Hi John,
As I just replied to Neil, we will certainly address these inconsistencies in
the next draft. I appreciate people giving the draft a detailed read and
pointing out things that need to be corrected.
Cheers,
-- Mike
From: John Mattsson <[email protected]>
Sent: Friday, September 13, 2024 12:30 AM
To: JOSE WG <[email protected]>; [email protected]
Cc: Neil Madden <[email protected]>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms
(Fully Specified Algorithms)
Hi,
As an individual, I agree with Neil’s comments.
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/
I have also pointed out in a separate mail that the following sentence in not
true:
”This is not a problem in practice, because RSA libraries accommodate keys of
different sizes without having to use different code.”
In addition to limitations on key length nlen, it is not uncommon that RSA
implementations have limitations on the exponent e.
I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain
parameters (p, a, b, G, n, h) are treated completely differently. You can
definitely not expect RSA to work without considering the domain parameters in
the key.
As Neil states:
“the definition of “fully-specified” that this draft proposed is arbitrary and
inconsistent”
This is a major problem as the draft formally updates the COSE and JOSE IANA
registries with
”Only fully-specified algorithm identifiers may be registered.”
I therefore do not think the document is ready to proceed in its current state.
Cheers,
John (as an individual)
From: Neil Madden <[email protected]<mailto:[email protected]>>
Date: Friday, 13 September 2024 at 08:20
To: Karen ODonoghue <[email protected]<mailto:[email protected]>>
Cc: JOSE WG <[email protected]<mailto:[email protected]>>,
[email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms
(Fully Specified Algorithms)
As myself and Filip Skokan have pointed out, the wording of section 3.1
currently (I believe accidentally) outlaws all of the ECDH-ES encryption
algorithms, and any future KEM-based algorithms. So no, even if you support the
idea, the document is not ready.
— Neil
> On 12 Sep 2024, at 17:48, Karen ODonoghue
> <[email protected]<mailto:[email protected]>> wrote:
> JOSE and COSE working group members,
>
> This WGLC is currently scheduled to conclude on 13 September
> (tomorrow). I am not currently comfortable with the number and clarity
> of responses received. Please respond clearly indicating whether or
> not you think this document is ready to proceed (pending the comments
> raised in your response). To give you all a bit more time, I'm
> extending the WGLC one week to next Friday (20 September 2024).
>
> Please take a few minutes and review the updated draft!
>
> Thanks,
> Karen
>
> On Wed, Aug 21, 2024 at 11:10 AM Karen ODonoghue
> <[email protected]<mailto:[email protected]>> wrote:
>>
>> JOSE working group members,
>>
>> This email initiates a second working group last call for the Fully
>> Specified Algorithms document:
>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Caed730693567405a8acf08dcd3bc2ca0%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638618052367868814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=UXGs%2Fm4hrVoHQo2ToGNDV0LhOgIV1OTqoZJ62NwlQJ0%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/>
>>
>> The authors have updated the draft based on WGLC comments and
>> discussions at IETF 120, and the chairs have polled the working group
>> about the readiness for WGLC. Seeing no opposition, we've decided to
>> proceed with a second WGLC.
>>
>> Please review the document in detail and reply to this message
>> (keeping the subject line intact) with your opinion on the readiness
>> of this document for publication and any additional comments that you
>> have.
>>
>> This will be a three week WGLC. Please submit your responses by 13
>> September 2024.
>>
>> Thank you,
>> Karen (for the JOSE WG chairs)
>
> _______________________________________________
> jose mailing list -- [email protected]<mailto:[email protected]>
> To unsubscribe send an email to
> [email protected]<mailto:[email protected]>
_______________________________________________
jose mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
