Re: [Cfrg] BLS Signature for X.509
Antonio Sanso <asanso@adobe.com> Thu, 06 October 2016 12:20 UTC
Return-Path: <asanso@adobe.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E7ED712961B for <cfrg@ietfa.amsl.com>; Thu, 6 Oct 2016 05:20:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.021
X-Spam-Level:
X-Spam-Status: No, score=-2.021 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=adobe.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6Lju3HzCm76I for <cfrg@ietfa.amsl.com>; Thu, 6 Oct 2016 05:20:32 -0700 (PDT)
Received: from NAM03-CO1-obe.outbound.protection.outlook.com (mail-co1nam03on0084.outbound.protection.outlook.com [104.47.40.84]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 25297129618 for <cfrg@irtf.org>; Thu, 6 Oct 2016 05:20:31 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=adobe.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=NtLseJNk/XrE2UKLIv94TspyOd2pbMQWn5bg5hsu9Sg=; b=ilbvXiFOyAhbXqjkD3aqUFgebuXGeGdLunEELnw/v0dzkn1ajM/SxdkpFBg6iQjbKRDuCoVMYqNmlNH+bWGOPgyFIakaPyuAwFjTLzlz3kE9yw9cCJeRTXjhwlKVJ6WZ/T7A+3K96GqtK5J2VRDwjW/kVLvxS3RlnQ/0mxzluj4=
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com (10.161.203.148) by BY1PR0201MB1031.namprd02.prod.outlook.com (10.161.203.149) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.649.16; Thu, 6 Oct 2016 12:20:28 +0000
Received: from BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) by BY1PR0201MB1030.namprd02.prod.outlook.com ([10.161.203.148]) with mapi id 15.01.0649.024; Thu, 6 Oct 2016 12:20:28 +0000
From: Antonio Sanso <asanso@adobe.com>
To: Dan Brown <danibrown@blackberry.com>
Thread-Topic: [Cfrg] BLS Signature for X.509
Thread-Index: AQHSGufpbY1YYOxHykaegiXLdxYgpKCX1qkAgACkooCAAR9UAIAAkh6AgAAHUICAAS4tgA==
Date: Thu, 06 Oct 2016 12:20:28 +0000
Message-ID: <E6D9AB05-CB0E-4C91-9049-C22EE6C499AE@adobe.com>
References: <9E7BD18D-496F-4F93-9DC6-EC49B56825D2@adobe.com> <00F862CA-EBC6-43C5-B3E1-9EEC3BB01A81@adobe.com> <CAKDPBw8Em9Wp=+e9ML2Uqki65bOXzT_UEqK8_xp_W8xMypN=uw@mail.gmail.com> <D94DA7EC-8C8F-4B00-BE42-022CCA3A6E1A@adobe.com> <CAKDPBw9=5T9CefNquaK_FP5-yTyt-o+1XWOaUtqtnXUmDz1PnQ@mail.gmail.com> <810C31990B57ED40B2062BA10D43FBF501036BBF@XMB116CNC.rim.net>
In-Reply-To: <810C31990B57ED40B2062BA10D43FBF501036BBF@XMB116CNC.rim.net>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=asanso@adobe.com;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [192.147.117.11]
x-ms-office365-filtering-correlation-id: ba30fec0-ab60-4fa2-0e54-08d3ede328d5
x-microsoft-exchange-diagnostics: 1; BY1PR0201MB1031; 7:oyTK2q9n/JwQpDiYTQeywCBq9UZS+Dzbdr58KqaQxUVyi55Q5AvVc6FQLJ+2kPIt2kvYGV78vzSxi+D4yC5UMnJp51EEkuVV9MbtkIF4C78ABYe8Kdp9e4w0db2lg9GlAs5qthueOO2L1UbCu9EfDAnVPu7UAJJWIZGxszeNN10dU8Te7SdQh7HKWAJSNZ51HoJeoivTY17NshDdHyhsuo86uV5f5wbk+flo8psdxX8towguZKpRwNvsDXePtjj+VEblQ4EgJOWvPc6RHScXpTnNlgk33maaxhF/C73dfd3lI9zkSxL+RINbet0qTic37s5hLzvJMdtqn4XpOJrqZA==; 20:olShWeGFcGNMlQHhACVmMWQIVTd8DEBlKV2AKcXHiLl9uTpT7xWnqXxzdOqh2bRrhQ/s4kCWrL1t4Zi7StPWyj8nt+8KZqhsQSEjcDZtNDBeLL4R/wawbIw10M6B8t0JcZQZ4gGg9LBTKQrza1Py0CV/qeoWc79EStR6HqWTz+c=
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BY1PR0201MB1031;
x-microsoft-antispam-prvs: <BY1PR0201MB10311E6484037244496287CAD9C70@BY1PR0201MB1031.namprd02.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105)(57809966217671);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(61425038)(6040176)(601004)(2401047)(8121501046)(5005006)(3002001)(10201501046)(6055026)(61426038)(61427038); SRVR:BY1PR0201MB1031; BCL:0; PCL:0; RULEID:; SRVR:BY1PR0201MB1031;
x-forefront-prvs: 00872B689F
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(7916002)(24454002)(199003)(377454003)(52254002)(189002)(86362001)(189998001)(5660300001)(586003)(33656002)(81166006)(10400500002)(76176999)(81156014)(3280700002)(3660700001)(101416001)(36756003)(97736004)(8676002)(66066001)(10090500001)(99286002)(16236675004)(106356001)(2906002)(106116001)(19617315012)(105586002)(54356999)(7906003)(50986999)(15975445007)(68736007)(82746002)(7736002)(7846002)(19580405001)(2900100001)(5002640100001)(87936001)(102836003)(92566002)(83716003)(6116002)(8936002)(110136003)(11100500001)(2950100002)(19580395003)(3846002)(93886004)(77096005)(6916009)(4326007)(122556002)(104396002); DIR:OUT; SFP:1101; SCL:1; SRVR:BY1PR0201MB1031; H:BY1PR0201MB1030.namprd02.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: adobe.com does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_E6D9AB05CB0E4C919049C22EE6C499AEadobecom_"
