Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread John Bradley
I lean towards letting new certificate thumbprints be defined someplace else. With SHA256, it is really second preimage resistance that we care about for a certificate thumbprint, rather than simple collision resistance. MD5 failed quite badly with chosen prefix collision attacks against certific

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread Mike Jones
I agree that this specification should not define new certificate thumbprint methods. They can always be registered by other specifications if needed in the future. -- Mike From: OAuth On Behalf Of John Bradley Sent: Monday, April 30, 201

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread Neil Madden
Hi John, > On 30 Apr 2018, at 15:07, John Bradley wrote: > > I lean towards letting new certificate thumbprints be defined someplace else. > > With SHA256, it is really second preimage resistance that we care about for a > certificate thumbprint, rather than simple collision resistance. Tha

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread John Bradley
Inline. > On Apr 30, 2018, at 12:57 PM, Neil Madden > wrote: > > Hi John, > >> On 30 Apr 2018, at 15:07, John Bradley > > wrote: >> >> I lean towards letting new certificate thumbprints be defined someplace else. >> >> With SHA256,

[OAUTH-WG] reference for invalid point attack [-jwt-bcp] ?

2018-04-30 Thread =JeffH
In search of CurveSwap: Measuring elliptic curve implementations in the wild Luke Valenta, Nick Sullivan, Antonio Sanso, Nadia Heninger https://eprint.iacr.org/2018/298.pdf (see section 7.1) ...is perhaps a suitable reference for section 3.4 of -jwt-bcp ? https://tools.ietf.org/html/draft-ietf

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread Brian Campbell
On Mon, Apr 30, 2018 at 9:57 AM, Neil Madden wrote: > > > On 30 Apr 2018, at 15:07, John Bradley wrote: > > > My concern is that people will see a bigger number and decide it is > better if we define it in the spec. > > We may be getting people to do additional work and increasing token size > w

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread John Bradley
Yes that is an issue. I think one of the things that kicked this off was a question of will this make it pointless for people to use algs such as AES GCM256 when it is perceived that our choice of hash somehow limits overall security to 128bits. Let me take another run at this. Things like b

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread Neil Madden
Responses inline again. On Mon, 30 Apr 2018 at 19:44, John Bradley wrote: > Inline. > > > On Apr 30, 2018, at 12:57 PM, Neil Madden > wrote: > > Hi John, > > On 30 Apr 2018, at 15:07, John Bradley wrote: > > I lean towards letting new certificate thumbprints be defined someplace > else. > > Wi

Re: [OAUTH-WG] WGLC on draft-ietf-oauth-mtls-07

2018-04-30 Thread John Bradley
We allow for new thumbprint algorithms to be defined and used with this spec. I think that we all agree that is a good thing. The question is if we should define them here or as part of JWT/CWT based on broader demand. Including them in this document may be a distraction in my opinion. There i