Using RSA Algorithms with CBOR Object Signing and Encryption (COSE) Messages
draft-jones-cose-rsa-05

[Ballot comment]
6.1: I wonder if "highly recommended" in paragraph 2 and "should not be used" in paragraph 3 warrant 2119 keywords.

6.3, paragraph 2: I wonder the same about "Keys used with RSAES-OAEP must follow the constraints...". But it's not clear to me whether this creates a new requirement to follow the constraints in 3447, or it it just references an existing requirement from 3447.

[Ballot comment]
The "must" and "must not" in the final paragraph of section 6.3 seem normative in their intention (and are presumably why [Boneh99] is listed as "normative" rather than "informative" in the references section). Given that the document is using 2119 language elsewhere, I would suggest capitalizing them for avoidance of doubt.

Please fix this nit:
  ** Obsolete normative reference: RFC 3447

[Ballot comment]
This document seems sound overall. A few points which I believe
would improve it.

- The Private Key format seems like a straight translation of
  RFC 8017's RSAPrivateKey but the explanation of the various
  parameters in 8017 is a lot clearer. E.g.,
  "exponent1 is d mod (p - 1)." versus "first factor CRT Exponent"
  I would advice making the direct connection to 8017 and
  adopting their descriptions.

- Is it really wise to be standardizing RSA-OAEP with SHA-1
  at this point? I'm not claiming that there is a real attack,
  but we are generally trying to not do anything new with
  SHA-1.

"
      value 32,768 is represented as the CBOR byte sequence 0b010_00010
      (major type 2, additional information 2 for the length), 0x80
      0x00."

I found this text hard to follow. I believe it would be improved by
putting the parenthetical at the end rather than in the middle.


- S 6.3. Rather than just saying "low" you should specify exactly
  which ones you mean.

(Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs:

The IANA Services Operator has completed its review of draft-jones-cose-rsa-02.txt. If any part of this review is inaccurate, please let us know.

The IANA Services Operator understands that, upon approval of this document, there are three actions which we must complete.

First, in the COSE Algorithms registry on the CBOR Object Signing and Encryption (COSE) registry page, the following six algorithms are to be registered:

+-------------------------------+-------+---------+-----------------+------------+
| Name | Value | Hash | Description | Reference |+-------------------------------+-------+---------+-----------------+------------+
| PS256 | -37 | SHA-256 | RSASSA-PSS w/ | [RFC-to-be]|
| | | | SHA-256 | |
| PS384 | -38 | SHA-384 | RSASSA-PSS w/ | [RFC-to-be]|
| | | | SHA-384 | |
| PS512 | -39 | SHA-512 | RSASSA-PSS w/ | [RFC-to-be]|
| | | | SHA-512 | |
| RSAES-OAEP w/ RFC 3447 | -40 | SHA-1 | RSAES OAEP w/ | [RFC-to-be]|
| default parameters | | | SHA-1 | |
| RSAES-OAEP w/ SHA-256 | -41 | SHA-256 | RSAES OAEP w/ | [RFC-to-be]|
| | | | SHA-256 | |
| RSAES-OAEP w/ SHA-512 | -42 | SHA-512 | RSAES OAEP w/ | [RFC-to-be]|
| | | | SHA-512 | |
+-------------------------------+-------+---------+-----------------+------------+

Because this registry requires Expert Review [RFC5226] for registration, we've contacted the IESG-designated expert in a separate ticket to request approval. Expert review should be completed before your document can be approved for publication as an RFC.

Second, in the COSE Key Type registry also on the CBOR Object Signing and Encryption (COSE) registry page, the following value is to be registered:

Name: RSA
Value: 3
Description: RSA Key
Reference: [ RFC-to-be ]

Because this registry also requires Expert Review [RFC5226] for registration, we've contacted the IESG-designated expert in a separate ticket to request approval. Expert review should be completed before your document can be approved for publication as an RFC.

Third, in the COSE Key Type Parameters registry also on the CBOR Object Signing and Encryption (COSE) registry page, the following value is to be registered:

[ each new registration will have a reference of [ RFC-to-be ]].

+-------+----------+-------+-------+--------------------------------+
| Name | Key Type | Value | Type | Description |
+-------+----------+-------+-------+--------------------------------+
| n | 3 | -1 | bstr | Modulus Parameter |
| e | 3 | -2 | bstr | Exponent Parameter |
| d | 3 | -3 | bstr | Private Exponent Parameter |
| p | 3 | -4 | bstr | First Prime Factor |
| q | 3 | -5 | bstr | Second Prime Factor |
| dP | 3 | -6 | bstr | First Factor CRT Exponent |
| dQ | 3 | -7 | bstr | Second Factor CRT Exponent |
| qInv | 3 | -8 | bstr | First CRT Coefficient |
| other | 3 | -9 | array | Other Primes Info |
| r_i | 3 | -10 | bstr | i-th factor, Prime Factor |
| d_i | 3 | -11 | bstr | i-th factor, Factor CRT |
| | | | | Exponent |
| t_i | 3 | -12 | bstr | i-th factor, Factor CRT |
| | | | | Coefficient |
+-------+----------+-------+-------+--------------------------------+

Because this registry also requires Expert Review [RFC5226] for registration, we've contacted the IESG-designated expert in a separate ticket to request approval. Expert review should be completed before your document can be approved for publication as an RFC.

The IANA Services Operator understands that these three actions are the only ones required to be completed upon approval of this document.

Note:  The actions requested in this document will not be completed until the document has been approved for publication as an RFC. This message is only to confirm what actions will be performed.

Thank you,

Sabrina Tanamal
IANA Services Specialist
PTI

The following Last Call announcement was sent out:

From: The IESG
To: IETF-Announce
CC: rsalz@akamai.com, Kathleen.Moriarty.ietf@gmail.com, draft-jones-cose-rsa@ietf.org
Reply-To: ietf@ietf.org
Sender:
Subject: Last Call:  (Using RSA Algorithms with COSE Messages) to Proposed Standard


The IESG has received a request from an individual submitter to consider
the following document:
- 'Using RSA Algorithms with COSE Messages'
  as Proposed Standard

The IESG plans to make a decision in the next few weeks, and solicits
final comments on this action. Please send substantive comments to the
ietf@ietf.org mailing lists by 2017-06-15. Exceptionally, comments may be
sent to iesg@ietf.org instead. In either case, please retain the
beginning of the Subject line to allow automated sorting.

Abstract


  The CBOR Object Signing and Encryption (COSE) specification defines
  cryptographic message encodings using Concise Binary Object
  Representation (CBOR).  This specification defines algorithm
  encodings and representations enabling RSA algorithms to be used for
  COSE messages.  Encodings for the use of RSASSA-PSS signatures,
  RSAES-OAEP encryption, and RSA keys are specified.




The file can be obtained via
https://datatracker.ietf.org/doc/draft-jones-cose-rsa/

IESG discussion can be tracked via
https://datatracker.ietf.org/doc/draft-jones-cose-rsa/ballot/


No IPR declarations have been submitted directly on this I-D.