| < draft-ietf-jose-cfrg-curves-05.txt | draft-ietf-jose-cfrg-curves-06.txt > | |||
|---|---|---|---|---|
| Network Working Group I. Liusvaara | Network Working Group I. Liusvaara | |||
| Internet-Draft Independent | Internet-Draft Independent | |||
| Intended status: Standards Track July 8, 2016 | Intended status: Standards Track August 18, 2016 | |||
| Expires: January 9, 2017 | Expires: February 19, 2017 | |||
| CFRG ECDH and signatures in JOSE | CFRG ECDH and signatures in JOSE | |||
| draft-ietf-jose-cfrg-curves-05 | draft-ietf-jose-cfrg-curves-06 | |||
| Abstract | Abstract | |||
| This document defines how to use the Diffie-Hellman algorithms | This document defines how to use the Diffie-Hellman algorithms | |||
| "X25519" and "X448" as well as the signature algorithms "Ed25519" and | "X25519" and "X448" as well as the signature algorithms "Ed25519" and | |||
| "Ed448" from the IRTF CFRG elliptic curves work in JOSE. | "Ed448" from the IRTF CFRG elliptic curves work in JOSE. | |||
| Status of This Memo | Status of This Memo | |||
| This Internet-Draft is submitted in full conformance with the | This Internet-Draft is submitted in full conformance with the | |||
| skipping to change at page 1, line 32 ¶ | skipping to change at page 1, line 32 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at http://datatracker.ietf.org/drafts/current/. | Drafts is at http://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on January 9, 2017. | This Internet-Draft will expire on February 19, 2017. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2016 IETF Trust and the persons identified as the | Copyright (c) 2016 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (http://trustee.ietf.org/license-info) in effect on the date of | (http://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 10 ¶ | skipping to change at page 2, line 10 ¶ | |||
| to this document. Code Components extracted from this document must | to this document. Code Components extracted from this document must | |||
| include Simplified BSD License text as described in Section 4.e of | include Simplified BSD License text as described in Section 4.e of | |||
| the Trust Legal Provisions and are provided without warranty as | the Trust Legal Provisions and are provided without warranty as | |||
| described in the Simplified BSD License. | described in the Simplified BSD License. | |||
| Table of Contents | Table of Contents | |||
| 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 | |||
| 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. Key type "OKP" . . . . . . . . . . . . . . . . . . . . . . . 3 | 2. Key type "OKP" . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3. Algorithms . . . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 3.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 4 | 3.1. Signatures . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1.1. Signing . . . . . . . . . . . . . . . . . . . . . . . 4 | 3.1.1. Signing . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.1.2. Verification . . . . . . . . . . . . . . . . . . . . 4 | 3.1.2. Verification . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.2. ECDH-ES . . . . . . . . . . . . . . . . . . . . . . . . . 4 | 3.2. ECDH-ES . . . . . . . . . . . . . . . . . . . . . . . . . 4 | |||
| 3.2.1. Performing the ECDH Operation . . . . . . . . . . . . 5 | 3.2.1. Performing the ECDH Operation . . . . . . . . . . . . 5 | |||
| 4. Security considerations . . . . . . . . . . . . . . . . . . . 5 | 4. Security considerations . . . . . . . . . . . . . . . . . . . 5 | |||
| 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 6 | 6. IANA considerations . . . . . . . . . . . . . . . . . . . . . 6 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 7 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 7 | |||
| skipping to change at page 2, line 38 ¶ | skipping to change at page 2, line 38 ¶ | |||
| A.6. ECDH-ES with X25519 . . . . . . . . . . . . . . . . . . . 11 | A.6. ECDH-ES with X25519 . . . . . . . . . . . . . . . . . . . 11 | |||
| A.7. ECDH-ES with X448 . . . . . . . . . . . . . . . . . . . . 12 | A.7. ECDH-ES with X448 . . . . . . . . . . . . . . . . . . . . 12 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 13 | |||
| 1. Introduction | 1. Introduction | |||
