Thanks for your comments, John. My replies are inline, prefixed by “Mike>”.
-- Mike
From: John Mattsson <[email protected]>
Sent: Friday, September 13, 2024 12:30 AM
To: JOSE WG <[email protected]>; [email protected]
Cc: Neil Madden <[email protected]>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms
(Fully Specified Algorithms)
Hi,
As an individual, I agree with Neil’s comments.
https://mailarchive.ietf.org/arch/msg/jose/JSlZI6oeyYHXFkG2PgHbG4YzghA/
Mike> We have incorporated as many of Neil’s comments as possible, consistent
with also applying others’ feedback on the specification. See my response to
Neil.
I have also pointed out in a separate mail that the following sentence in not
true:
”This is not a problem in practice, because RSA libraries accommodate keys of
different sizes without having to use different code.”
In addition to limitations on key length nlen, it is not uncommon that RSA
implementations have limitations on the exponent e.
I have a hard time seeing why RSA domain parameters (nlen, e) and ECC domain
parameters (p, a, b, G, n, h) are treated completely differently. You can
definitely not expect RSA to work without considering the domain parameters in
the key.
Mike> We updated the RSA text, incorporating Neil’s and your refinements
reflecting the reality on the ground.
As Neil states:
“the definition of “fully-specified” that this draft proposed is arbitrary and
inconsistent”
This is a major problem as the draft formally updates the COSE and JOSE IANA
registries with
”Only fully-specified algorithm identifiers may be registered.”
I therefore do not think the document is ready to proceed in its current state.
Mike> We have removed the previous inadvertent contradictions in the encryption
discussion and significantly tightened the exposition with the intent to make
it clearer and more actionable.
Cheers,
John (as an individual)
From: Neil Madden <[email protected]<mailto:[email protected]>>
Date: Friday, 13 September 2024 at 08:20
To: Karen ODonoghue <[email protected]<mailto:[email protected]>>
Cc: JOSE WG <[email protected]<mailto:[email protected]>>,
[email protected]<mailto:[email protected]> <[email protected]<mailto:[email protected]>>
Subject: [jose] Re: 2nd WGLC for draft-ietf-jose-fully-specified-algorithms
(Fully Specified Algorithms)
As myself and Filip Skokan have pointed out, the wording of section 3.1
currently (I believe accidentally) outlaws all of the ECDH-ES encryption
algorithms, and any future KEM-based algorithms. So no, even if you support the
idea, the document is not ready.
— Neil
> On 12 Sep 2024, at 17:48, Karen ODonoghue
> <[email protected]<mailto:[email protected]>> wrote:
> JOSE and COSE working group members,
>
> This WGLC is currently scheduled to conclude on 13 September
> (tomorrow). I am not currently comfortable with the number and clarity
> of responses received. Please respond clearly indicating whether or
> not you think this document is ready to proceed (pending the comments
> raised in your response). To give you all a bit more time, I'm
> extending the WGLC one week to next Friday (20 September 2024).
>
> Please take a few minutes and review the updated draft!
>
> Thanks,
> Karen
>
> On Wed, Aug 21, 2024 at 11:10 AM Karen ODonoghue
> <[email protected]<mailto:[email protected]>> wrote:
>>
>> JOSE working group members,
>>
>> This email initiates a second working group last call for the Fully
>> Specified Algorithms document:
>> https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fdraft-ietf-jose-fully-specified-algorithms%2F&data=05%7C02%7Cjohn.mattsson%40ericsson.com%7Caed730693567405a8acf08dcd3bc2ca0%7C92e84cebfbfd47abbe52080c6b87953f%7C0%7C0%7C638618052367868814%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=UXGs%2Fm4hrVoHQo2ToGNDV0LhOgIV1OTqoZJ62NwlQJ0%3D&reserved=0<https://datatracker.ietf.org/doc/draft-ietf-jose-fully-specified-algorithms/>
>>
>> The authors have updated the draft based on WGLC comments and
>> discussions at IETF 120, and the chairs have polled the working group
>> about the readiness for WGLC. Seeing no opposition, we've decided to
>> proceed with a second WGLC.
>>
>> Please review the document in detail and reply to this message
>> (keeping the subject line intact) with your opinion on the readiness
>> of this document for publication and any additional comments that you
>> have.
>>
>> This will be a three week WGLC. Please submit your responses by 13
>> September 2024.
>>
>> Thank you,
>> Karen (for the JOSE WG chairs)
>
> _______________________________________________
> jose mailing list -- [email protected]<mailto:[email protected]>
> To unsubscribe send an email to
> [email protected]<mailto:[email protected]>
_______________________________________________
jose mailing list -- [email protected]<mailto:[email protected]>
To unsubscribe send an email to [email protected]<mailto:[email protected]>
_______________________________________________
jose mailing list -- [email protected]
To unsubscribe send an email to [email protected]
