[CFRG] Re: [EXTERNAL] Re: Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 06 August 2024 14:08 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6073FC14CE5D for <cfrg@ietfa.amsl.com>; Tue, 6 Aug 2024 07:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e2EObv0x1k8C for <cfrg@ietfa.amsl.com>; Tue, 6 Aug 2024 07:07:59 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) by ietfa.amsl.com (Postfix) with ESMTP id 12065C14CE36 for <cfrg@irtf.org>; Tue, 6 Aug 2024 07:07:58 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 476A99Mo018763; Tue, 6 Aug 2024 09:05:42 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= cc:content-type:date:from:in-reply-to:message-id:mime-version :references:subject:to; s=mail1; bh=vyfjWFFCZA4PPgsA4xVyq8e26FH9 pyftKKbax+nGLNU=; b=Wx1b4prR1glSxz+IzOJeNd5bkHjROGqt9ebMqx2zQCko NR3kcSw86cjDHT8Ull7bmu+obI7tlE71F/jMxJnsGgd6L7MHsyLAi+yiguoXDouG eIwqGysdc/HuuWhj0m7QDDeXUbK198ItcuoFaDA9NtN61LPMCLLwIwGa4bUM1bJw MFEgNO/HrFtPInT1OCd/wud0CvTSTSQhwLxms362mrajF+ACz8zJXj8Syil6rvVi vdIPKOTaI24tDzfV/qIt2N4qxLtt3rUHJzUuuGyks9RgZGrLYHAXBNZSPMznfYIZ nUDjXIjgLZ7N6/wosKZYR10FS963ue5Q6zSjztVDvg==
Received: from nam04-bn8-obe.outbound.protection.outlook.com (mail-bn8nam04lp2046.outbound.protection.outlook.com [104.47.74.46]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 40uhu01bp5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 06 Aug 2024 09:05:42 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=O2nf0T/bWLrdfPFY3OpvMSrnT1IIRq/elsnfh5wh9XfhP7Gn2OqYiKSsRFAvGg7zJElVxFOeRIqamr+AmVTWwbbyaIK1An3Q4Uir4azYL2ssI7OH/gQ68VD/kfEEjjdqU9YumVdSzQ9CJp1Ma7n4Dbi9uB5ZbP2myud4IsuYA1rmj4gXk2boSX6QLZ0QzqogUV6eZXyQt2HOIT/+6eeLyUK6PaCGUvq+ZXV3ianRY5E1gDyFm7yiUD6RJyDRTO0LuKVYAhVZFqCOuj/x3dTMm089uScgFobQDvm8MTAu8uZFntIcc2YQ3DipMlDR+MjWkCvQgad/hrLXdrWBVjdOdA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=jzGegXFRyWYrfjKJAUaTa+ynd+EesbhSkzsB8lNLG5U=; b=D9BXPoPSxgCjUOWfqGt5V2qClkMRxXYI3KAOg1X4n8LDWAVSg+WQnY/m+/uxeFJBR2Nel50wLukm+aPIxhK+jes+01JrG/4tqhMRpiLfnYMsel2RTNNC0oGnBloViDKTUCMdegCtGnwq0RSezHb37pJUi4ZT47SVoDs5sF50PcmZBU6S76b7VzcJeNcAugJD2miKZUA26IFgbJEFoUCkyU6ABLPYki1nSrFGP8mKpxI6sbI/gut8pd2casSETbNaACim1R0b7WUGkfQHXrGS96dFiulPgvMyDkYmpjDA9C8H3Qd2ziiCSqtTAo1gO3oeXmOMx9fTfHWmmo3SYxQDoA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by MN0PR11MB6301.namprd11.prod.outlook.com (2603:10b6:208:3c3::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7828.27; Tue, 6 Aug 2024 14:05:27 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::b93d:b2d:3ad8:9702%4]) with mapi id 15.20.7828.023; Tue, 6 Aug 2024 14:05:27 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Richard Barnes <rlb@ipv.sx>, Watson Ladd <watsonbladd@gmail.com>
Thread-Topic: [EXTERNAL] [CFRG] Re: Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
Thread-Index: AQHa51jgjmFz4ZJEakmCHh+tax9LB7IZJWiAgAEew9A=
Date: Tue, 06 Aug 2024 14:05:27 +0000
