Re: [Cbor] Gordian Envelope and Crypto-Agility for its Hash
Christopher Allen <christophera@lifewithalacrity.com> Fri, 10 March 2023 03:53 UTC
Return-Path: <christophera@lifewithalacrity.com>
X-Original-To: cbor@ietfa.amsl.com
Delivered-To: cbor@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B4E61C1388B8 for <cbor@ietfa.amsl.com>; Thu, 9 Mar 2023 19:53:03 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=lifewithalacrity-com.20210112.gappssmtp.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id trBbHrwNs0ry for <cbor@ietfa.amsl.com>; Thu, 9 Mar 2023 19:52:59 -0800 (PST)
Received: from mail-ed1-x52b.google.com (mail-ed1-x52b.google.com [IPv6:2a00:1450:4864:20::52b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 93558C16B5CB for <cbor@ietf.org>; Thu, 9 Mar 2023 19:52:59 -0800 (PST)
Received: by mail-ed1-x52b.google.com with SMTP id g3so15461093eda.1 for <cbor@ietf.org>; Thu, 09 Mar 2023 19:52:59 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lifewithalacrity-com.20210112.gappssmtp.com; s=20210112; t=1678420377; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=ezmOA4QzoN1JLT98Ec49HDpccEN//GdHL65cPGrabnc=; b=UK70DxpuDMWMBHzQ4Q2Z4i5dqLZMOYDTligVKaFw/FSBZGfnqrdxreP9c/dtY2gGtK gofv1hfQkEzrYcHfqNXXakWMW7UCLpeGBzTUYqBuSuLz4UC40il10RWanX24RKRtq1HD E6cjq3m4JkU0YIDCk6gs4CgCCrXH4IE0VACcIxQw4sIlmrnvKdEy1I0PMV3IefqcOyQd m3IPat2YvcRUrT8t8/l5WCA7ITpv24JMhiSug05tikcQd0iXAGOhoXUz30UAEPxpb7XP 6CsoO0C8o/S8BgHxo/aDGnBlgoH1FQ9fPnZxrLoddc91UeT6/k2Q7qFz0+NCK+isza5h gw9w==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; t=1678420377; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ezmOA4QzoN1JLT98Ec49HDpccEN//GdHL65cPGrabnc=; b=Yy0QWmu4YZCMvIF3ePG6RPddItfdAWQwCZwouNxBwo99k2PzAlrnUwS05NdczPavse gg8+T/wxMv4UwICsAwCbIW/6aUEHee+kuI3VCDv4kYlwT+Fg8/unN3G8TxhHDVzrcmQB doA4CM7mNy2oB9oPGGWPxcmVteGnlj+LMcxQNnpO5OkyPlBN8Ac/KZYePHw5yRuaHMiF +dfSkauhiBrw4QwrZHpI3MhM2KW9URTY7gkjTgktiF0g87a1MvFc0BdONTAddiqk3vJd vegOoEd28wP6+gN6TFK9BVHzMIEZthC2wjnyoO4H5uvglHzpRzwKAVT+MH+7MQWnC4jE 4Dtw==
X-Gm-Message-State: AO0yUKXkwgv7fOgRSh71Eg3L56JHUPpra6R9JHztAeUzaG2eHqdzOpKF MHRdS7U+muhaU+pDb4HOywHOutD/yS5bOL8a4fklSw2EajC6wK+cX+qH2g==
X-Google-Smtp-Source: AK7set+oi+AGKVE3lfBehv5wVDhmVQd7csigmerOHf6j6kRe42dUvHIlYQHFAU6kaKkIyIAEgObYoWxfdDl053RqCaQ=
X-Received: by 2002:a17:906:a0d8:b0:88d:f759:15b1 with SMTP id bh24-20020a170906a0d800b0088df75915b1mr12294670ejb.13.1678420377616; Thu, 09 Mar 2023 19:52:57 -0800 (PST)
MIME-Version: 1.0
References: <CAAse2dHXGbMDEh1vWbAReH5Ax7cCWOwv4QjfPZMh0Hv=cfaa5A@mail.gmail.com> <20230309005113.1f8b9ea4@nuclight>
In-Reply-To: <20230309005113.1f8b9ea4@nuclight>
From: Christopher Allen <christophera@lifewithalacrity.com>
Date: Thu, 09 Mar 2023 19:52:46 -0800
Message-ID: <CAAse2dFE7icuOTAKSg=QYq0rxkEjLuFBRjSocqS_Mo97+V7Vog@mail.gmail.com>
To: Vadim Goncharov <vadimnuclight@gmail.com>
Cc: cbor@ietf.org
Content-Type: multipart/alternative; boundary="000000000000645c0505f683b256"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cbor/2AKNiscu2LLwK6-41el1Zy7G9ho>
Subject: Re: [Cbor] Gordian Envelope and Crypto-Agility for its Hash
X-BeenThere: cbor@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Concise Binary Object Representation \(CBOR\)" <cbor.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cbor>, <mailto:cbor-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cbor/>
List-Post: <mailto:cbor@ietf.org>
