draft-jones-webauthn-cose-algorithms-01 (w3c#895)

selfissued · web-flow · commit 7451b28a2464 · 2018-05-02T17:55:07.000-07:00
Tracks initial IANA COSE Algorithm registrations that have been made
diff --git a/draft-jones-webauthn-cose-algorithms.html b/draft-jones-webauthn-cose-algorithms.html
@@ -395,8 +395,8 @@
   <link rel="schema.dct" href="http://purl.org/dc/terms/" />
 
   <meta name="dct.creator" content="Jones, M." />
-  <meta name="dct.identifier" content="urn:ietf:id:draft-jones-webauthn-cose-algorithms-00" />
-  <meta name="dct.issued" scheme="ISO8601" content="2018-03-23" />
+  <meta name="dct.identifier" content="urn:ietf:id:draft-jones-webauthn-cose-algorithms-01" />
+  <meta name="dct.issued" scheme="ISO8601" content="2018-05-02" />
   <meta name="dct.abstract" content="The W3C Web Authentication (WebAuthn) specification uses COSE algorithm identifiers.  This specification registers algorithms in the IANA &quot;COSE Algorithms&quot; registry that are used by WebAuthn that are not already registered.  Also, they are registered in the IANA &quot;JSON Web Signature and Encryption Algorithms&quot; registry, when not already registered there.  " />
   <meta name="description" content="The W3C Web Authentication (WebAuthn) specification uses COSE algorithm identifiers.  This specification registers algorithms in the IANA &quot;COSE Algorithms&quot; registry that are used by WebAuthn that are not already registered.  Also, they are registered in the IANA &quot;JSON Web Signature and Encryption Algorithms&quot; registry, when not already registered there.  " />
 
@@ -417,10 +417,10 @@
 </tr>
 <tr>
 <td class="left">Intended status: Informational</td>
-<td class="right">March 23, 2018</td>
+<td class="right">May 2, 2018</td>
 </tr>
 <tr>
-<td class="left">Expires: September 24, 2018</td>
+<td class="left">Expires: November 3, 2018</td>
 <td class="right"></td>
 </tr>
 
@@ -429,15 +429,15 @@
   </table>
 
   <p class="title">COSE Algorithms for Web Authentication (WebAuthn)<br />
-  <span class="filename">draft-jones-webauthn-cose-algorithms-00</span></p>
+  <span class="filename">draft-jones-webauthn-cose-algorithms-01</span></p>
   
   <h1 id="rfc.abstract"><a href="#rfc.abstract">Abstract</a></h1>
 <p>The W3C Web Authentication (WebAuthn) specification uses COSE algorithm identifiers.  This specification registers algorithms in the IANA "COSE Algorithms" registry that are used by WebAuthn that are not already registered.  Also, they are registered in the IANA "JSON Web Signature and Encryption Algorithms" registry, when not already registered there.  </p>
 <h1 id="rfc.status"><a href="#rfc.status">Status of This Memo</a></h1>
 <p>This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.</p>
 <p>Internet-Drafts are working documents of the Internet Engineering Task Force (IETF).  Note that other groups may also distribute working documents as Internet-Drafts.  The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.</p>
 <p>Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time.  It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."</p>
-<p>This Internet-Draft will expire on September 24, 2018.</p>
+<p>This Internet-Draft will expire on November 3, 2018.</p>
 <h1 id="rfc.copyrightnotice"><a href="#rfc.copyrightnotice">Copyright Notice</a></h1>
 <p>Copyright (c) 2018 IETF Trust and the persons identified as the document authors.  All rights reserved.</p>
 <p>This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document.  Please review these documents carefully, as they describe your rights and restrictions with respect to this document.  Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License.</p>
@@ -526,7 +526,7 @@ <h1 id="rfc.section.2">
 </tr>
 <tr>
 <td class="left">RS1</td>
-<td class="left">TBD (requested assignment -262)</td>
+<td class="left">TBD (requested assignment -65535)</td>
 <td class="left">SHA-1</td>
 <td class="left">RSASSA-PKCS1-v1_5 w/ SHA-1</td>
 </tr>
@@ -576,10 +576,10 @@ <h1 id="rfc.section.3.1">
 
