[Adding Giri, since he=
expressed interest in these registrations]
From: Jim Schaad <ietf@augustcellars.com&g=
t;
Sent: Friday, June 29, 2018 3:07 PM
To: 'Rolf Lindemann' <rlindemann@noknok.com>; rolf@noknok.com;=
jose-reg-review@ietf.org
Cc: jca@zurich.ibm.com; Mike Jones <Michael.Jones@microsoft.com&g=
t;; 'Hodges, Jeff' <jeff.hodges@paypal.com>
Subject: RE: [Jose-reg-review] Request to register JOSE algorithms f=
or the FIDO Alliance
From: Rolf Lindemann <rlindemann@noknok.com>
Sent: Thursday, June 28, 2018 11:45 AM
To: 'Jim Schaad' <ietf@=
augustcellars.com>;
rolf@noknok.com;
jose-reg-review@ietf.org
Cc: jca@zurich.ibm.com;
mbj@microsoft.com; 'Hodges, Jeff' <jeff.hodges@paypal.com>
Subject: AW: [Jose-reg-review] Request to register JOSE algorithms f=
or the FIDO Alliance
Hi Jim,
Regarding your first q=
uestion:
> One of the=
things that I would like to see would be the definition of a key structure=
as well.
I guess you are referr=
ing to the structure of the public keys (only). Is that correct?
In the referenced docu=
ment (i.e.
https://fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v=
2.0-id-20180227.html#object-encodings), we define algorithms to encode =
the keys (e.g. ECPoint2ToB, ECPointToB). The ECDAA issuer public keys=
consist of two values (typically denoted
as X and Y) both of type ECPoint2 and hence would be serialized/encoded ac=
cording to the definition of ECPoint2ToB.
Is this what you are l=
ooking for?
[JLS] I am looking for a JOSE key structure which wo=
uld require defining a couple of things. While I realize that you don=
’t need it, it might also be useful to have the private key fields de=
fined as well for the purposes of doing things
like writing test cases such I have at
https://github.com/jimsch/Examples.git You might have a good case for n=
ot needing one, but I would like to here what it is in that case.
Regarding your second =
question:
> I would li=
ke to verify that there is a requirement that the key size and hash size ar=
e combined together as a fixed pair and not uncoupled as done with the ECDS=
A algorithms where any sized key structure
can be used with a specific hash and applications can be further restricti=
ons as necessary. If this is not the case, should the key set be made=
explicit rather than implicit in the algorithm name?
Yes, hash algorithm an=
d signature algorithm are paired. So we specify the following:
[JLS] Reading my last sentence, I see that I got my =
text backwards. Should the Curve be part of the name rather than impl=
icit so that there would be no mistakes. The use of ED256-2 seems to =
be an odd name that does not necessarily provide
good information.
Jim
Kind regards,
Rolf
Sorry about the delay, I got pulled into some other =
work and forgot that I had not sent a message.
One of the things that I would like to see would be =
the definition of a key structure as well. I don’t believe that=
you can use any of the current ones based on how things work. Think =
about people who would use this algorithm in other
protocols and need to transfer the root of trust as well.
I would like to verify that there is a requirement t=
hat the key size and hash size are combined together as a fixed pair and no=
t uncoupled as done with the ECDSA algorithms where any sized key structure=
can be used with a specific hash
and applications can be further restrictions as necessary. If this i=
s not the case, should the key set be made explicit rather than implicit in=
the algorithm name?
From: Rolf Lindemann <rlindemann@noknok.com>
Sent: Friday, June 1, 2018 2:45 PM
To: 'Jim Schaad' <ietf@=
augustcellars.com>;
rolf@noknok.com;
jose-reg-review@ietf.org
Cc: jca@zurich.ibm.com;
mbj@microsoft.com; 'Hodges, Jeff' <jeff.hodges@paypal.com>
Subject: AW: [Jose-reg-review] Request to register JOSE algorithms f=
or the FIDO Alliance
Please see
https://eprint.iacr.org/2015/1246 for that.
That is the reference =
included in the IANA considerations section of the document (see
https://fidoalliance.org/specs/fido-=
v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#iana-considerat=
ions)
Are there any crypto analysis papers that I can peru=
se in case I am interested?
From: Jose-reg-review <jose-reg-review-bounces@ietf.org>
On Behalf Of Rolf Lindemann
Sent: Friday, June 1, 2018 10:31 AM
To: jose-reg-review@ietf=
.org
Cc: jca@zurich.ibm.com;
mbj@microsoft.com; 'Hodges, Jeff' <jeff.hodges@paypal.com>
Subject: [Jose-reg-review] Request to register JOSE algorithms for t=
he FIDO Alliance
Hi,
The FIDO Alliance would like to register the foll=
owing algorithms in the IANA “JSON Web Signature and Encryption Algor=
ithms” registry:
1. "ED256", see
https://fidoalliance.=
org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#=
iana-considerations
2. "ED512", see
https://fidoalliance.=
org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#=
iana-considerations
3. "ED638", see
https://fidoalliance.=
org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#=
iana-considerations
4. "ED256-2",
- Name "ED256-2"=
;
- Algorithm Description: ECDAA=
algorithm based on ECC_BN_DSD_P256 (https://=
fidoalliance.org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-2=
0180227.html#bib-DevScoDah2007)
curve using SHA256 algorithm.
- Algorithm Usage Locations: &=
quot;alg", i.e. used with JWS.
- JOSE Implementation Requirem=
ents: optional
- Change Controller: FIDO Alli=
ance,
https://fidoalliance.=
org/contact/
- Sections 3. FIDO ECDAA =
Attestation (https://fidoalliance.org/sp=
ecs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#fido-e=
cdaa-attestation)
and 4. FIDO ECDAA Object Formats and Algorithm Details (https://fidoalliance.org/specs/f=
ido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#fido-ecdaa-=
object-formats-and-algorithm-details)
of [FIDOEcdaaAlgorithm].
- Algorithm Analysis Document(=
s):
https://fidoalliance.=
org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#=
bib-FIDO-DAA-Security-Proof
(“ED256-2” should have also been in t=
he IANA Considerations section but isn’t due to a clerical error.)
These names are related to cryptographic algorith=
ms for Direct Anonymous Attestation. The relevant details are describ=
ed in
https://fidoalliance.=
org/specs/fido-v2.0-id-20180227/fido-ecdaa-algorithm-v2.0-id-20180227.html#=
iana-considerations.
The algorithms were developed by Jan Camenisch of=
IBM (cc’ed) – a cryptographic expert. They are in produc=
tion use in FIDO deployments.
Kind regards,
Rolf Lindemann