[CFRG] Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
"Kaliski, Burt" <bkaliski@verisign.com> Mon, 05 August 2024 13:43 UTC
Return-Path: <bkaliski@verisign.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C5949C14CE40 for <cfrg@ietfa.amsl.com>; Mon, 5 Aug 2024 06:43:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=verisign.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rxtEx3t-LxEz for <cfrg@ietfa.amsl.com>; Mon, 5 Aug 2024 06:42:59 -0700 (PDT)
Received: from mail6.verisign.com (mail6.verisign.com [69.58.187.32]) by ietfa.amsl.com (Postfix) with ESMTP id 88500C1522B9 for <cfrg@irtf.org>; Mon, 5 Aug 2024 06:42:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=verisign.com; l=4525; q=dns/txt; s=VRSN; t=1722865379; h=from:to:cc:subject:date:message-id: content-transfer-encoding:mime-version; bh=wEFHVGuT68RdziZhfUIcceP7L6SrCBcTlnKqLD1A7og=; b=lbJaIl3HwrCQEea7VmLQcKjIyhLlrQJSXMkBh5ir+P4apO1XrJVhPWqe coQPTf0ffx+gLU42nBpVLfcX2i5sfFmU0UW8tRUXwjxnj/0rjIfcV6FGA tAiKAOWL3z6j7coKT741cHvBN25DyFqlmSdWi+3j/EOk7sZAhmfYe9+Kn xvauJXZWVh0NXE3Uakk77CfGTwOPlT/uK/aGAUQdm+c9pBgPbCngCFT97 dQ5wZSQE+TB08fI9w+5rHo8ubypsRrTSh8kb7GB1t8O0yjIe+88P3RQab iS6hgSTXKdNOqyG1KM93x5Q9yMAOMGPSsbB4TNFFlXONqpem2Ef7Ekp79 w==;
X-CSE-ConnectionGUID: KHEp9EUaQOaGDVLWorbJTQ==
X-CSE-MsgGUID: Wz9NsRsWQ1yV0PNrP+9VOg==
X-ThreatScanner-Verdict: Negative
IronPort-Data: A9a23:6SBtO65fzYTC6vetLihZvgxRtFTGchMFZxGqfqrLsTDasY5as4F+v jAWUDqEPqzcMDOjfd4gOd7n9RsEsJGEnNI2GQpq+X80Eysa+MHIO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRG/yhTreCYn0sLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMS31GWNglaYCUpKrfrSwP9TlK6q4m9A7gRjPakjUGL2zBH5MrpOfcldEFOlGuG4LsbiL 87fwbew+H/u/htFIruNjrbhf0QWdaXZNA6Ih2A+c/DKbs9q/3FaPg4TbZLwWG8P49m7t4kZJ OZl7PRcfTwU0pjkw4zxZTEDSn0jYvcWkFPwCSPXXcS7lyUqelOym6k+VBle0Ycwoo6bCkkWn RAUxaxkgrluSItazZriItSAiPjPI+HIHK4H61xdxAj+BNkKf7T8RL/Ax+NhiWJYasBmRZ4yZ uI4TRU2UzLtU0UVfEkcD4gm2u6kwGflaDseo1WQzUY1yzGLilYtjv60bYCTIILiqcZ9xy50o krM/G39AwoZNfSBxCCE6XOjgKnEmiaTtIc6T+fjq6Y22gP7Kmo7Nw9Hc0CBusaA01+AA+p5M XRXqxQJov1nnKCsZpynN/Gim1aPsAQTc9tKD+N87xuCopc4+C6YAmddUThMeIR88dQoX3ov1 0TMldSvBDhg6fuLU2mbsLyTqFteJBQoEIPLXgdcJSNt3jUpiNhbYs7nJjq7LJOIsw==
IronPort-HdrOrdr: A9a23:VAT/86vsZZMNpBUS+qO6XWIX7skDQNV00zEX/kB9WHVpm5Sj5q KTdPRy73PJYUUqKRQdcLe7SdG9qBLnhOdICOYqXYtKMDONhILKFvAY0WKB+UyCJ8SWzIc0vp uIGJIQNDSENzlHZLHBjjVQfexM/DDNytHNuQ6X9QYLcehFUdAH0ztE
X-Talos-CUID: 9a23:LHtOems72eAb2CoBYLfx70FJ6IsGUlDFnVrtKnafAElFdpmqTkWa2p9dxp8=
X-Talos-MUID: 9a23:j5OBEAkPbq+GQoGW05JIdnpdJpZO+J61N3lUgKteg++eDW8hBRCS2WE=
X-IronPort-AV: E=Sophos;i="6.09,264,1716249600"; d="scan'208";a="32350426"
Received: from ILG1WNEX01.vcorp.ad.vrsn.com (10.246.152.25) by ILG1WNEX02.vcorp.ad.vrsn.com (10.246.152.26) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.2507.37; Mon, 5 Aug 2024 09:42:57 -0400
Received: from ILG1WNEX01.vcorp.ad.vrsn.com ([10.246.152.25]) by ILG1WNEX01.vcorp.ad.vrsn.com ([10.246.152.25]) with mapi id 15.01.2507.037; Mon, 5 Aug 2024 09:42:57 -0400