 <ul>
 <li>Name: RS1 </li>
-<li>Value: TBD (requested assignment -262) </li>
+<li>Value: TBD (requested assignment -65535) </li>
 <li>Description: RSASSA-PKCS1-v1_5 w/ SHA-1 </li>
 <li>Reference: <a href="#RSASSA-PKCS1-v1_5" class="xref">Section 2</a> of this document </li>
-<li>Recommended: No </li>
+<li>Recommended: Deprecated </li>
 </ul>
 
 <p> </p>
@@ -597,7 +597,7 @@ <h1 id="rfc.section.4.2">
 <h1 id="rfc.section.4.3">
 <a href="#rfc.section.4.3">4.3.</a> <a href="#RSASSA-PKCS1-v1_5_SHA-1_considerations" id="RSASSA-PKCS1-v1_5_SHA-1_considerations">RSASSA-PKCS1-v1_5 with SHA-1 Security Considerations</a>
 </h1>
-<p id="rfc.section.4.3.p.1">The security considerations on the use of the SHA-1 hash function from <a href="#RFC6194" class="xref">[RFC6194]</a> apply in this specification.  For that reason, the "RS1" algorithm is registered as "Not Recommended".  It MUST NOT be used by COSE implementations.  </p>
+<p id="rfc.section.4.3.p.1">The security considerations on the use of the SHA-1 hash function from <a href="#RFC6194" class="xref">[RFC6194]</a> apply in this specification.  For that reason, the "RS1" algorithm is registered as "Deprecated".  It MUST NOT be used by COSE implementations.  </p>
 <p id="rfc.section.4.3.p.2">A COSE algorithm identifier for this algorithm is nonetheless being registered because deployed TPMs continue to use it, and therefore WebAuthn implementations need a COSE algorithm identifier for "RS1" when TPM attestations using this algorithm are being represented.  </p>
 <h1 id="rfc.references">
 <a href="#rfc.references">5.</a> References</h1>
@@ -670,10 +670,18 @@ <h1 id="rfc.references.2">
 </tr>
 </tbody></table>
 <h1 id="rfc.acknowledgements"><a href="#rfc.acknowledgements">Acknowledgements</a></h1>
-<p id="rfc.section.A.p.1">TBD </p>
+<p id="rfc.section.A.p.1">Thanks to John Fontana, Jeff Hodges, Tony Nadalin, Jim Schaad, G&#246;ran Selander, Wendy Seltzer, Sean Turner, and Samuel Weiler for their roles in registering these algorithm identifiers.  </p>
 <h1 id="rfc.document_history"><a href="#rfc.document_history">Document History</a></h1>
 <p id="rfc.section.B.p.1">[[ to be removed by the RFC Editor before publication as an RFC ]] </p>
-<p id="rfc.section.B.p.2">-00 </p>
+<p id="rfc.section.B.p.2">-01 </p>
+
+<ul>
+<li>Updated the requested RS1 value from -262 to -65535 to match the temporary registration made on 2018-04-19.  </li>
+<li>Populated the Acknowledgements section.  </li>
+</ul>
+
+<p> </p>
+<p id="rfc.section.B.p.3">-00 </p>
 
 <ul><li>Initial version.  </li></ul>
 
diff --git a/draft-jones-webauthn-cose-algorithms.txt b/draft-jones-webauthn-cose-algorithms.txt
@@ -4,12 +4,12 @@
 
 WebAuthn Working Group                                          M. Jones
 Internet-Draft                                                 Microsoft
-Intended status: Informational                            March 23, 2018
-Expires: September 24, 2018
+Intended status: Informational                               May 2, 2018
+Expires: November 3, 2018
 
 
            COSE Algorithms for Web Authentication (WebAuthn)
-                draft-jones-webauthn-cose-algorithms-00
+                draft-jones-webauthn-cose-algorithms-01
 
 Abstract
 
@@ -35,7 +35,7 @@ Status of This Memo
    time.  It is inappropriate to use Internet-Drafts as reference
    material or to cite them other than as "work in progress."
 
