Hi, As an individual, I agree with Neil’s comments. https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/
I have also pointed out in a separate mail that the following sentence in not true: ”This is not a problem in practice, because RSA libraries accommodate keys of different sizes without having to use different code.” In addition to limitations on key length nlen, it is not uncommon that RSA implementations have limitations on the exponent e. I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain parameters (p, a, b, G, n, h) are treated completely differently. You can definitely not expect RSA to work without considering the domain parameters in the key. As Neil states: “the definition of “fully-specified” that this draft proposed is arbitrary and inconsistent” This is a major problem as the draft formally updates the COSE and JOSE IANA registries with ”Only fully-specified algorithm identifiers may be registered.” I therefore do not think the document is ready to proceed in its current state. Cheers, John (as an individual) From: Neil Madden <[email protected]> Date: Friday, 13 September 2024 at 08:20 To: Karen ODonoghue <[email protected]> Cc: JOSE WG <[email protected]>, [email protected] <[email protected]> Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms (Fully Specified Algorithms) As myself and Filip Skokan have pointed out, the wording of section 3.1 currently (I believe accidentally) outlaws all of the ECDH-ES encryption algorithms, and any future KEM-based algorithms. So no, even if you support the idea, the document is not ready. — Neil > On 12 Sep 2024, at 17:48, Karen ODonoghue <[email protected]> wrote: > JOSE and COSE working group members, > > This WGLC is currently scheduled to conclude on 13 September > (tomorrow). I am not currently comfortable with the number and clarity > of responses received. Please respond clearly indicating whether or > not you think this document is ready to proceed (pending the comments > raised in your response). To give you all a bit more time, I'm > extending the WGLC one week to next Friday (20 September 2024). > > Please take a few minutes and review the updated draft! > > Thanks, > Karen > > On Wed, Aug 21, 2024 at 11:10 AM Karen ODonoghue <[email protected]> wrote: >> >> JOSE working group members, >> >> This email initiates a second working group last call for the Fully >> Specified Algorithms document: >> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Caed730693567405a8acf08dcd3bc2ca0%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638618052367868814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=UXGs%2Fm4hrVoHQo2ToGNDV0LhOgIV1OTqoZJ62NwlQJ0%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/> >> >> The authors have updated the draft based on WGLC comments and >> discussions at IETF 120, and the chairs have polled the working group >> about the readiness for WGLC. Seeing no opposition, we've decided to >> proceed with a second WGLC. >> >> Please review the document in detail and reply to this message >> (keeping the subject line intact) with your opinion on the readiness >> of this document for publication and any additional comments that you >> have. >> >> This will be a three week WGLC. Please submit your responses by 13 >> September 2024. >> >> Thank you, >> Karen (for the JOSE WG chairs) > > _______________________________________________ > jose mailing list -- [email protected] > To unsubscribe send an email to [email protected] _______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
_______________________________________________ jose mailing list -- [email protected] To unsubscribe send an email to [email protected]
