IETF Logo Mail Archive

[CFRG] Re: I-D Action: draft-irtf-cfrg-rsa-guidance-01.txt

Phillip Hallam-Baker <phill@hallambaker.com> Thu, 05 September 2024 17:21 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 65BDBC15106C; Thu, 5 Sep 2024 10:21:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.655
X-Spam-Level:
X-Spam-Status: No, score=-1.655 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1-8QCf1WOADF; Thu, 5 Sep 2024 10:21:51 -0700 (PDT)
Received: from mail-oi1-f172.google.com (mail-oi1-f172.google.com [209.85.167.172]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8F6C4C14F6EF; Thu, 5 Sep 2024 10:21:51 -0700 (PDT)
Received: by mail-oi1-f172.google.com with SMTP id 5614622812f47-3df0fc40271so659836b6e.3; Thu, 05 Sep 2024 10:21:51 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1725556911; x=1726161711; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=ZzUEZwVv4fa8/AE6Q679VFcHY9+mH/t92cVGV3LK3JM=; b=JR/kNFbQ+CjI+JjjTSF6QtjIb5HRKbiP62X5ENbXVsp2cztB5eIxRfnBh68iXmzpPX 9I5oomH7ZPflQgGV59wlEim5v+q03D3KbUjq4R1RTg6GTSpnuh0Ge0t+9Z8meu7X3dJH meR9AAA99aylC3D2YoR2Lq3WsCe2xGgMapNzS+23SZPnLhgKP9UmzeBTNQZd5pDPp5pa ak/KVSu+jeGRrRajhEp8rPSbI8VboxZvpPsB6JN7hO1CXNfD91N0RHgIoFWEuXs+kCgc AH3jCC2uiT5wOHYvF5X33khASQQVwT/9LdB7O3PNA2pPpjMvjSPV0M0p9ApMWN6OSQre Lu5g==
X-Forwarded-Encrypted: i=1; AJvYcCU5FB7TR3B1oE5s6yYS/7ep/othlAEpLjfMePa84dPevvz1zSZp7uS2j4uPu+V/kyg07nkyr9Yl5LRwjvI7@ietf.org, AJvYcCWwo5MmnGFPWEsbTWbg2MTbJIeGLCULzkzkVIFPxJ7ej3zRVakASJwm7RMLY1vHKIGRekym@ietf.org
X-Gm-Message-State: AOJu0YwbcNisVq9kAfjss8PAaR329FNYIbzuBrwm6WWAGNNj6IbwTqrv 5iDpDQVP8ei44/S/heziDKT0MzobynNbrNnBvaEgxJeLJvfNuyVvqypFnw1obZS/E84RObaCyjb tOKvYFBEw2dViOMcPnekK45QjxkMJfAQ2
X-Google-Smtp-Source: AGHT+IGqqF5Rm7gADnrFzRVofeAxsmPxJ+uPm+DLBeDd7V5+tUdjBzAaDK8Se984709aXpLh0t90R/haY+TCKr4G25U=
X-Received: by 2002:a05:6808:3a11:b0:3d9:da92:e654 with SMTP id 5614622812f47-3e029cfe065mr39995b6e.4.1725556910407; Thu, 05 Sep 2024 10:21:50 -0700 (PDT)
MIME-Version: 1.0
References: <172538719711.1420249.4393971363081609427@dt-datatracker-68b7b78cf9-q8rsp> <02e9a51e-b938-49f2-b832-de4d3ec575ee@redhat.com>
In-Reply-To: <02e9a51e-b938-49f2-b832-de4d3ec575ee@redhat.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Thu, 05 Sep 2024 13:21:39 -0400
Message-ID: <CAMm+Lwh3DwF1GA=WUMEsXZ-Ho__AKB6R-kfkxF9=pRZxn3jZBw@mail.gmail.com>
To: Alicja Kario <hkario@redhat.com>
Content-Type: multipart/alternative; boundary="000000000000af484806216286df"
Message-ID-Hash: PK4KHMZPGFLCDCYZDSINF72354M6EYDN
X-Message-ID-Hash: PK4KHMZPGFLCDCYZDSINF72354M6EYDN
X-MailFrom: hallam@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: internet-drafts@ietf.org, i-d-announce@ietf.org, cfrg@ietf.org
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: I-D Action: draft-irtf-cfrg-rsa-guidance-01.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/W8ovW-OciHLIsE6kqq4JyPapbfY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Very interesting. RSA will be with us for a long time...

Have you considered key generation? Just adding a reference to FIPS 185-5
might be enough. I am currently trying to decide whether probabilistic or
provable primes are the way to go. I have also noticed that keygen on my
state of the art 2023 machine is taking almost as long as it used to take
in 1990. That is because we are using longer keys and we are doing a lot
more checks - the auxiliary primes.

On the draft itself, I am not sure about calling Montgomery ladders 'side
channel free'. They are really not. Hardware does too much weirdness these
days for anything to be side effect free unless it is hardware designed to
be so.



On Tue, Sep 3, 2024 at 2:27 PM Alicja Kario <hkario@redhat.com> wrote:

> Hello,
>
> In the main body of the draft there were just few minor changes:
> few typos fixed.
>
> The main change in revision 01 is the addition of actual test vectors
> for the 2048 bit RSA key.
>
> As I've also wrote automated tests to verify the correctness of them,
> it took me a bit more than I expected, you can find those here:
> https://github.com/tlsfuzzer/tlslite-ng/pull/528
> That's also the reason why I haven't added test vectors for other
> key sizes yet.
>
> Please provide comments if this format of the test vectors is
> OK/acceptable, and I'll add the other key sizes a bit later.
>
> On Tuesday, 3 September 2024 20:13:17 CEST, internet-drafts@ietf.org
> wrote:
> > Internet-Draft draft-irtf-cfrg-rsa-guidance-01.txt is now available. It
> is a
> > work item of the Crypto Forum (CFRG) RG of the IRTF.
> >
> >    Title:   Implementation Guidance for the PKCS #1 RSA
> > Cryptography Specification
> >    Author:  Alicja Kario
> >    Name:    draft-irtf-cfrg-rsa-guidance-01.txt
> >    Pages:   23
> >    Dates:   2024-09-03
> >
> > Abstract:
> >
> >    This document specifies additions and amendments to RFC 8017.
> >    Specifically, it provides guidance to implementers of the standard to
> >    protect against side-channel attacks.  It also deprecates the RSAES-
> >    PKCS-v1_5 encryption scheme, but provides an alternative depadding
> >    algorithm that protects against side-channel attacks raising from
> >    users of vulnerable APIs.  The purpose of this specification is to
> >    increase security of RSA implementations.
> >
> > The IETF datatracker status page for this Internet-Draft is:
> > https://datatracker.ietf.org/doc/draft-irtf-cfrg-rsa-guidance/
> >
> > There is also an HTMLized version available at:
> > https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-rsa-guidance-01
> >
> > A diff from the previous version is available at:
> >
> https://author-tools.ietf.org/iddiff?url2=draft-irtf-cfrg-rsa-guidance-01
> >
> > Internet-Drafts are also available by rsync at:
> > rsync.ietf.org::internet-drafts
> >
> >
>
> --
> Regards,
> Alicja (nee Hubert) Kario
> Principal Quality Engineer, RHEL Crypto team
> Web: www.cz.redhat.com
> Red Hat Czech s.r.o., Purkyňova 115, 612 00, Brno, Czech Republic
>
> _______________________________________________
> CFRG mailing list -- cfrg@irtf.org
> To unsubscribe send an email to cfrg-leave@irtf.org
>

v2.43.4 | Report a Bug | By Email | System Status