-   This Internet-Draft will expire on September 24, 2018.
+   This Internet-Draft will expire on November 3, 2018.
 
 Copyright Notice
 
@@ -53,9 +53,9 @@ Copyright Notice
 
 
 
-Jones                  Expires September 24, 2018               [Page 1]
+Jones                   Expires November 3, 2018                [Page 1]
 
-Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
+Internet-DraCOSE Algorithms for Web Authentication (WebAuthn)   May 2018
 
 
    the Trust Legal Provisions and are provided without warranty as
@@ -109,9 +109,9 @@ Table of Contents
 
 
 
-Jones                  Expires September 24, 2018               [Page 2]
+Jones                   Expires November 3, 2018                [Page 2]
 
-Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
+Internet-DraCOSE Algorithms for Web Authentication (WebAuthn)   May 2018
 
 
    The RSASSA-PKCS1-v1_5 algorithms specified in this document are in
@@ -127,7 +127,7 @@ Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
    | RS512 | TBD (requested          | SHA-512 | RSASSA-PKCS1-v1_5 w/  |
    |       | assignment -259)        |         | SHA-512               |
    | RS1   | TBD (requested          | SHA-1   | RSASSA-PKCS1-v1_5 w/  |
-   |       | assignment -262)        |         | SHA-1                 |
+   |       | assignment -65535)      |         | SHA-1                 |
    +-------+-------------------------+---------+-----------------------+
 
                 Table 1: RSASSA-PKCS1-v1_5 Algorithm Values
@@ -158,16 +158,16 @@ Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
    o  Recommended: No
 
    o  Name: RS1
-   o  Value: TBD (requested assignment -262)
+   o  Value: TBD (requested assignment -65535)
    o  Description: RSASSA-PKCS1-v1_5 w/ SHA-1
    o  Reference: Section 2 of this document
-   o  Recommended: No
+   o  Recommended: Deprecated
 
 
 
-Jones                  Expires September 24, 2018               [Page 3]
+Jones                   Expires November 3, 2018                [Page 3]
 
-Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
+Internet-DraCOSE Algorithms for Web Authentication (WebAuthn)   May 2018
 
 
 4.  Security Considerations
@@ -189,8 +189,8 @@ Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
 
    The security considerations on the use of the SHA-1 hash function
    from [RFC6194] apply in this specification.  For that reason, the
-   "RS1" algorithm is registered as "Not Recommended".  It MUST NOT be
-   used by COSE implementations.
+   "RS1" algorithm is registered as "Deprecated".  It MUST NOT be used
+   by COSE implementations.
 
    A COSE algorithm identifier for this algorithm is nonetheless being
    registered because deployed TPMs continue to use it, and therefore
@@ -221,9 +221,9 @@ Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
 
 
 
-Jones                  Expires September 24, 2018               [Page 4]
+Jones                   Expires November 3, 2018                [Page 4]
 
-Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
+Internet-DraCOSE Algorithms for Web Authentication (WebAuthn)   May 2018
 
 
    [RFC7518]  Jones, M., "JSON Web Algorithms (JWA)", RFC 7518,
@@ -270,22 +270,29 @@ Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
 
 Acknowledgements
 
-   TBD
-
+   Thanks to John Fontana, Jeff Hodges, Tony Nadalin, Jim Schaad, Goeran
+   Selander, Wendy Seltzer, Sean Turner, and Samuel Weiler for their
+   roles in registering these algorithm identifiers.
 
