draft-ietf-cose-webauthn-algorithms-03.txt   draft-ietf-cose-webauthn-algorithms-04.txt 
COSE Working Group M. Jones COSE Working Group M. Jones
Internet-Draft Microsoft Internet-Draft Microsoft
Intended status: Standards Track November 1, 2019 Intended status: Standards Track January 26, 2020
Expires: May 4, 2020 Expires: July 29, 2020
COSE and JOSE Registrations for WebAuthn Algorithms COSE and JOSE Registrations for WebAuthn Algorithms
draft-ietf-cose-webauthn-algorithms-03 draft-ietf-cose-webauthn-algorithms-04
Abstract Abstract
The W3C Web Authentication (WebAuthn) specification and the FIDO The W3C Web Authentication (WebAuthn) specification and the FIDO
Alliance Client to Authenticator Protocol (CTAP) specification use Alliance Client to Authenticator Protocol (CTAP) specification use
CBOR Object Signing and Encryption (COSE) algorithm identifiers. CBOR Object Signing and Encryption (COSE) algorithm identifiers.
This specification registers the following algorithms in the IANA This specification registers the following algorithms in the IANA
"COSE Algorithms" registry, which are used by WebAuthn and CTAP "COSE Algorithms" registry, which are used by WebAuthn and CTAP
implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512, implementations: RSASSA-PKCS1-v1_5 using SHA-256, SHA-384, SHA-512,
and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It and SHA-1, and ECDSA using the secp256k1 curve and SHA-256. It
skipping to change at page 1, line 42 skipping to change at page 1, line 42
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on May 4, 2020. This Internet-Draft will expire on July 29, 2020.
Copyright Notice Copyright Notice
Copyright (c) 2019 IETF Trust and the persons identified as the Copyright (c) 2020 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(https://trustee.ietf.org/license-info) in effect on the date of (https://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
skipping to change at page 2, line 28 skipping to change at page 2, line 28
1.1. Requirements Notation and Conventions . . . . . . . . . . 3 1.1. Requirements Notation and Conventions . . . . . . . . . . 3
2. RSASSA-PKCS1-v1_5 Signature Algorithm . . . . . . . . . . . . 3 2. RSASSA-PKCS1-v1_5 Signature Algorithm . . . . . . . . . . . . 3
3. Using secp256k1 with JOSE and COSE . . . . . . . . . . . . . 4 3. Using secp256k1 with JOSE and COSE . . . . . . . . . . . . . 4
3.1. JOSE and COSE secp256k1 Curve Key Representations . . . . 5 3.1. JOSE and COSE secp256k1 Curve Key Representations . . . . 5
3.2. ECDSA Signature with secp256k1 Curve . . . . . . . . . . 5 3.2. ECDSA Signature with secp256k1 Curve . . . . . . . . . . 5
3.3. Other Uses of the secp256k1 Elliptic Curve . . . . . . . 7 3.3. Other Uses of the secp256k1 Elliptic Curve . . . . . . . 7
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7 4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 7
4.1. COSE Algorithms Registrations . . . . . . . . . . . . . . 7 4.1. COSE Algorithms Registrations . . . . . . . . . . . . . . 7
4.2. COSE Elliptic Curves Registrations . . . . . . . . . . . 8 4.2. COSE Elliptic Curves Registrations . . . . . . . . . . . 8
4.3. JOSE Algorithms Registrations . . . . . . . . . . . . . . 8 4.3. JOSE Algorithms Registrations . . . . . . . . . . . . . . 8
4.4. JSON Web Key Elliptic Curves Registrations . . . . . . . 8 4.4. JSON Web Key Elliptic Curves Registrations . . . . . . . 9
5. Security Considerations . . . . . . . . . . . . . . . . . . . 9 5. Security Considerations . . . . . . . . . . . . . . . . . . . 9
5.1. RSA Key Size Security Considerations . . . . . . . . . . 9 5.1. RSA Key Size Security Considerations . . . . . . . . . . 9
5.2. RSASSA-PKCS1-v1_5 with SHA-2 Security Considerations . . 9 5.2. RSASSA-PKCS1-v1_5 with SHA-2 Security Considerations . . 9
5.3. RSASSA-PKCS1-v1_5 with SHA-1 Security Considerations . . 9 5.3. RSASSA-PKCS1-v1_5 with SHA-1 Security Considerations . . 9
5.4. secp256k1 Security Considerations . . . . . . . . . . . . 9 5.4. secp256k1 Security Considerations . . . . . . . . . . . . 9
6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 6. References . . . . . . . . . . . . . . . . . . . . . . . . . 10
6.1. Normative References . . . . . . . . . . . . . . . . . . 10 6.1. Normative References . . . . . . . . . . . . . . . . . . 10
6.2. Informative References . . . . . . . . . . . . . . . . . 11 6.2. Informative References . . . . . . . . . . . . . . . . . 11
Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12 Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . . 12
Document History . . . . . . . . . . . . . . . . . . . . . . . . 12 Document History . . . . . . . . . . . . . . . . . . . . . . . . 12
skipping to change at page 7, line 30 skipping to change at page 7, line 30
This specification defines how to use the secp256k1 curve for ECDSA This specification defines how to use the secp256k1 curve for ECDSA
signatures for both JOSE and COSE implementations. While in theory, signatures for both JOSE and COSE implementations. While in theory,
the curve could also be used for ECDH-ES key agreement, it is beyond the curve could also be used for ECDH-ES key agreement, it is beyond
the scope of this specification to state whether this is or is not the scope of this specification to state whether this is or is not
advisable. Thus, whether to recommend its use with ECDH-ES is left advisable. Thus, whether to recommend its use with ECDH-ES is left
for experts to decide in future specifications. for experts to decide in future specifications.