List-Help: <mailto:cbor-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cbor>, <mailto:cbor-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 10 Mar 2023 03:53:03 -0000
On Wed, Mar 8, 2023 at 1:51 PM Vadim Goncharov <vadimnuclight@gmail.com> wrote: > On Tue, 7 Mar 2023 00:25:22 -0800 > Christopher Allen <christophera@lifewithalacrity.com> wrote: > > I'd really not like to go down the alley that Protocol Labs did with > > https://datatracker.ietf.org/doc/draft-multiformats-multihash/ — our > > Read that draft, wanted to ask why ther's no "multi" (several hash at > once) and what about truncating, if length field seems to be present > but no utilized. But seemd that this is not your spec? > Not really — it was a spec that was originally developed by Protocol Labs for use with content-addressing schemes like IPFS. Several proposed DID methods (W3C Decentralized Identifier), in particular from the Web3 community, wanted to use it for DID URNs, and we said that they needed to document it before we would register them as a preliminary DID method. They published that as https://github.com/w3c-ccg/hashlink and also shared it as an I-D. Note that the CCG (W3C Credential Community Group) has no authority to create standards, but does have the ability to have working groups to delegate items like these and to also register various list to community groups, as in W3C working groups are only for 2 years, and the CCG has been around for over a decade, and there is no equivalent to IANA. Different standards processes ;-) > > experience has been that the lack of constraint in that list resulted > > in a large surface area for attacks. > > What do you mean? > I don't mean that there have been any CVEs — I'm not aware of any. However, the design had unintended consequences. How does one really know a hashlink in SHA256 and hashlink for the same object BLAKE3 are to the same object? You can't without the original deterministically encoded object, which turns out isn't always easy in many Web3 protocols, in particular IPFS where you don't have guarantees of availability. Also, though Web3 does not require blockchain tokens, many do use them, and there are interesting opportunities for hash malleability, say to sell something (say an NFT) twice. > > In addition, specifically for us, as the Envelope tag and Wrapped > > Envelope tag is used so often, adding even more bytes to specify a > > hash algorithm risks support in constrained environments (for > > instance, signing on JavaCard is quite limited). > > Is 1 byte really too much? What are sizes of packet? > Under ordinary circumstances, no, 1 byte doesn't make a difference. But remember, the design of the structure is envelopes nesting envelopes, so there is rarely just one. But we do have implementers now working with very constrained JavaCard devices (they are using an Gordian Envelope encoded Shamir to backup private keys from their devices), and we have one silicon device company (Crossbar/Cramium) that is looking into dCBOR for encoding data for new chip designs, where dCBOR might be implemented in silicon logic. -- Christopher Allen
- [Cbor] Gordian Envelope and Crypto-Agility for it… Christopher Allen
- Re: [Cbor] Gordian Envelope and Crypto-Agility fo… Christopher Allen
- Re: [Cbor] Gordian Envelope and Crypto-Agility fo… Vadim Goncharov
- Re: [Cbor] Gordian Envelope and Crypto-Agility fo… Christopher Allen