[Cfrg] My thoughts on randomized signature generation
Watson Ladd <watsonbladd@gmail.com> Tue, 05 May 2020 12:36 UTC
Return-Path: <watsonbladd@gmail.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id DB61B3A00D5
for <cfrg@ietfa.amsl.com>; Tue, 5 May 2020 05:36:10 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.199
X-Spam-Level:
X-Spam-Status: No, score=-0.199 tagged_above=-999 required=5
tests=[BAYES_40=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001,
RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001]
autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id gfN9BYnHP79V for <cfrg@ietfa.amsl.com>;
Tue, 5 May 2020 05:36:10 -0700 (PDT)
Received: from mail-lf1-x130.google.com (mail-lf1-x130.google.com
[IPv6:2a00:1450:4864:20::130])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id A8D193A00D2
for <cfrg@irtf.org>; Tue, 5 May 2020 05:36:09 -0700 (PDT)
Received: by mail-lf1-x130.google.com with SMTP id w14so1219627lfk.3
for <cfrg@irtf.org>; Tue, 05 May 2020 05:36:09 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025;
h=mime-version:from:date:message-id:subject:to;
bh=x1FBRUYT44YXG59zra1osuL6f4wdFv5v6VgNPZcEMWY=;
b=fUOysb7M15m50b9yz05k1Lj8attP3CSkfdxIek1GaXvtFUIbHVGIYkGtwMDpKg5pQb
GXeqNPxMhVPbW+8P5e94C8b3YCHnMSEM1ARiXUgA1QsiEn0uW6HiCowQ2I2FXvNLkzgj
p8lMMr//8zIiOnku7GAfQEaHRPLaRKUrYvAKJUiB50qIgGSZrhxJgW6o6SmkTtEiTlPb
ez8AagKRNCUlo2209HfG+585FgmmPmnCljWaeGD5aYjOb2419pWewIKcXIeC8jiHhZUV
J27XMzkvmEWbEpuhUvx9dF7nctfDe9k8VRXpv7pEtAfSnJk+h741YQILU5Qkx1LmgBge
rjvA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20161025;
h=x-gm-message-state:mime-version:from:date:message-id:subject:to;
bh=x1FBRUYT44YXG59zra1osuL6f4wdFv5v6VgNPZcEMWY=;
b=DaFyLD2r/tU0xYIFOvU5yYLUSBVQ+acRU41xPFd9Z6vOYLoCzeFvbuI5qXt6WwlQSw
lArEVrh70pQ4mzAM+54BMI50LePM9GeibuLyFHsMqM9KPh9yy3qylKdWZZQ2by1szfTy
46bk5pyvOluC0lMyXqwL+sLSSZQMZhbuMP++5+PYWuarLytScrgmq/j/Xr5ZQaSU8Yd5
0jAXcCnIkWtk81Ao/qC+McFsBkCAiBbAPHhK8HsMKRo43KWdVira7soLJB1oUIx91Tfq
a9QGIsTN9Kyo6HV//IGU5znc9J746z6uAM98Ql43GD60LDT+l0T3okke9elTSo2vBvMr
d2KQ==
X-Gm-Message-State: AGi0PuYu22dzFlTb60jZpokIbkSiXXbcERInM44jiFMtRlf9X6An/cxf
QQcPzm2uCnP7YgrbJz2l4XgtHD+ceq1IouYbV4zUPcjh
X-Google-Smtp-Source: APiQypK8odoOR14CF5XCgO4U6qtbrrpuq8OGmrFYKDk67vLGKEAREAKH2sEaz3sdWTqi6sl2HrT2L92bJyGOADIAqzk=
X-Received: by 2002:ac2:464c:: with SMTP id s12mr1533756lfo.147.1588682167264;
Tue, 05 May 2020 05:36:07 -0700 (PDT)
MIME-Version: 1.0
From: Watson Ladd <watsonbladd@gmail.com>
Date: Tue, 5 May 2020 08:35:56 -0400
Message-ID: <CACsn0c=8TTmh=_Zbf170sSxDHkSyzeTsvp2g=KZm4U19LCb7eQ@mail.gmail.com>
To: CFRG <cfrg@irtf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/n17RfVwA7lmQMFVxcDp8zHo6lIw>
Subject: [Cfrg] My thoughts on randomized signature generation
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>,
<mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>,
<mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2020 12:36:11 -0000
Dear participants, I apologize for the long delay between the virtual meeting and this email. I'm writing to expand upon my opposition at the mike to distinguishing between interoperable signatures based on the method of generation. My opposition is rooted in the following facts: the signature generation method doesn't introduce any incompatibility with existing verfiers, and the existing installed verifiers expect the already allocated codepoints. A new system using randomized generation that doesn't use the existing codepoints will thus be incompatible. It would of course be possible to avoid this, and the right way is simply to use the existing codepoints rather then implement the less secure generation method. Sincerely, Watson Ladd
- [Cfrg] My thoughts on randomized signature genera… Watson Ladd
- Re: [Cfrg] My thoughts on randomized signature ge… Sofía Celi
- Re: [Cfrg] My thoughts on randomized signature ge… Phillip Hallam-Baker
- Re: [Cfrg] My thoughts on randomized signature ge… Phillip Hallam-Baker