Message-ID: <CH0PR11MB5739260788AF26E78FB1B0BE9FBF2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <43f8434f68c144f38b4a4a3933841899@verisign.com> <CACsn0c=8=DKKUu6uyevevdNRbZUae4bD=omc24Qtnz8dfeuG=Q@mail.gmail.com> <CAL02cgShYv4B4wLYTTLc3kGGn_sn1F0eoMqafmrhD8Mvk3DX_w@mail.gmail.com>
In-Reply-To: <CAL02cgShYv4B4wLYTTLc3kGGn_sn1F0eoMqafmrhD8Mvk3DX_w@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|MN0PR11MB6301:EE_
x-ms-office365-filtering-correlation-id: cd0858b0-b26d-4608-1544-08dcb620d304
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|376014|366016|1800799024|4022899009|38070700018;
x-microsoft-antispam-message-info: vM2mx78EgJe8aYCaaM+ofX+YxtSQ4tDUwIHY7Q79gHphwQ38rWi9b7s6c+8xTCg1chgcUasaKt4DmlhR+neYq7Trn8HUmaK2kF584xsvpbhkb9XIVJKKwmVF5qu+kTpyJCP/JjwQT6SjUlGhvPE9+3rYK6oJdkB3EkTPScDVqFmDuIwVPMBzbZo46KIDBFrxtQ4GW3iCOllFuZ+gs1lRMUmIrFIEl8yHkllPIc/k1fwrnsraogTusK9jz/Docrqm7VQe06Obzjhry9hzEb+0fGmBnXTvWR9lk/FK/1HhvhXGe/9ZTndPJP/cbq2hHzxYfP2QteVJpPNlg5b031ggEAINKqoaDnPdX5nGa7zK8VGRsY2BkKLvaWJkYF56FBTquoHQeQ32PpTsJBesmEoe8NefA6kkD5lj+bSy1s3V3Wjp5PEku3++/T7bVefZNjYJmw1HQ3S3u3gobsMbTP2wyTbhOVKnAjfMjyyrnXXD2rIQwTHY4KEySEnA7vdktNmt7jjKweaVtd6boZiXXn8p8N4CVveh/aW0CMqQLVCOLWjCPRg1I97KteAowg2PDaqiy3x/3MfSi6Qdyum24s6jkAEFZ9JvNEvsII2aWarz+7Lt8PLoIGi864KHZGLTKHKFI5dwlXK2sNCKLEvZiiHo5uXAjSJBgb77A5F9ZcfL2Cz95m827i59TuezBYBE6u6PVqwomoNYrjKLvil/lMoeD6T/ztmXz2cXqDRvzHjIwjFhTzabCXWrIFZ0B4Qnp5ORQScFr4dgNoWPpXT1X/Im8H0oJnL9VXJBkegJGyeZxMM23DrU4h3m/ibRri4+/O1Ip1WajgkpstruAbo+Q5NH/BqGA5PMU5mEhwWmq2zVU+Tqwzo+lHjqT1TpTQ/RjGZ0uWE2bKfxcIF9vy5fUdQhj3zjtjWC8LI/hfOWH9fjjdfzbWaHPl32ii33Mo0IUHlvx/FC9HgfvvDzZOsoErum0S2m7Ei6UzsEsuYFdA1nOnsSYObDOx+JDK4nAcDKMQ1QL7/nfJd4mU+i8cb7eYMYWw1o2ZKsIhqeYxKe6t6SFrDeC5U2Jd8eBXKZ+jb7+YFZaF9uCAXHcGn0w1oScFZ3YpwIpvfd2VPy/DKLLRa1tEyMeIaeb7F8yPNX7cN65b4Kb74qzT8fSLMnHDz5BYOr6IXFgn9gvzyHGiF2r6iaivJK7JyuyaUuorOxEdQilnUgRQy8wXaSag6aXl8aNW+/cutQNWqzK0QodHz5jkgF0fdkIK9bltpZOJAXLOt0/R2rhygOziHozisDFs3HtUUYI0CfRNBmcHPEPWwBt3BZSWZ1eqas6mKo0olvthoKVSEXSChODlZUVIqMDWuYiXYqpOkhx8jwZZqlbFUSz/FmUuz4xsngEMidZSEt34yfoqOcp11Ef0g90pi3O870WgUzRg==
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:CH0PR11MB5739.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(376014)(366016)(1800799024)(4022899009)(38070700018);DIR:OUT;SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: ufZXZjJqy83/B9oSYs3FOeFe8DmW0QwNm35Y3p+zRtpQoqknTAC1p0ZDGTVt/Q6Ou6PsbzwjTR+iR0j5OdNGuAfiM2fGywTs72+ncvQBGtMeq73E4X/wq6MFGdwlutn+hPWQ9XmIrkT7FF2dbZ1wP5o6R4hEMPYrVKMSpgVkx+WQUg4XOsef2cJz92oraCAtwqGtERfzMVlc8Fs1u4h2G0tDHvDHGHjyyWAOybOTT4wxZKMnDAaQktFyAH0zbznCArnV/WE0o9t3CTmyFVvqq0dfr0xXiH/PgL8GwntbY4KKNg4S7bCbeRHj8VVbWCfpZHJHQB1cuoSTiXe9cKN9xpcOh38Nj4At7hGhFUOpjCqyny9R/3MiDFfZZ1j2vRayZ4km3nTUc43c38Iv9uMdnfEor3pKP9D6oV2dpjINVsc4cF7045BBExCBJPn0LrRbJIuBccfQR15gfrkO5KwKzm6srLHhjt6coKff/Lh5IuGb4J+jx30Yh40g8FhjNXbKKeimXmaMECTlkHOqfC6M3R6T8IISW1EqBEK5ZO3cSY4G9K2OeAYur4wAvKAhKXAqPenaDf1EtggbTon/NGHu6mrnn0jZF8MY1GiXhVkZOVM5dlu7o1KiI7NBerzbyHoM3alOl8VVUwdFlGslLW7SdiK+Lwt8AwphrMArMzy7EMWiz47uo70I1X0pGojv39XIJELiKDezxZnQF/0H1BZf7kYJJQllYR1qE8tchn+8r9meIe5nYfHV0XEaJMKIzhl4OAoJIMpyzss+b+njY+eX9vZu1LNKTiViDVdbeE6DWNkWb4baMGiR/V+HfT/g+omK61OEyR2sKZqpl4rXEpvrYT12Rp3jUgdqObfXzCvT2vQHH0Jbi80rYuwgmPI+191D5g9jZxOD+XaAIg2ICMKatTWzfyEQvtx1kev0XTl275V2l1ThRsUSEOv37TBLqDBS6SRGmzM9gx66amqEzyqiYahtF01gC8epVTkVIGc/N982ULJWlNYt0ERbvHqXA2cBmJzfVLaeown72Z+4AMK1ZKI3AYmXEmMnu6lMwL5viUGgDOzjautfZMxNe5uxKBUWyGPJegZrG2qv8b7pd3djN2xgUbwi6XzBIwpQv1eL85uHEFE+0DGe0AqGE+Yxqbsz00oW32kBmucg0+jJfWXVwWKdgaafHrs5EtxidhGPwQFiWSDjxJOPVGS+Gnx8jDkkC95DnrQc4hldno241gh72C1ZPyMQ+LfvbFAK2iySi84+Umq5BBoz74fwgQ+56SYLPu7aOl4X9N/kTuZluPOhWDFf9tTYJV/0glGQ+0Jc2aAagRKSz0jRelPVam/WZcgc8PjzdHw9tM4Twrlk6aJPCHyWImvb+zvfp5yFOLspGZZ3Z0xvSr6kwsRB2pL+UjhRAbygo5R0Y1w87YRkFjdb0dJ52t9Mco9xfcoEqJsrrqPykTNSX7/H2gfIiqz4rZyc1m7c0Y5WCVHgBGfkthg/lRgNkETKsAT8NqorpqCncvh7P/gEVq2kbV72EYrMLpWrGG+V5sNRTJNau9WdLAMUl3CWowqxgZ2Sem+QKRNjEUBKn/QZ0obfHkGxIqvDtbGUpCQlXPMIFQABdVPLY05rqQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0639_01DAE7DF.C5773C60"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: cd0858b0-b26d-4608-1544-08dcb620d304
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 Aug 2024 14:05:27.4793 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: A4Msp48lniJBE0T9UMmxnk1CgatnATlNkDXkVxF0mHZf8V1ZiQvdvRnDnHb+/VnTQn1ckmgBhKmKs53lAaARVmJaut8s5+ZX4rikA5CYMj4=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN0PR11MB6301
X-Proofpoint-ORIG-GUID: 9OJ98hwmxFRF9cyOA5I0laSIQpmw3tq5
X-Proofpoint-GUID: 9OJ98hwmxFRF9cyOA5I0laSIQpmw3tq5
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1039,Hydra:6.0.680,FMLib:17.12.28.16 definitions=2024-08-06_12,2024-08-06_01,2024-05-17_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 malwarescore=0 phishscore=0 mlxscore=0 clxscore=1011 adultscore=0 impostorscore=0 spamscore=0 mlxlogscore=999 bulkscore=0 suspectscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.21.0-2407110000 definitions=main-2408060098
Message-ID-Hash: P5HGCET3A6SG7XKRDM4KL5MLUBHLIZZP
X-Message-ID-Hash: P5HGCET3A6SG7XKRDM4KL5MLUBHLIZZP
X-MailFrom: Mike.Ounsworth@entrust.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-cfrg.irtf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "Kaliski, Burt" <bkaliski=40verisign.com@dmarc.ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>, "Sheth, Swapneel" <ssheth@verisign.com>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [CFRG] Re: [EXTERNAL] Re: Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/mDNboqKVgXaKDUNK4Lk2qr8eyzU>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Owner: <mailto:cfrg-owner@irtf.org>
List-Post: <mailto:cfrg@irtf.org>
List-Subscribe: <mailto:cfrg-join@irtf.org>
List-Unsubscribe: <mailto:cfrg-leave@irtf.org>