MIME-Version: 1.0
X-OriginatorOrg: adobe.com
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Oct 2016 12:20:28.6021 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: fa7b1b5a-7b34-4387-94ae-d2c178decee1
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY1PR0201MB1031
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/UZoNL2vTWRlbkMwNcE9CKVxMQn8>
Cc: "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] BLS Signature for X.509
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Oct 2016 12:20:37 -0000
hi Dan On Oct 5, 2016, at 8:18 PM, Dan Brown <danibrown@blackberry.com<mailto:danibrown@blackberry.com>> wrote: Hi Antonio, Can you briefly expand on the advantages of BLS, especially the aggregation of chains [citing also a reference]? here a couple of references http://theory.stanford.edu/~dfreeman/cs259c-f11/finalpapers/aggregatesigs.pdf https://crypto.stanford.edu/~dabo/papers/aggsurvey.pdf AFAIU if the signature used is BLS there is not need to calculate the certificate chain since any “node” involved can "fully proof" the “chain” . How well are these advantages aligned with IETF needs? At the moment, I’m a little skeptical that the benefits (smaller chains?) outweigh the risks (relying on pairing-groups), but I could be wrong. are you aware of any risk of using BLS. I am not so far…. Just to be clear, although BLS uses pairing-groups, it does not have any escrow worries (unlike IBE etc.), or am I badly mistaken? Is BLS standardized elsewhere (ISO, IEEE 1363*, etc.)? In any event, you could prepare an individual I-D to propose BLS to IETF, although I do not how much it would be accepted. if there is any interest I would be happy to take a stub and write a draft. Is there anyone interested to join the effort? regards antonio Pairing-groups have been proposed for in use IETF before: https://datatracker.ietf.org/doc/draft-budronimccusker-milagrotls/ https://datatracker.ietf.org/doc/rfc6508/ https://datatracker.ietf.org/doc/rfc6509/ Best regards, Dan From: Cfrg [mailto:cfrg-bounces@irtf.org] On Behalf Of Paul Grubbs Sent: Wednesday, October 05, 2016 1:53 PM To: Antonio Sanso <asanso@adobe.com<mailto:asanso@adobe.com>> Cc: cfrg@irtf.org<mailto:cfrg@irtf.org> Subject: Re: [Cfrg] BLS Signature for X.509 The IETF does play an important role in the process, but most people (at least in the US) won't consider anything in crypto 'standardized' unless it involves NIST. On Wed, Oct 5, 2016 at 5:09 AM, Antonio Sanso <asanso@adobe.com<mailto:asanso@adobe.com>> wrote: hi Paul, thanks. Isn’t where this group can help though (namely standardization) ? regards antonio On Oct 4, 2016, at 6:01 PM, Paul Grubbs <pag225@cornell.edu<mailto:pag225@cornell.edu>> wrote: BLS signatures would be nice for many reasons. The lack of standardized pairing groups makes it a little difficult from a deployability perspective, I think. On Tue, Oct 4, 2016 at 2:12 AM, Antonio Sanso <asanso@adobe.com<mailto:asanso@adobe.com>> wrote: anyome :S ? On Sep 30, 2016, at 8:57 AM, Antonio Sanso <asanso@adobe.com<mailto:asanso@adobe.com>> wrote: > hi *, > > sorry for the noise. > I was wondering if it was already discussed the idea to use BSL Signature for X.509. > AFAIK this will avoid certificate chains thanks to the signature aggregation property… > If this was already discussed I apologize. > If not WDYT about this? > > regards > > antonio > _______________________________________________ > Cfrg mailing list > Cfrg@irtf.org<mailto:Cfrg@irtf.org> > https://www.irtf.org/mailman/listinfo/cfrg _______________________________________________ Cfrg mailing list Cfrg@irtf.org<mailto:Cfrg@irtf.org> https://www.irtf.org/mailman/listinfo/cfrg
- [Cfrg] BLS Signature for X.509 Antonio Sanso
- Re: [Cfrg] BLS Signature for X.509 Antonio Sanso
- Re: [Cfrg] BLS Signature for X.509 Paul Grubbs
- Re: [Cfrg] BLS Signature for X.509 Antonio Sanso
- Re: [Cfrg] BLS Signature for X.509 Paul Grubbs
- Re: [Cfrg] BLS Signature for X.509 Benjamin Black
- Re: [Cfrg] BLS Signature for X.509 Dan Brown
- Re: [Cfrg] BLS Signature for X.509 Antonio Sanso
- Re: [Cfrg] BLS Signature for X.509 Dan Brown
- Re: [Cfrg] BLS Signature for X.509 zaki@manian.org