From: "Kaliski, Burt" <bkaliski@verisign.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
Thread-Index: AdrnPT76cphfzukXQ+q85fcbW10/RQ==
Date: Mon, 05 Aug 2024 13:42:57 +0000
Message-ID: <43f8434f68c144f38b4a4a3933841899@verisign.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.170.148.18]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Message-ID-Hash: JTNIGYGO62AW4PVJYR5G2OYJWZX33VIR
X-Message-ID-Hash: JTNIGYGO62AW4PVJYR5G2OYJWZX33VIR
X-MailFrom: bkaliski@verisign.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Sheth, Swapneel" <ssheth@Verisign.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/AshhH0W42OxEsHUr7gDS-w_wDu8>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
CFRG, Following up on my presentation at IETF 120, I would like to request that CFRG adopt draft-harvey-cfrg-mtl-mode-03 [1] as part of a broader research effort to provide guidance on modes of operation for digital signature schemes in applications. The authors' rationale is as follows: * NIST is in the process of standardizing what are effectively two modes of operation for FIPS 204 and 205 - "pure signing" where the message is signed directly with the underlying signature scheme and "pre-hash signing" where the hash of the message is signed. NIST has also introduced a "domain separator" format to distinguish the two modes [2]. (draft-harvey-cfrg-mtl-mode-03 adopts the domain separator format to distinguish MTL mode from others.) * There are discussions underway on these topics on NIST's pqc-forum mailing list [3]. It seems prudent that CFRG advance guidance to applications on how and when to use pure signing vs. pre-hash signing, how to use domain separators and context strings in inputs to signature schemes, and how to approach other modes of operation. * The initial use case for MTL mode is DNSSEC, as described in draft-fregly-dnsop-slh-dsa-mtl-dnssec-02 [4]. The current draft includes an example zone file signed with SPHINCS+ (SLH-DSA) in MTL mode. The authors hosted a hackathon session [5] on the draft at IETF 120 and also presented [6] at HotRFC. In addition, following the PQ DNSSEC side meeting [7], a new non-WG mailing list, pq-dnssec [8], was formed in the Security Area. The mailing list will be used for discussions of draft-fregly-research-agenda-for-pqc-dnssec-01 [9]. MTL mode is one of several approaches for reducing the operational impact of post-quantum signatures identified in the draft. * Another example of a signature mode where CFRG guidance would be helpful is composite signatures [10]. For instance, if the composite signature construction is applied to FIPS 204/205, does this mean that FIPS 204/205 is operated in "pure" mode (because the pre-hashing has already been done)? And how should an application use the optional context string provided by FIPS 204/205 in a composite construction? * Verisign announced a public, royalty-free license to certain intellectual property related to