
> slot where the algorithm name goes and the MTI doc(s) specify how to get
> interoperability.
>  

-- 
Joe Hildebrand