Unsurprisingly, I still don’t think this is a very good idea, and I think the draft still needs a lot of work. The abstract and rest of the draft still mentions making *all* JOSE algorithm identifiers “fully-specified”, but the draft does no such thing: just changing EdDSA now (for JOSE). As this WGLC says, there was no support for “fully-specifying” ECDH algorithm identifiers, because it’s clearly a bad idea.
So the draft needs to be substantially rewritten to reflect what it is actually now proposing. It also, ironically, needs to flesh out what “fully-specified” means, because that description is very vague. (eg it seems key sizes do not need to be specified, but curves do, and it refers to KDFs and other things that are not in scope). Perhaps rewrite it as a more focused draft saying that *elliptic curve signature* algorithms should specify the curve specifically. I strongly disagree with deprecating “EdDSA” for JOSE, so IMO section 3.1.2 should be deleted. The entirety of section 3.3 should also be removed, or else substantially rewritten to reflect that the advice doesn’t apply to encryption algorithms. I would delete it. Section 6.1 is wrong, as has been pointed out already in this WG: numerous HSM restrict RSA key sizes they support. (Saying it’s not a problem in the wild because everything uses the same key sizes begs the question as to why the same reasoning doesn’t apply to EdDSA). Section 6.2 says it is not sure what to do, suggesting the draft isn’t ready for WGLC. The security considerations in section 7 are nonsense. How does an attacker get to “choose algorithms” with current EdDSA? Overall, this draft is still deeply confused and not anywhere near ready for publication. Regards, Neil > On 6 May 2024, at 06:31, Karen ODonoghue <[email protected]> wrote: > > JOSE working group members, > > This email initiates a three week working group last call on the following > document: > https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/ > > All open issues have been resolved. Additionally there does not appear to be > general support for including fully-specified ECDH algorithms. > https://mailarchive.ietf.org/arch/msg/jose/ZHDlXENvTwjlWxTVQQ2hkNBX4dw/ > > Please review the document and post any final comments along with your > recommendation on whether or not it is ready to proceed by the Monday 27 May. > > Thank you, > JOSE chairs > > _______________________________________________ > jose mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/jose
_______________________________________________ jose mailing list [email protected] https://www.ietf.org/mailman/listinfo/jose