draft-harvey-cfrg-mtl-mode-03. IPR declarations 6174-6176 [11] give the official language. Thanks -- Burt [1] J. Harvey, B. Kaliski, A. Fregly, S. Sheth. Merkle Tree Ladder (MTL) Mode Signatures. draft-harvey-cfrg-mtl-mode-03, June 12, 2024, https://datatracker.ietf.org/doc/draft-harvey-cfrg-mtl-mode/03/ [2] D. Moody. Updates on pre-hash for FIPS 204 and 205. pqc-forum@list.nist.gov mailing list, April 19, 2024, https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/JKMh0D0pa30/m/vbflXolxAQAJ. [3] pqc-forum mailing list, https://groups.google.com/a/list.nist.gov/g/pqc-forum [4] A.M. Fregly, B. Kaliski. J. Harvey, D. Wessels. Stateless Hash-Based Signatures in Merkle Tree Ladder Mode (SLH-DSA-MTL) for DNSSEC. draft-fregly-dnsop-slh-dsa-mtl-dnssec-02, July 8, 2024, https://datatracker.ietf.org/doc/draft-fregly-dnsop-slh-dsa-mtl-dnssec/02/ [5] Exploring Implementation Approaches for Merkle Tree Ladder Mode Signatures for DNSSEC, IETF 120 Hackathon, https://wiki.ietf.org/en/meeting/120/hackathon [6] A. Fregly, Stateless Hash-Based Signatures in Merkle Tree Ladder Mode (SLH-DSA-MTL) for DNSSEC, IETF 120 HotRFC, https://datatracker.ietf.org/meeting/120/materials/slides-120-hotrfc-sessa-04-stateless-hash-based-signatures-in-merkle-tree-ladder-mode-01 [7] Side Meetings at IETF 120, https://wiki.ietf.org/en/meeting/120/sidemeetings [8] pq-dnssec mailing list, https://mailarchive.ietf.org/arch/browse/pq-dnssec/ [9] A.M. Fregly et al., Research Agenda for a Post-Quantum DNSSEC. draft-fregly-research-agenda-for-pqc-dnssec-01, June 26, 2024, https://datatracker.ietf.org/doc/draft-fregly-research-agenda-for-pqc-dnssec/01/ [10] M. Ounsworth et al., Composite ML-KEM for Use in the Internet X.509 Public Key Infrastructure and CMS. draft-ietf-lamps-pq-composite-kem-04, July 8, 2024, https://datatracker.ietf.org/doc/draft-ietf-lamps-pq-composite-kem/04/ [11] https://datatracker.ietf.org/ipr/search/?draft=draft-harvey-cfrg-mtl-mode&rfc=&doctitle=&group=&holder=VeriSign%2C+Inc.&iprtitle=&patent=&submit=draft
- [CFRG] Request for adoption: Signature modes guid… Kaliski, Burt
- [CFRG] Re: Request for adoption: Signature modes … D. J. Bernstein
- [CFRG] Re: Request for adoption: Signature modes … Richard Barnes
- [CFRG] Re: Request for adoption: Signature modes … Kathleen Moriarty
- [CFRG] Re: Request for adoption: Signature modes … Colin Perkins
- [CFRG] Re: Request for adoption: Signature modes … Stephen Farrell
- [CFRG] Re: Request for adoption: Signature modes … Richard Barnes
- [CFRG] Re: [EXTERNAL] Re: Request for adoption: S… Mike Ounsworth
- [CFRG] Re: Request for adoption: Signature modes … S Moonesamy
- [CFRG] Re: Request for adoption: Signature modes … Watson Ladd
- [CFRG] Re: Request for adoption: Signature modes … Russ Housley
- [CFRG] Re: Request for adoption: Signature modes … D. J. Bernstein
- [CFRG] Re: Request for adoption: Signature modes … Kaliski, Burt
- [CFRG] Re: Request for adoption: Signature modes … Phillip Hallam-Baker