| Internet Research Task Force (IRTF) Crypto Forum Research Group | Internet Research Task Force (IRTF) Crypto Forum Research Group | |||
| (CFRG) selected new Diffie-Hellman algorithms ("X25519" and "X448"; | (CFRG) selected new Diffie-Hellman algorithms ("X25519" and "X448"; | |||
| [RFC7748]) and signature algorithms ("Ed25519" and "Ed448"; | [RFC7748]) and signature algorithms ("Ed25519" and "Ed448"; | |||
| [I-D.irtf-cfrg-eddsa]) for asymmetric key cryptography. This | [I-D.irtf-cfrg-eddsa]) for asymmetric key cryptography. This | |||
| document defines how those algorithms are to be used in JOSE in | document defines how to use those algorithms in JOSE in interoperable | |||
| interoperable manner. | manner. | |||
| This document defines the conventions to be used in the context of | This document defines the conventions to use in the context of | |||
| [RFC7515], [RFC7516], and [RFC7517]. | [RFC7515], [RFC7516], and [RFC7517]. | |||
| While the CFRG also defined two pairs of isogenous elliptic curves | While the CFRG also defined two pairs of isogenous elliptic curves | |||
| that underlie these algorithms, these curves are not directly | that underlie these algorithms, these curves are not directly | |||
| exposed, as the algorithms laid on top are sufficient for the | exposed, as the algorithms laid on top are sufficient for the | |||
| purposes of JOSE and are much easier to use. (Trying to apply ECDSA | purposes of JOSE and are much easier to use. | |||
| to those curves leads to nasty corner-cases and produces odd | ||||
| results.) | All inputs to and outputs from the ECDH and signature functions are | |||
| All inputs to and outputs from the the ECDH and signature functions | defined to be octet strings, with the exception of outputs of | |||
| are defined to be octet strings, with the exception of outputs of | ||||
| verification functions, which are booleans. | verification functions, which are booleans. | |||
| 1.1. Terminology | 1.1. Terminology | |||
| The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", | |||
| "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this | |||
| document are to be interpreted as described in [RFC2119]. | document are to be interpreted as described in [RFC2119]. | |||
| "JWS Signing Input" and "JWS Signature" are defined by [RFC7515]. | "JWS Signing Input" and "JWS Signature" are defined by [RFC7515]. | |||
| skipping to change at page 8, line 27 ¶ | skipping to change at page 8, line 27 ¶ | |||
| [RFC7638] Jones, M. and N. Sakimura, "JSON Web Key (JWK) | [RFC7638] Jones, M. and N. Sakimura, "JSON Web Key (JWK) | |||
| Thumbprint", RFC 7638, DOI 10.17487/RFC7638, September | Thumbprint", RFC 7638, DOI 10.17487/RFC7638, September | |||
| 2015, <http://www.rfc-editor.org/info/rfc7638>. | 2015, <http://www.rfc-editor.org/info/rfc7638>. | |||
| [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves | [RFC7748] Langley, A., Hamburg, M., and S. Turner, "Elliptic Curves | |||
| for Security", RFC 7748, DOI 10.17487/RFC7748, January | for Security", RFC 7748, DOI 10.17487/RFC7748, January | |||
| 2016, <http://www.rfc-editor.org/info/rfc7748>. | 2016, <http://www.rfc-editor.org/info/rfc7748>. | |||
| [I-D.irtf-cfrg-eddsa] | [I-D.irtf-cfrg-eddsa] | |||
| Josefsson, S. and I. Liusvaara, "Edwards-curve Digital | Josefsson, S. and I. Liusvaara, "Edwards-curve Digital | |||
| Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-05 | Signature Algorithm (EdDSA)", draft-irtf-cfrg-eddsa-06 | |||
| (work in progress), March 2016. | (work in progress), August 2016. | |||
| 7.2. Informative References | 7.2. Informative References | |||
| [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | [RFC7516] Jones, M. and J. Hildebrand, "JSON Web Encryption (JWE)", | |||
| RFC 7516, DOI 10.17487/RFC7516, May 2015, | RFC 7516, DOI 10.17487/RFC7516, May 2015, | |||
| <http://www.rfc-editor.org/info/rfc7516>. | <http://www.rfc-editor.org/info/rfc7516>. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| To the extent possible, the examples use material taken from test | To the extent possible, the examples use material taken from test | |||
| End of changes. 8 change blocks. | ||||
| 15 lines changed or deleted | 14 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||