Hi Mike, The request was to add SHA2 support, not to get rid of SHA1 support. You have a community of users (XMPP) that are supposed to be able to use JOSE and have a stated preference for SHA2, I think that is argument enough.
The other argument I just provided for supporting SHA2 is that eventually, you will no longer need to support SHA1 algorithms once SHA2 is widely used/deployed. On Tue, May 27, 2014 at 11:41 AM, Mike Jones <[email protected]> wrote: > The problem with migrating away from SHA1-based thumbprints is that to do so, > the underlying development platforms used to build JOSE implementations would > also need to do so for the migration at the JOSE level to be useful. In > particular, as Nat pointed out, "x5t" was added to the JOSE specs in the > first place because Windows enables key lookup in the Windows key store using > the SHA-1 thumbprint. > > While I'm sensitive to the fact that I'm using Windows as a motivating use > case and I'm a Microsoft employee (so you can discount my remarks relative to > this as you see fit), in practice, you can't look up a key in Windows using > any thumbprint value but the SHA-1 thumbprint. Unless that changes, I doubt > that any migration away from SHA-1 thumbprints will be practical, at least > when using keys in stored in the Windows key store. I believe the same is > currently also true of OpenSSL. > > -- Mike > > -----Original Message----- > From: jose [mailto:[email protected]] On Behalf Of Kathleen Moriarty > Sent: Tuesday, May 27, 2014 8:28 AM > To: Matt Miller > Cc: [email protected] > Subject: Re: [jose] JWS Review, SHA 256 thumbprints - was - AD review of > draft-ietf-jose-json-web-algorithms > > Thanks for the quick reply. Another argument would be for the ability to > drop SHA1 support eventually. If you move to all SHA2, there is no need to > support the SHA1 code anymore. > > On Tue, May 27, 2014 at 11:00 AM, Matt Miller <[email protected]> wrote: >> -----BEGIN PGP SIGNED MESSAGE----- >> Hash: SHA512 >> >> /me dons "XMPP Expert" Hat >> >> There is some desire to use SHA2 but no strong requirement. As far as >> algorithm requirements go, look to [XMPP-TLS], [XEP-0300], and >> [XEP-0320] for the results of the community's more current discussions. >> >> >> - -- >> - - m&m >> >> Matt Miller < [email protected] > >> Cisco Systems, Inc. >> >> [XMPP-TLS] Use of Transport Layer Security (TLS) in the Extensible >> Messaging and Presence Protocol (XMPP) < >> http://tools.ietf.org/html/draft-ietf-uta-xmpp-00 > [XEP-0300] Use of >> Cryptographic Hash Functions in XMPP < >> http://xmpp.org/extensions/xep-0300.html > [XEP-0320] Use of DTLS-SRTP >> in Jingle Sessions < http://xmpp.org/extensions/xep-0320.html > >> >> On 5/27/14, 8:42 AM, Kathleen Moriarty wrote: >>> The reviews got a little confused with the responses for SHA1 and >>> SHA2 thumbprints. A couple of people responded supporting Mike's >>> assertion, but I have had others tell me directly, SHA2 would be >>> good. >>> >>> Is there a need to support this for the XMPP community, since they >>> set to SHA256 as a default for certificate fingerprints: >>> http://xmpp.org/extensions/xep-0189.html >>> >>> Thanks, Kathleen >>> >>> On Wed, May 21, 2014 at 9:51 PM, Nat Sakimura <[email protected]> >>> wrote: >>>> ditto here. >>>> >>>> The primary reason for having thumbprint was for finding keys in the >>>> Windows crypto API. Security property must not depend on it. >>>> If it wants to deal with authentication, it should use the keys, >>>> IMHO. >>>> >>>> >>>> 2014-05-22 3:10 GMT+09:00 John Bradley <[email protected]>: >>>>> >>>>> I agree with Mike, many key stores use SHA1 thumbprints. I >>>>> don't know of any security consideration that makes SHA2 >>>>> thumbprints better in any practical way. >>>>> >>>>> I don't think that adding SHA 2 thumbprints is something that we >>>>> need to do now. >>>>> >>>>> John B. >>>>> >>>>> On May 1, 2014, at 1:46 PM, Kathleen Moriarty >>>>> <[email protected]> wrote: >>>>> >>>>>>> >>>>>>> Mike> Per your JWS comment, SHA-1 thumbprints are widely >>>>>>> deployed. I’m aware of no SHA-256 certificate thumbprint >>>>>>> deployments. I’ll note that even if SHA-1 were completely >>>>>>> broken, that wouldn’t be a security issue because it’s just being >>>>>>> used to generate a digest of publicly available certificate >>>>>>> information. It’s not being used to cryptographically obscure >>>>>>> anything. (But that’s actually a discussion for another draft. J) >>>>>>> >>>>>> >>>>>> This is in place for the XML equivalents and should be possible >>>>>> for JSON. I used this at least 2 years ago in the XML Oxygen >>>>>> editor. I believe this has been brought up before in terms of >>>>>> JSON, so I am not the first. But it is another draft... I'd like >>>>>> to get through these all soon :-) >>>>> >>>>> >>>>> _______________________________________________ jose mailing list >>>>> [email protected] https://www.ietf.org/mailman/listinfo/jose >>>>> >>>> >>>> >>>> >>>> -- Nat Sakimura (=nat) Chairman, OpenID Foundation >>>> http://nat.sakimura.org/ @_nat_en >>> >>> >>> >> >> -----BEGIN PGP SIGNATURE----- >> Version: GnuPG/MacGPG2 v2.0.22 (Darwin) >> Comment: GPGTools - https://gpgtools.org >> Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ >> >> iQEcBAEBCgAGBQJThKiWAAoJEDWi+S0W7cO1RT0H/115y7u4qLZbWNTC23/dZhNa >> cvH47z2l+cL5KEEKLCFlx3NNgDFYZMabZc9NfTnHYxs0oRw8HQ48B5UubDp/wOgL >> E35wM4k7+Qsdl+UuiQR86Xu6JRc/9NW8ov4dTSk80TN64AltEtvjyFCO1cN9Zs89 >> 6x/LBtgxrvjhsze4R+LnwWnm/+lXswME01wK8mZTCl0tY753Ca8FtRoAeLb51f4S >> YwGolRZ8bSRv5waZhupxV/crMeWUFbEsSKQePqrnH7R0O6EzKEI8qZuYc1BsoQ1a >> EyhHkeElAmJ71qfvBRzLMM6xTA+AGGVtmQG5msm2ETyTiJ4b1ASfG5EHXU1KYVE= >> =bDGF >> -----END PGP SIGNATURE----- > > > > -- > > Best regards, > Kathleen > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose -- Best regards, Kathleen _______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
