Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-eddsa -- one final proposal for domain separation (context labels) for ed25519
Ilari Liusvaara <ilariliusvaara@welho.com> Tue, 19 July 2016 17:41 UTC
Return-Path: <ilariliusvaara@welho.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0B93112B010; Tue, 19 Jul 2016 10:41:50 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.187
X-Spam-Level:
X-Spam-Status: No, score=-3.187 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-1.287] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oT6DSpUi_9tB; Tue, 19 Jul 2016 10:41:45 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) by ietfa.amsl.com (Postfix) with ESMTP id 17C2712D0F8; Tue, 19 Jul 2016 10:41:41 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 8DA607DF8; Tue, 19 Jul 2016 20:41:40 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id Mvjo87tvrEGC; Tue, 19 Jul 2016 20:41:40 +0300 (EEST)
Received: from LK-Perkele-V2 (87-100-177-32.bb.dnainternet.fi [87.100.177.32]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id 04BCDC4; Tue, 19 Jul 2016 20:41:40 +0300 (EEST)
Date: Tue, 19 Jul 2016 20:41:35 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: Simon Josefsson <simon@josefsson.org>
Message-ID: <20160719174135.GB14532@LK-Perkele-V2.elisa-laajakaista.fi>
References: <5e514b7c361f4ed9a4d6ea41d40c350c@SC-EXCH03.marvell.com> <878tznvegh.fsf@latte.josefsson.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
In-Reply-To: <878tznvegh.fsf@latte.josefsson.org>
User-Agent: Mutt/1.6.0 (2016-04-01)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/46j5ZzMe_7KEdsvNSFIZA25kJRA>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: Robert Edmonds <edmonds@debian.org>, "draft-irtf-cfrg-eddsa.all@ietf.org" <draft-irtf-cfrg-eddsa.all@ietf.org>, "cfrg@ietf.org" <cfrg@ietf.org>, Ondřej Surý <ondrej@sury.org>, Benjamin Kaduk <bkaduk@akamai.com>
Subject: Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-eddsa -- one final proposal for domain separation (context labels) for ed25519
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Jul 2016 17:41:50 -0000
On Fri, May 06, 2016 at 09:21:50AM +0200, Simon Josefsson wrote: > Paul Lambert <paul@marvell.com> writes: > > >> > On Sat 2016-04-23 03:23:15 -0400, Simon Josefsson wrote: > >> >> Further, introducing this tweak late in the process appears unfortunate. > >> >> We are having serious trouble shipping documents people have been > >> >> waiting for as it is. Redefining what they will get this late in the > >> >> process is harmful. > >> > > >> > My goal in raising this is not to delay the process further, but to at > >> > least clarify for future readers why the interfaces for Ed25519 and > >> > Ed448 differ by a "context" argument, and to give some form of > >> > implementation guidance to people who want to use that argument while > >> > being able to use both signature schemes. > > > > Making names clear is a good idea. > > Perhaps Ed448 should be renamed Ed448ctx > > I like this idea -- there is confusion between the "old" Ed448 and > CFRG's modified Ed448 with contexts. It is pretty mild since the old > Ed448 has not been widely deployed, but still. If someone like to push > for this, I would support it. One way to solve things would be to restrict the Ed448 context to non- empty strings and name the result to "Ed448ctx" and take currying of current Ed448 with empty context string and name it as "Ed448". And then perhaps apply analogous construct to Ed25519 to derive Ed25519ctx and to switch Ed25519ph to that sort of construct. Of course, this doesn't solve the problems with the *PH variants: - Ed25519ph can be confused with Ed25519 with bad results (the new construction would probably solve that). - Ed448ph still has contexts, which is made practicularly hilarious by the fact that *ph variants were originally included because of legacy APIs (at least going by the rationales), which probably aren't going to take contexts very well... And if Ed25519ph is switched to that new construct, it would get this problem as well... -Ilari
- Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-ed… Ilari Liusvaara
- [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-eddsa … Paul Lambert
- Re: [Cfrg] Ed448ctx -> was RE: draft-irtf-cfrg-ed… Simon Josefsson