Re: [CFRG] I-D Action: draft-irtf-cfrg-rsa-blind-signatures-06.txt

As promised in the adoption call, I've reviewed the document. It looks good
to me, with a few notes provided below.

I've sent one editorial nit in
https://github.com/cfrg/draft-irtf-cfrg-blind-signatures/pull/152

Section 1
 - Consider citing the voting [1] and authentication (maybe the g1vpn
whitepaper [2] or private relay explainer [3] examples). It may feel like
over-embellishment from our perspective, but someone reading this may not
have the same context building systems like this as the authors do. I
appreciate the review of other blind signing alternatives later on for the
same reason.

Section 3
 - In the description of random_integer_uniform(M, N), cryptographic
security isn't mentioned, but is mentioned for random(n). Should this
mention that the random source needs to be cryptographically secure?

Section 4.1
 - All RSABSSA variants from Section 6 appear to use SHA-384 as the hash
function, and MGF1. Should we indicate hash and mgf as parameters if they
are held constant? I see that they are options in RFC8017, but if they are
held constant in the RSABSSA uses, I'd avoid listing them as options until
they need to vary.

Section 4.2
 -  [editorial pr] blinded_msg, encoded and blinded message to be signed,
an byte string -> *a* byte string

Section 4.3
 - Same notes on hash and MGF1 from 4.1 feedback

Section 5
 - Should this section be placed before section 4, so this reads in order?
Randomize, blind, etc
 - Consider defining ||

Best,
Scott

On Mon, Nov 21, 2022 at 6:06 PM Christopher Wood <caw@heapingbits.net>
wrote:

> This version of the document incorporates feedback received thus far in
> the RGLC. The primary change is the introduction of named variants to
> replace the old API guidance text. It’s our hope that these address the
> concerns raised by others and would greatly appreciate confirmation one way
> or another.
>
> Best,
> Chris, for the editors
>
> > On Nov 21, 2022, at 5:14 PM, internet-drafts@ietf.org wrote:
> >
> >
> > A New Internet-Draft is available from the on-line Internet-Drafts
> directories.
> > This draft is a work item of the Crypto Forum RG of the IRTF.
> >
> >        Title           : RSA Blind Signatures
> >        Authors         : Frank Denis
> >                          Frederic Jacobs
> >                          Christopher A. Wood
> >  Filename        : draft-irtf-cfrg-rsa-blind-signatures-06.txt
> >  Pages           : 31
> >  Date            : 2022-11-21
> >
> > Abstract:
> >   This document specifies an RSA-based blind signature protocol.  RSA
> >   blind signatures were first introduced by Chaum for untraceable
> >   payments [Chaum83].  It extends RSA-PSS encoding specified in
> >   [RFC8017] to enable blind signature support.
> >
> > Discussion Venues
> >
> >   This note is to be removed before publishing as an RFC.
> >
> >   Source for this draft and an issue tracker can be found at
> >   https://github.com/chris-wood/draft-wood-cfrg-blind-signatures.
> >
> >
> > The IETF datatracker status page for this draft is:
> > https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-blind-signatures/
> >
> > There is also an HTML version available at:
> >
> https://www.ietf.org/archive/id/draft-irtf-cfrg-rsa-blind-signatures-06.html
> >
> > A diff from the previous version is available at:
> >
> https://www.ietf.org/rfcdiff?url2=draft-irtf-cfrg-rsa-blind-signatures-06
> >
> >
> > Internet-Drafts are also available by rsync at rsync.ietf.org:
> :internet-drafts
> >
> >
> > _______________________________________________
> > CFRG mailing list
> > CFRG@irtf.org
> > https://www.irtf.org/mailman/listinfo/cfrg
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>