> On Jun 23, 2021, at 9:42 AM, Mike Jones 
> <[email protected]> wrote:
> 
> The WebAuthn and FIDO2 working group members had thought that the COSE 
> algorithm semantics were the same as those for JOSE, where algorithm 
> identifiers are not polymorphic.  They were wrong, but that's water under the 
> bridge now.  The FIDO/WebAuthn usage of the algorithm identifiers requires 
> that the identifiers used unambiguously specify all algorithm parameters.  
> (Note that FIDO/WebAuthn does not use COSE signatures - only COSE algorithm 
> identifiers.)  They have done what they needed to do to remove the 
> ambiguities arising in practice from use of polymorphic algorithm identifiers 
> for their use cases.
> 
> Note that by the time that we registered the ES256K algorithm for signing 
> with the secp256k1 curve in RFC 8812, we were aware of the problem and 
> intentionally made ES256K non-polymorphic - both for JOSE and for COSE.
> 
> I believe that we should create a policy requiring that all future algorithm 
> registrations should be non-polymorphic.  Furthermore, I believe we should 
> consider defining and registering new non-polymorphic algorithm identifiers 
> so that use of the existing polymorphic algorithm identifiers can be avoided 
> and deprecated.

This seems good to me.

Going a bit further, the binding to a particular hash function seems important 
too. Aside from the security reasons, it makes means that an algorithm ID 
always selects a function that takes an arbitrary number of unstructured bytes 
to be signed/verified which makes implementation of crypto APIs cleaner and 
reduces code size.

It also seems more convenient in protocols like FIDO. You only need to carry a 
single integer around. My recollection of ASN.1 is that the structure of an 
algorithm specifier varies by algorithm which makes writing code for it more 
complex. You have to decode a structure that specifies a hash rather than just 
switch on an integer.

LL



_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose

Reply via email to