search

decentralized-identity / papers

Notes, ideas, and write-ups from DIF members and collaborators
Apache License 2.0
40 stars 7 forks source link

[SIOP] Add missing enc/alg algorithms to IANA #6

Open awoie opened 5 years ago

awoie commented 5 years ago

Add support for ECDH-ES (+ X25519) / XSalsa20-Poly1305 and ChaCha20-Poly1305 to JOSE/ IANA registry.

kdenhartog commented 5 years ago

For reference, the Chacha20-poly1305/XChacha20-poly1305 has been described in an internet draft. We just need to get it officially registered in IANA.

https://tools.ietf.org/html/draft-amringer-jose-chacha-00

Also, X25519/ed25519 are defined in RFC 8037, so we should be good on that.

The only thing left to spec out would be the description of XSalsa20/Salsa20 similar to how it's done in RFC 7539 and the to register it in IANA.

kdenhartog commented 5 years ago

Update: XSalsa20/Salsa20 couldn't be added because it's only an Authenticated Encryption (AE) algorithm not an Authenticated Encryption Additional Data (AEAD) algorithm.

awoie commented 5 years ago

Yes, that is unfortunate. Because this means we cannot use TweetNacl which offers browser-friendly libraries (around 20KB). TweetNacl does not have support for XChacha or any other AEAD defined AEAD construction, only AE (XSalsa20Poly1305) which is a requirement of JWEs.

My understanding is that we are currently looking into three different options:

  1. using stablelib, or other alternatives
  2. creating a smaller wasm for libsodium (currently around 180KB which is too big for web browsers on mobile devices)
  3. stripping out unneeded code from libsodium

@kdenhartog @pelle In all cases, we will have to provide the code/binary in DIF. Is this correct?

awoie commented 5 years ago

@pelle @kdenhartog The TweetNacl author mentions that stablelib might not be a good fit for JWE either: https://github.com/dchest/tweetnacl-js/issues/169. Are we giving it a try regardless?

OR13 commented 5 years ago

Came across this, not sure if its useful. https://bcoin.io/docs/net_bip151.js.html

There is also the original RFC for ECDH-ES with x25519

https://tools.ietf.org/html/rfc8037

IMO, the signature suites, key exchanges, or other protocol stuff that is not currently supported should be tracked one a case by case bases, with a single ticket linking to all available documentation.

These things don't seem to be blocking for SIOP.

awoie commented 4 years ago

Locking this discussion. Copied issue to new repository: https://github.com/decentralized-identity/did-siop/issues/6