Re: [Cfrg] [irsg] IRSG review of draft-irtf-cfrg-xmss-hash-based-signatures-08

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Tue, 27 June 2017 15:41 UTC

Return-Path: <prvs=73511c9506=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3CD331200C1; Tue, 27 Jun 2017 08:41:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.2
X-Spam-Level:
X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.001, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T3X814mQRKbV; Tue, 27 Jun 2017 08:41:25 -0700 (PDT)
Received: from llmx2.ll.mit.edu (LLMX2.LL.MIT.EDU [129.55.12.48]) by ietfa.amsl.com (Postfix) with ESMTP id E3DC11200B9; Tue, 27 Jun 2017 08:41:24 -0700 (PDT)
Received: from LLE2K10-HUB01.mitll.ad.local (LLE2K10-HUB01.mitll.ad.local) by llmx2.ll.mit.edu (unknown) with ESMTP id v5RFf09H045591; Tue, 27 Jun 2017 11:41:03 -0400
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Watson Ladd <watsonbladd@gmail.com>, "A. Huelsing" <ietf@huelsing.net>
CC: "draft-irtf-cfrg-xmss-hash-based-signatures@ietf.org" <draft-irtf-cfrg-xmss-hash-based-signatures@ietf.org>, "cfrg@irtf.org" <Cfrg@irtf.org>, "irsg@irtf.org" <irsg@irtf.org>
Thread-Topic: [Cfrg] [irsg] IRSG review of draft-irtf-cfrg-xmss-hash-based-signatures-08
Thread-Index: AQHS6RrEaGRypUrjFEGVgLUVEN9hFaIsqIuAgAD+a4CAC1S7AIAAGJOA///REwA=
Date: Tue, 27 Jun 2017 15:41:00 +0000
Message-ID: <56C14C05-5562-49AA-85C9-DF5B7593BFED@ll.mit.edu>
References: <D4FDAF9D.8D586%kenny.paterson@rhul.ac.uk> <9a878527-5ab9-5429-7c5d-4f7e4ca4e8db@isode.com> <08944dc3-9086-ed47-cc1b-54248b3dac70@cs.tcd.ie> <D566ADE0.963E4%kenny.paterson@rhul.ac.uk> <9e6b6146-e376-86cb-70be-0127a3e72d16@cs.tcd.ie> <D56DBB2C.96A67%kenny.paterson@rhul.ac.uk> <6f90e485-01f4-5ad8-49ef-e51c52e01a46@cs.tcd.ie> <5e328e85-a8a1-67f1-3853-418309b04a17@huelsing.net> <27cc7000-7fd5-27dd-b8b5-9b9518a9f3ad@huelsing.net> <CACsn0c=UQ+QcbEC0TRcLR_OJWEmK4ZL8QNLnHLeQgrnqyQiF+A@mail.gmail.com>
In-Reply-To: <CACsn0c=UQ+QcbEC0TRcLR_OJWEmK4ZL8QNLnHLeQgrnqyQiF+A@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/f.23.0.170610
x-originating-ip: [172.25.177.195]
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha256; boundary="B_3581408460_1427055620"
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2017-06-27_09:, , signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 spamscore=0 suspectscore=0 malwarescore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1703280000 definitions=main-1706270252
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/Z_nPGac3ez27C1q7yOauaenxzuM>
Subject: Re: [Cfrg] [irsg] IRSG review of draft-irtf-cfrg-xmss-hash-based-signatures-08
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Jun 2017 15:41:28 -0000

On 6/27/17, 10:28, "Cfrg on behalf of Watson Ladd" <cfrg-bounces@irtf.org on behalf of watsonbladd@gmail.com> wrote:

    > We think it is better to add a reference implementation. We would now just add
    > the C code as appendix. Would that be fine? Are there any conditions on code? We
    > have dependencies to OpenSSL for SHA2.
    
    I would prefer just calls to sha256(unsigned char *out, unsigned char
    *in, size_t inlen). OpenSS's API  is a mess.

I would prefer calls to sha-3-256. SHA-2 is not a randomizer by design.