But CT doesn’t externalize data needed to validate the signature into the CT data. I think that’s what makes it a “signature mode” rather than a “protocol”. I also think that the authors are trying to get cryptographic review of the crypto and show that this mode could be used beyond DNSSEC, hence bringing it to CFRG. --- Mike Ounsworth From: Richard Barnes <rlb@ipv.sx> Sent: Monday, August 5, 2024 3:57 PM To: Watson Ladd <watsonbladd@gmail.com> Cc: Kaliski, Burt <bkaliski=40verisign.com@dmarc.ietf.org>; cfrg@irtf.org; Sheth, Swapneel <ssheth@verisign.com> Subject: [EXTERNAL] [CFRG] Re: Request for adoption: Signature modes guidance / draft-harvey-cfrg-mtl-mode-03 I tend to agree with Watson here. It's not clear to me why this is a new signing mode vs. just another data structure that gets signed. Plenty of other signed hash-based data structures have been defined by Certificate Transparency, the I tend to agree with Watson here. It's not clear to me why this is a new signing mode vs. just another data structure that gets signed. Plenty of other signed hash-based data structures have been defined by Certificate Transparency, the various flavors of Key Transparency, and others. As Watson says, and as these examples illustrate, the details of these data structures tend to be pretty application-specific. So it seems like this work might be better done in a venue with more DNSSEC expertise, even if it might be reusable elsewhere. --Richard On Mon, Aug 5, 2024 at 12:59 PM Watson Ladd <watsonbladd@gmail.com <mailto:watsonbladd@gmail.com> > wrote: I don't understand why this is in the CFRG: it seems to be squarely in the line of decisions WGs have made outside CFRG such as keytrans or CT. Separately while I think the idea is interesting, there's a lot of operational and structural questions to actually apply it very closely ingrained with application and protocol level considerations. CFRG isn't really suited to determine if this will work. This is not to say it shouldn't be pursued, but I just have a lot of questions about how it would work fro DNSSEC for instance. Sincerely, Watson Ladd -- Astra mortemque praestare gradatim _______________________________________________ CFRG mailing list -- cfrg@irtf.org <mailto:cfrg@irtf.org> To unsubscribe send an email to cfrg-leave@irtf.org <mailto:cfrg-leave@irtf.org>
- [CFRG] Request for adoption: Signature modes guid… Kaliski, Burt
- [CFRG] Re: Request for adoption: Signature modes … D. J. Bernstein
- [CFRG] Re: Request for adoption: Signature modes … Richard Barnes
- [CFRG] Re: Request for adoption: Signature modes … Kathleen Moriarty
- [CFRG] Re: Request for adoption: Signature modes … Colin Perkins
- [CFRG] Re: Request for adoption: Signature modes … Stephen Farrell
- [CFRG] Re: Request for adoption: Signature modes … Richard Barnes
- [CFRG] Re: [EXTERNAL] Re: Request for adoption: S… Mike Ounsworth
- [CFRG] Re: Request for adoption: Signature modes … S Moonesamy
- [CFRG] Re: Request for adoption: Signature modes … Watson Ladd
- [CFRG] Re: Request for adoption: Signature modes … Russ Housley
- [CFRG] Re: Request for adoption: Signature modes … D. J. Bernstein
- [CFRG] Re: Request for adoption: Signature modes … Kaliski, Burt
- [CFRG] Re: Request for adoption: Signature modes … Phillip Hallam-Baker