- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 10 Mar 2023 12:20:18 -0500
- To: Orie Steele <orie@transmute.industries>
- Cc: Christopher Allen <ChristopherA@lifewithalacrity.com>, Tomislav Markovski <tomislav@trinsic.id>, Markus Sabadello <markus@danubetech.com>, "W3C Credentials CG (Public List)" <public-credentials@w3.org>, silverpill@firemail.cc
On Fri, Mar 10, 2023 at 11:42 AM Orie Steele <orie@transmute.industries> wrote: >> Your article clearly calls out one of these highly problematic myths >> -- that "algorithmic agility is a good thing", and cites multiple >> practicing cryptography and security experts (at IETF and elsewhere) >> that have been speaking out against the "algorithmic agility" myth for >> the better part of the last decade. > > Citation needed. The citations are throughout Christopher's article (and all of them are listed at the bottom). > Here is counterpoint from IETF regarding HPKE, which is one the most popular new crypto related work items, and has taken the opposite approach: Let's dissect your example... > "In recent work here, COSE HPKE <https://datatracker.ietf.org/doc/draft-ietf-cose-hpke/> is however going for the full agility that you criticize. https://mailarchive.ietf.org/arch/msg/cose/4HkrEz2io72eGHss5tFI-wyiQ-E/" Really? That does not seem like the case at all (in reading the spec and the registries in their totality). HPKE picks: 2 KEMs, 1 KDF, and 2 AEAD methods: https://www.iana.org/assignments/hpke/hpke.xhtml So, in reality, quite far (and constrained) from where the JOSE stack is today wrt. algorithmic agility. Granted, HPKE still has a bit too much parameter variation in the registry, IMHO, but it's certainly not the mess that is the JWA registry: https://www.iana.org/assignments/jose/jose.xhtml#table-web-signature-encryption-algorithms There was a SIGNIFICANT down selection of algorithms and parameters in HPKE. Now, the counter-argument might be: "Oh, but just wait, the HPKE registry will fill up with all sorts of questionable algorithms in time." ... but I expect that Richard and Chris will fight hard against that happening. The existence of HPKE is exactly the point... they DID NOT just re-use existing IANA registries, but created their own (because the entries are different) and then made a conscious decision to not pull every KEM, KDF, and AEAD into the registry. > I think folks using the word "agility" in so many different ways is making the argument "against cryptographic agility" nearly meaningless at this point. Just because people are asserting that the waters are being muddied does not mean that there isn't a problem. Yes, some people are misusing the terminology, and the terminology is also a bit vague and overly broad. However, that a term is vague or being misused does not invalidate the argument that there is a problem. As far as I can tell, the term (as used in Christopher's article), is being used in a way that is mostly aligned with the definition in the Wikipedia entry: https://en.wikipedia.org/wiki/Cryptographic_agility -- manu -- Manu Sporny - https://www.linkedin.com/in/manusporny/ Founder/CEO - Digital Bazaar, Inc. News: Digital Bazaar Announces New Case Studies (2021) https://www.digitalbazaar.com/
Received on Friday, 10 March 2023 17:21:09 UTC