On 2021-06-23 22:59, John Mattsson wrote:
Except helping FIDO/WebAuthn, what concrete benefits do you want to achieve by
duplicating the public key parameters in the signature algorithm?
One very obvious problem is that cryptographic APIs do not understand what
"EdDSA" is.
If you look into Jim's reference code for COSE it becomes clear that
polymorphic algorithms introduce considerable fuzz.
In PKIX Ed25519 was dealt with as a concrete signature algorithm.
Anders
Furthermore, I
> believe we should consider defining and registering new non-polymorphic
> algorithm identifiers so that use of the existing polymorphic algorithm
> identifiers can be avoided and deprecated.
That seems a bit extreme unless it has _/very/_ strong benefits also for
non-FIDO use cases.
Maybe the solution is to create a new parallel registry for FIDO/WebAuthn.
FYI, the same topic was discussed in January:
https://mailarchive.ietf.org/arch/msg/cose/4PIPilQY8a985StsFeft0No0-YI/
<https://mailarchive.ietf.org/arch/msg/cose/4PIPilQY8a985StsFeft0No0-YI/>
But then there are exceptions, like ES256K [2] which bundles
signature algorithm, hash function and elliptic curve.
I view that a past mistake.
*From: *COSE <[email protected]> on behalf of Michael Richardson
<[email protected]>
*Date: *Wednesday, 23 June 2021 at 22:10
*To: *Mike Jones <[email protected]>,
[email protected] <[email protected]>, [email protected]
<[email protected]>
*Subject: *Re: [COSE] FIDO/WebAuthn redefined the COSE EdDSA (-8) algorithm
Mike Jones <[email protected]> wrote:
> The WebAuthn and FIDO2 working group members had thought that the COSE
> algorithm semantics were the same as those for JOSE, where algorithm
> identifiers are not polymorphic. They were wrong, but that's water
> under the bridge now. The FIDO/WebAuthn usage of the algorithm
> identifiers requires that the identifiers used unambiguously specify
> all algorithm parameters. (Note that FIDO/WebAuthn does not use COSE
> signatures - only COSE algorithm identifiers.) They have done what
It seems like maybe this is the origin of the problem?
Since they only use the identifiers, maybe it's really just WebAuthn's problem?
> Note that by the time that we registered the ES256K algorithm for
> signing with the secp256k1 curve in RFC 8812, we were aware of the
> problem and intentionally made ES256K non-polymorphic - both for JOSE
> and for COSE.
okay.
> I believe that we should create a policy requiring that all future
> algorithm registrations should be non-polymorphic. Furthermore, I
> believe we should consider defining and registering new non-polymorphic
> algorithm identifiers so that use of the existing polymorphic algorithm
> identifiers can be avoided and deprecated.
I don't feel strongly here.
If going that way would surprise fewer people, then okay.
--
] Never tell me the odds! | ipv6 mesh networks [
] Michael Richardson, Sandelman Software Works | network architect [
] [email protected]
https://protect2.fireeye.com/v1/url?k=98cb4a21-c7507324-98cb0aba-86d2114eab2f-45986f7a09c7f771&q=1&e=a8ba51b3-e454-4bba-8745-ba9b3ea383f0&u=http%3A%2F%2Fwww.sandelman.ca%2F
<https://protect2.fireeye.com/v1/url?k=98cb4a21-c7507324-98cb0aba-86d2114eab2f-45986f7a09c7f771&q=1&e=a8ba51b3-e454-4bba-8745-ba9b3ea383f0&u=http%3A%2F%2Fwww.sandelman.ca%2F>
| ruby on rails [
_______________________________________________
COSE mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/cose
