IETF Logo Mail Archive

[CFRG] Re: 回复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt

Daniel Huigens <daniel.huigens@proton.ch> Tue, 10 September 2024 08:15 UTC

Return-Path: <daniel.huigens@proton.ch>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57677C14F699 for <cfrg@ietfa.amsl.com>; Tue, 10 Sep 2024 01:15:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proton.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y1JC-6j8fVkx for <cfrg@ietfa.amsl.com>; Tue, 10 Sep 2024 01:15:49 -0700 (PDT)
Received: from mail-4317.proton.ch (mail-4317.proton.ch [185.70.43.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A7E77C14F689 for <cfrg@irtf.org>; Tue, 10 Sep 2024 01:15:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.ch; s=rt54d55cxfhird6wxjg2yormv4.protonmail; t=1725956147; x=1726215347; bh=B7SO4xKKCXu0CdiZlBCEkqPG0PQVDP95m70rKWevzz4=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=aI2H7lES7jWoh1zGaz0aS5NCQLLiv8pIqvcDCqNaG9jJeTTD2ecTzbMwwnp9IFUEs r2xIyS7vB7Tmsse6WJtkRrsJ//6a7fLGfgzCLTn9TETIyrjej3HmyXMGn+ljMsgeik O3rhFkQd0etChKYU3OHJi0uIiMn94Wxgf04weqEOc7MpB1Xmh97gqVVzudmhv25xNi tPVl2o1PFBylRMA/ScUwJskyEijuebw/xIr6GOKO44X7Qs38j9O5hCMOVhTPnQWy6t G8w9q/c/OSoCI7tpw1BwWpA+orOitKffzOGYSDLXCUR+PrqLle4Xow0aznBc4d3eq8 YWV/eJWBQvXVQ==
Date: Tue, 10 Sep 2024 08:15:41 +0000
To: Simon Josefsson <simon=40josefsson.org@dmarc.ietf.org>
From: Daniel Huigens <daniel.huigens@proton.ch>
Message-ID: <TGRod7G9HBXLcStst0XX6fQ5-3N0xx8h3Amoi5UQvHeN5tEUoWgzFRfXU3A85G0HooKRH0aaHsGEddziAq5cQ01UlT_azGt0xh53vQIbncM=@proton.ch>
In-Reply-To: <87v7z40xyw.fsf@kaka.sjd.se>
References: <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com> <20240322070827.738849.qmail@cr.yp.to> <TYAPR01MB4992039FC820D0425D2C6BE4C1982@TYAPR01MB4992.jpnprd01.prod.outlook.com> <gxv1hzo2clc_DYYNrKi-yGA5PoEH6v_UZcW7I8R7XttivBTZLNBXPlO3jM3nhZnB86HnGlCdKHmQpznBynplCeapP7jkJYj-XYLvfGPDSQQ=@proton.ch> <87v7z40xyw.fsf@kaka.sjd.se>
Feedback-ID: 37000915:user:proton
X-Pm-Message-ID: 1e0e4c20e3af6648332a9e82e335c22e91205d6b
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: TPLIXUGYHFLXSDC62LA54PESH6PKG5ET
X-Message-ID-Hash: TPLIXUGYHFLXSDC62LA54PESH6PKG5ET
X-MailFrom: daniel.huigens@proton.ch
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "cfrg@irtf.org" <cfrg@irtf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: 回复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/-7X-kKf7d5X7B9cQL0GBNBKKPFQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi Simon,

On Tuesday, September 10th, 2024 at 09:28, Simon Josefsson wrote:
> If people strongly desire a randomized version of Ed25519, I believe it
> would be better to update RFC 8032 to describe a new randomized variant
> and give it a name (rEdDSA/rEd25519/rEd448?) instead of altering the old
> EdDSA algorithm that is already well described and established.  If we
> do this, then Web Crypto can refer to either algorithm by name

I understand your viewpoint, but I wonder if since CryptoKit already
ships the randomized version under the name "Ed25519", perhaps this
ship has sailed to some extent? (Although I think it's unfortunate it's
been shipped without this draft being an RFC.)

> (or permit both -- since the decision is opaque from the consumer's
> point of view)

I think it would be an unfortunate outcome if "Ed25519" in Web Crypto
can mean "Ed25519" or "rEd25519" in the IETF - because that means any
IETF protocol that only refers to Ed25519 can't be implemented by
calling Web Crypto's Ed25519 (pedantically speaking).

So, if the outcome in the CFRG is to give these variants separate names,
I would prefer to only refer to RFC 8032 for Ed25519 in Web Crypto, and
ask Apple to make their implementation deterministic, though I don't
know if that's feasible at this point.

Best,
Daniel

v2.40.3 | Report a Bug | By Email | System Status