Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt
Watson Ladd <watsonbladd@gmail.com> Sat, 23 July 2016 22:27 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A79A312D0EE for <cfrg@ietfa.amsl.com>; Sat, 23 Jul 2016 15:27:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQ_AKmTzwhiO for <cfrg@ietfa.amsl.com>; Sat, 23 Jul 2016 15:27:38 -0700 (PDT)
Received: from mail-vk0-x22b.google.com (mail-vk0-x22b.google.com [IPv6:2607:f8b0:400c:c05::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B92EC12B034 for <cfrg@irtf.org>; Sat, 23 Jul 2016 15:27:38 -0700 (PDT)
Received: by mail-vk0-x22b.google.com with SMTP id x130so201052658vkc.0 for <cfrg@irtf.org>; Sat, 23 Jul 2016 15:27:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc; bh=TXd1GVGqakDMmxKM0d0GJmIO6d9seQfmUG6SGv+9hUg=; b=rGXlf6cimBTbQrkb/BEd3x8gTMWOx78WCIBMfsBM4I13mTNuSvmW3Cj7amLnrY6Oam dImvOnfiLQeyvdHoOr28URK9fmxRrKa7KRnURFqa7hfY097QjeBMzQY9Cn1JBYthDXTv XXjqT2kGiUfBaXuzuKcaZd9p27mHkeyCL+pi2igiyyeqsy6PseyZJaqgC+oiLd5N5ZQ0 GbWl5xtXoAuS7DhGz2deiDolxWUY9OKQreHOlpLYI6oe8WqB5A9AcIMI7HW3V5Q7Zemk JhA1UbDg7qhjdx8h8hA/vkC9xBFPyeTv7nh0mCbgrUL3TonXvsPWsYU3kzsdDRKdhczk 6ztA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc; bh=TXd1GVGqakDMmxKM0d0GJmIO6d9seQfmUG6SGv+9hUg=; b=a/Z0vacTUb0MqYI/tNL+8kfLzTkmNTIAJUOgFGYlXfOekBuxCZ7o3UWjA/IAnJL5Ia 1B9tyDXjvxKVeYTud61XcEYFa5bVLOsfT0gumnyCwsRo9orsfuRkZJMZ7IbwbsWwSy3a 3YYJi1m/xaGYLMQSNEuzzFjH57K0Wtx+uqu8+CgtH6IQOnZ4m92jmH0mhavn6xfmxxXL zs3Ak0o70EJSMBG0qPcKQo4ntBWJrjyNA7sDjALGPcyzMatzgqiYlr7+s+hCKNzSbwus IjeZYzZxe+ba7pmWkyzagOsoC2iCLBsH3tg+NiNHJx4RZ15nsAeNxNmxWqDge46I2aKU 1Rtg==
X-Gm-Message-State: AEkoouuz5ls4KG1Ixn9Nxa2jHXtltJ2+n9lEFNd8ZZiH1Vj/cT78+I71189stui1CTIeiDmbuMFT/u+QsS8s4w==
X-Received: by 10.176.1.67 with SMTP id 61mr5332335uak.87.1469312857723; Sat, 23 Jul 2016 15:27:37 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.159.39.194 with HTTP; Sat, 23 Jul 2016 15:27:37 -0700 (PDT)
In-Reply-To: <69e0bf26-c079-75fb-0a5c-751bf3581016@cs.tcd.ie>
References: <20160706144508.25995.18605.idtracker@ietfa.amsl.com> <577D1B6E.1020506@huelsing.net> <D3B93AC9.7187E%kenny.paterson@rhul.ac.uk> <994C5976EA09B556.08963792-86E6-4CE4-95FB-23F0F6046EC0@mail.outlook.com> <C6F5FDF9-6A09-4ECB-AAF5-985BF06F0F83@rhul.ac.uk> <69e0bf26-c079-75fb-0a5c-751bf3581016@cs.tcd.ie>
From: Watson Ladd <watsonbladd@gmail.com>
Date: Sat, 23 Jul 2016 15:27:37 -0700
Message-ID: <CACsn0cnU1UM1_4Y7at7ov0rr94-YWm0Boogs7R916P2Lk_BpPw@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/ByKQD6fd9rWryk2WlnZU_rlFtg0>
Resent-From: alias-bounces@ietf.org
Resent-To: <>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-based-signatures-06.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sat, 23 Jul 2016 22:27:41 -0000
On Sat, Jul 23, 2016 at 1:56 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 23/07/16 20:14, Paterson, Kenny wrote: >> Your other point regarding state is well made. > > So that, and the fact that implementations are going to be > brand new and hence quite likely buggy implies to me that > the more cautious text I suggested takes the right approach. If we go by that metric, OpenSSL's BN code will never have security relevant bugs, and ref10. Oh wait, that's not true at all, because we can verify ref10's correctness, and the BN code actually had bugs. Maybe we should try solving the problem of writing code to not have bugs (newsflash: it has been solved, the methods are not expensive, and crypto is an excellent place to apply them) We've extremely clearly documented the stateful nature of the scheme. This implementation question is different from whether the scheme meets the security goals it claims. We can try to design schemes to avoid common programing issues, and encourage the usage of more robust schemes. > > Even if we're cryptographically confident of this particular > scheme, we are IMO far from wanting the Internet to depend > upon it (or any other proposed PQ scheme). Isn't this because we aren't sure if we can deploy it safely/the desirablity ? Do you actually think that XMSS is insecure against quantum computers? To be clear, if there is no hash function that is secure against QM, game over: signatures imply hash functions. Of course, key exchanges are more dangerous then signatures, CA hoodwinking of customers aside. We don't need to post-quantum transition signatures now. > > Cautious text is better here now, rather than overly optimistic > text. > > S. > > > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org > https://www.irtf.org/mailman/listinfo/cfrg > -- "Man is born free, but everywhere he is in chains". --Rousseau.
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-base… internet-drafts
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Stephen Farrell
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Stephen Farrell
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Kyle Rose
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Stephen Farrell
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Stephen Farrell
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Rene Struik
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Stephen Farrell
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Paterson, Kenny
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Phillip Hallam-Baker
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Paterson, Kenny
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Watson Ladd
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Paterson, Kenny
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… A. Huelsing
- Re: [Cfrg] I-D Action: draft-irtf-cfrg-xmss-hash-… Paterson, Kenny