{"id":2401,"date":"2023-08-29T18:15:34","date_gmt":"2023-08-30T01:15:34","guid":{"rendered":"https:\/\/self-issued.info\/?p=2401"},"modified":"2023-08-29T18:15:34","modified_gmt":"2023-08-30T01:15:34","slug":"fully-specified-algorithms-for-jose-and-cose","status":"publish","type":"post","link":"https:\/\/self-issued.info\/?p=2401","title":{"rendered":"Fully-Specified Algorithms for JOSE and COSE"},"content":{"rendered":"<p><span class=\"plain\"><img decoding=\"async\" align=\"right\" src=\"https:\/\/self-issued.info\/images\/ietf-logo.png\" alt=\"IETF logo\"><\/span><a href=\"https:\/\/twitter.com\/OR13b\">Orie Steele<\/a> and I have written a new specification creating algorithm identifiers for JOSE and COSE that fully specify the cryptographic operations to be performed &#8211; something we&#8217;d promised to do during <a href=\"https:\/\/datatracker.ietf.org\/meeting\/117\/materials\/slides-117-jose-fully-specified-algorithms-for-jose-and-cose-00\">our presentation to the JOSE working group<\/a> at IETF 117.  The introduction to the specification (quoted below) describes why this matters.<\/p>\n<hr\/>\n<p>The IANA algorithm registries for JOSE [<a href=\"https:\/\/www.iana.org\/assignments\/jose\/jose.xhtml#web-signature-encryption-algorithms\">IANA.JOSE.Algorithms<\/a>] and COSE [<a href=\"https:\/\/www.iana.org\/assignments\/cose\/cose.xhtml#algorithms\">IANA.COSE.Algorithms<\/a>] contain two kinds of algorithm identifiers:<\/p>\n<ul>\n<li><b>Fully Specified<\/b>: Those that fully determine the cryptographic operations to be performed, including any curve, key derivation function (KDF), hash functions, etc. Examples are <code>RS256<\/code> and <code>ES256K<\/code> in both JOSE and COSE and <code>ES256<\/code> in JOSE.<\/li>\n<li><b>Polymorphic<\/b>: Those requiring information beyond the algorithm identifier to determine the cryptographic operations to be performed. Such additional information could include the actual key value and a curve that it uses. Examples are <code>EdDSA<\/code> in both JOSE and COSE and <code>ES256<\/code> in COSE.<\/li>\n<\/ul>\n<p>This matters because many protocols negotiate supported operations using only algorithm identifiers. For instance, OAuth Authorization Server Metadata [<a href=\"https:\/\/www.rfc-editor.org\/rfc\/rfc8414.html\">RFC8414<\/a>] uses negotiation parameters like these (from an example in the specification):<\/p>\n<p style=\"padding-left:1em;\"><code>\"token_endpoint_auth_signing_alg_values_supported\": [\"RS256\", \"ES256\"]<\/code><\/p>\n<p>OpenID Connect Discovery [<a href=\"https:\/\/openid.net\/specs\/openid-connect-discovery-1_0.html\">OpenID.Discovery<\/a>] likewise negotiates supported algorithms using <code>alg<\/code> and <code>enc<\/code> values. W3C Web Authentication [<a href=\"https:\/\/www.w3.org\/TR\/2021\/REC-webauthn-2-20210408\/\">WebAuthn<\/a>] and FIDO Client to Authenticator Protocol (CTAP) [<a href=\"https:\/\/fidoalliance.org\/specs\/fido-v2.1-ps-20210615\/fido-client-to-authenticator-protocol-v2.1-ps-20210615.html\">FIDO2<\/a>] negotiate using COSE <code>alg<\/code> numbers.<\/p>\n<p>This does not work for polymorphic algorithms. For instance, with <code>EdDSA<\/code>, you do not know which of the curves <code>Ed25519<\/code> and\/or <code>Ed448<\/code> are supported! This causes real problems in practice.<\/p>\n<p>WebAuthn contains this de-facto algorithm definition to work around this problem:<\/p>\n<p style=\"padding-left:1em;\"><code>-8 (EdDSA), where crv is 6 (Ed25519)<\/code><\/p>\n<p>This redefines the COSE <code>EdDSA<\/code> algorithm identifier for the purposes of WebAuthn to restrict it to using the <code>Ed25519<\/code> curve &#8211; making it non-polymorphic so that algorithm negotiation can succeed, but also effectively eliminating the possibility of using <code>Ed448<\/code>. Other similar workarounds for polymorphic algorithm identifiers are used in practice.<\/p>\n<p>This specification creates fully-specified algorithm identifiers for all registered polymorphic JOSE and COSE algorithms and their parameters, enabling applications to use only fully-specified algorithm identifiers. It furthermore deprecates the practice of registering polymorphic algorithm identifiers.<\/p>\n<hr\/>\n<p>The specification is available at:<\/p>\n<ul>\n<li><a href=\"https:\/\/www.ietf.org\/archive\/id\/draft-jones-jose-fully-specified-algorithms-00.html\">https:\/\/www.ietf.org\/archive\/id\/draft-jones-jose-fully-specified-algorithms-00.html<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>Orie Steele and I have written a new specification creating algorithm identifiers for JOSE and COSE that fully specify the cryptographic operations to be performed &#8211; something we&#8217;d promised to do during our presentation to the JOSE working group at IETF 117. The introduction to the specification (quoted below) describes why this matters. The IANA [&hellip;]<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[29,28,32,27,25],"tags":[],"class_list":["post-2401","post","type-post","status-publish","format-standard","hentry","category-cbor","category-cryptography","category-ietf","category-json","category-specifications"],"_links":{"self":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2401","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2401"}],"version-history":[{"count":6,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2401\/revisions"}],"predecessor-version":[{"id":2407,"href":"https:\/\/self-issued.info\/index.php?rest_route=\/wp\/v2\/posts\/2401\/revisions\/2407"}],"wp:attachment":[{"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2401"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2401"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/self-issued.info\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2401"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}