 
 
 
-
-Jones                  Expires September 24, 2018               [Page 5]
+Jones                   Expires November 3, 2018                [Page 5]
 
-Internet-DraCOSE Algorithms for Web Authentication (WebAuthn  March 2018
+Internet-DraCOSE Algorithms for Web Authentication (WebAuthn)   May 2018
 
 
 Document History
 
    [[ to be removed by the RFC Editor before publication as an RFC ]]
 
+   -01
+
+   o  Updated the requested RS1 value from -262 to -65535 to match the
+      temporary registration made on 2018-04-19.
+
+   o  Populated the Acknowledgements section.
+
    -00
 
    o  Initial version.
@@ -326,11 +333,4 @@ Author's Address
 
 
 
-
-
-
-
-
-
-
-Jones                  Expires September 24, 2018               [Page 6]
+Jones                   Expires November 3, 2018                [Page 6]
diff --git a/draft-jones-webauthn-cose-algorithms.xml b/draft-jones-webauthn-cose-algorithms.xml
@@ -1,4 +1,4 @@
-<?xml version='1.0' encoding='us-ascii'?>
+<?xml version='1.0' encoding='UTF-8'?>
 
 <?xml-stylesheet type='text/xsl' href='http://xml2rfc.tools.ietf.org/authoring/rfc2629.xslt' ?>
 <!DOCTYPE rfc SYSTEM "rfc2629.dtd">
@@ -14,7 +14,7 @@
 
 <rfc category="info" 
      ipr="trust200902" 
-     docName="draft-jones-webauthn-cose-algorithms-00">
+     docName="draft-jones-webauthn-cose-algorithms-01">
   <front>
 
     <title>COSE Algorithms for Web Authentication (WebAuthn)</title>
@@ -27,7 +27,7 @@
       </address>
     </author>
 
-    <date day="23" month="March" year="2018" />
+    <date day="2" month="May" year="2018" />
 
     <area>Security</area>
     <workgroup>WebAuthn Working Group</workgroup>
@@ -105,7 +105,7 @@
 	<c>RSASSA-PKCS1-v1_5 w/ SHA-512</c>
 
 	<c>RS1</c>
-	<c>TBD (requested assignment -262)</c>
+	<c>TBD (requested assignment -65535)</c>
 	<c>SHA-1</c>
 	<c>RSASSA-PKCS1-v1_5 w/ SHA-1</c>
 
@@ -183,7 +183,7 @@
 	      Name: RS1
 	    </t>
 	    <t>
-	      Value: TBD (requested assignment -262)
+	      Value: TBD (requested assignment -65535)
 	    </t>
 	    <t>
 	      Description: RSASSA-PKCS1-v1_5 w/ SHA-1
@@ -192,7 +192,7 @@
 	      Reference: <xref target="RSASSA-PKCS1-v1_5"/> of this document 
 	    </t>
 	    <t>
-	      Recommended: No
+	      Recommended: Deprecated
 	    </t>
 	  </list>
 	</t>
@@ -224,7 +224,7 @@
 	<t>
 	  The security considerations on the use of the SHA-1 hash function
 	  from <xref target="RFC6194"/> apply in this specification.
-	  For that reason, the "RS1" algorithm is registered as "Not Recommended".
+	  For that reason, the "RS1" algorithm is registered as "Deprecated".
 	  It MUST NOT be used by COSE implementations.
 	</t>
 	<t>
@@ -355,7 +355,17 @@
     <section title="Acknowledgements" anchor="Acknowledgements" numbered="no">
 
       <t>
-	TBD
+	Thanks to
+	John Fontana,
+	Jeff Hodges,
+	Tony Nadalin,
+	Jim Schaad,
+	Göran Selander,
+	Wendy Seltzer,
+	Sean Turner,
+	and
+	Samuel Weiler
+	for their roles in registering these algorithm identifiers.
       </t>
     </section>
 
@@ -364,6 +374,19 @@
         [[ to be removed by the RFC Editor before publication as an RFC ]]
       </t>
 
+      <t>
+        -01
+        <list style='symbols'>
+          <t>
+	    Updated the requested RS1 value from -262 to -65535
+	    to match the temporary registration made on 2018-04-19.
+          </t>
+	  <t>
+	    Populated the Acknowledgements section.
+	  </t>
+        </list>
+      </t>
+
       <t>
         -00
         <list style='symbols'>