When used for ECDSA, the secp256k1 curve MUST be used only with the When used for ECDSA, the secp256k1 curve MUST be used only with the
"ES256K" algorithm identifier and not any others, including not with "ES256K" algorithm identifier and not any others, including not with
"ES256". the COSE "ES256" identifier. Note that the "ES256K" algorithm
identifier needed to be introduced for JOSE to sign with the
secp256k1 curve because the JOSE "ES256" algorithm is defined to be
used only with the P-256 curve. The COSE treatment of how to sign
with secp256k1 is intentionally parallel to that for JOSE, where the
secp256k1 curve MUST be used with the "ES256K" algorithm identifier.
4. IANA Considerations 4. IANA Considerations
4.1. COSE Algorithms Registrations 4.1. COSE Algorithms Registrations
This section registers the following values in the IANA "COSE This section registers the following values in the IANA "COSE
Algorithms" registry [IANA.COSE.Algorithms]. Algorithms" registry [IANA.COSE.Algorithms].
o Name: RS256 o Name: RS256
o Value: TBD (temporary assignment -257 already in place) o Value: TBD (temporary assignment -257 already in place)
skipping to change at page 12, line 41 skipping to change at page 12, line 41
Thanks to Stephen Farrell, John Fontana, Jeff Hodges, Kevin Jacobs, Thanks to Stephen Farrell, John Fontana, Jeff Hodges, Kevin Jacobs,
J.C. Jones, Benjamin Kaduk, Neil Madden, John Mattsson, Tony J.C. Jones, Benjamin Kaduk, Neil Madden, John Mattsson, Tony
Nadalin, Matt Palmer, Jim Schaad, Goeran Selander, Wendy Seltzer, Nadalin, Matt Palmer, Jim Schaad, Goeran Selander, Wendy Seltzer,
Sean Turner, and Samuel Weiler for their roles in registering these Sean Turner, and Samuel Weiler for their roles in registering these
algorithm identifiers. algorithm identifiers.
Document History Document History
[[ to be removed by the RFC Editor before publication as an RFC ]] [[ to be removed by the RFC Editor before publication as an RFC ]]
-04
o Added explanatory comments on design decisions made that were
discussed on the mailing list that Jim Schaad requested be added
to the draft.
-03 -03
o Addressed review of -02 by Jim Schaad. o Addressed review of -02 by Jim Schaad.
-02 -02
o Addressed working group last call comments. Thanks to J.C. o Addressed working group last call comments. Thanks to J.C.
Jones, Kevin Jacobs, Jim Schaad, Neil Madden, and Benjamin Kaduk Jones, Kevin Jacobs, Jim Schaad, Neil Madden, and Benjamin Kaduk
for their useful feedback. for their useful feedback.
-01 -01
o Changed the JOSE curve identifier from "P-256K" to "secp256k1". o Changed the JOSE curve identifier from "P-256K" to "secp256k1".
o Specified that secp256k1 signing is done using the SHA-256 hash o Specified that secp256k1 signing is done using the SHA-256 hash
function. function.
-00 -00
o Created the initial working group draft from draft-jones-cose- o Created the initial working group draft from draft-jones-cose-
additional-algorithms-00, changing only the title, date, and additional-algorithms-00, changing only the title, date, and
history entry. history entry.
 End of changes. 9 change blocks. 
8 lines changed or deleted 19 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/