IETF Logo Mail Archive

[CFRG] Re: 回复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt

Daniel Huigens <daniel.huigens@proton.ch> Mon, 09 September 2024 15:17 UTC

Return-Path: <daniel.huigens@proton.ch>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91432C15152D for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2024 08:17:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.105
X-Spam-Level:
X-Spam-Status: No, score=-2.105 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=proton.ch
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1MhD8uyR74qX for <cfrg@ietfa.amsl.com>; Mon, 9 Sep 2024 08:16:59 -0700 (PDT)
Received: from mail-4317.proton.ch (mail-4317.proton.ch [185.70.43.17]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 295C1C14F61C for <cfrg@irtf.org>; Mon, 9 Sep 2024 08:16:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=proton.ch; s=2q7j4scwwvfjfb7meowsfsbt6u.protonmail; t=1725895017; x=1726154217; bh=4JTvigcriyqhasSV0WvTN2TA8boj64dKpdOwPJqmUDA=; h=Date:To:From:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector; b=n5SVxXDC2pIZxmlEyQXBCkK+HOf5rJ1bjQL0KFmxdbRf6QIQh5IFF9VHHGu6Ide4+ f/xMLIhyUpfN0r+OT241kxKLv1O5VBtdBk5KNK50om9wMb5x4F+EUDK5buYQXKU2Ls OO3fAcEGUPr1G4az+7rndSncUdJWRP9f5O0irR0SEFyN4IOAj8D1P+cg+UtV8nu1JR 5DY3X6f2GE4dfjk5Gz3BKSjidUSREf3ZQXNZDAGSsJ16uMLR1Bg5j+POwA5HzbvpjC vr86b7Nn185gi1EkHN/7C/WuCGpMUIifgyYxPoLvByOaCiPohKLVMWIhAMf5XxtG+f weS50mYo6g81g==
Date: Mon, 09 Sep 2024 15:16:53 +0000
To: "cfrg@irtf.org" <cfrg@irtf.org>
From: Daniel Huigens <daniel.huigens@proton.ch>
Message-ID: <gxv1hzo2clc_DYYNrKi-yGA5PoEH6v_UZcW7I8R7XttivBTZLNBXPlO3jM3nhZnB86HnGlCdKHmQpznBynplCeapP7jkJYj-XYLvfGPDSQQ=@proton.ch>
In-Reply-To: <TYAPR01MB4992039FC820D0425D2C6BE4C1982@TYAPR01MB4992.jpnprd01.prod.outlook.com>
References: <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com> <20240322070827.738849.qmail@cr.yp.to> <TYAPR01MB4992039FC820D0425D2C6BE4C1982@TYAPR01MB4992.jpnprd01.prod.outlook.com>
Feedback-ID: 37000915:user:proton
X-Pm-Message-ID: 6c92bfa4e8f3f92dfe8ac420214ecfcdffaf40b4
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: WJVA2ZHGZO4OIA3JA5AP44A6NHJFQSXZ
X-Message-ID-Hash: WJVA2ZHGZO4OIA3JA5AP44A6NHJFQSXZ
X-MailFrom: daniel.huigens@proton.ch
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: 回复: I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/kIFyjort0LTTFgAwW7blRUbYrsY>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>

Hi folks,

Speaking in the capacity of Web Cryptography API editor here.

WebKit has shipped an implementation of Ed25519 that on macOS produces
randomized signatures, presumably because its CryptoKit has implemented
this draft.

The current draft specifying Ed25519 in Web Crypto [1] only refers to
RFC 8032, but Apple has requested that we explicitly allow generating
randomized signatures as well, e.g. by referring to this draft.
Therefore I'd like to ask:

1. Is it expected that this draft will become an RFC, such that
   it's reasonable to refer to the draft already (at least from
   the Editor's draft of Web Crypto, for example)?

2. If the draft does become an RFC, is it necessary to refer to it
   explicitly at that point? Or, will all references to RFC 8032 also
   allow randomized signatures automatically, given that this draft
   updates that RFC? (I imagine this is also relevant for IETF specs
   like RFC 9580 (OpenPGP) which refers to RFC 8032 as well, though
   e.g. RFC 8446 (TLS 1.3) refers to "[RFC8032] or its successors".)

Best,
Daniel

[1]: https://wicg.github.io/webcrypto-secure-curves/


---

Daniel Huigens
Cryptography Team Lead
Proton AG

v2.40.4 | Report a Bug | By Email | System Status