IETF Logo Mail Archive

Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt

Simon Josefsson <simon@josefsson.org> Thu, 21 March 2024 16:54 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E6698C15154F; Thu, 21 Mar 2024 09:54:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.407
X-Spam-Level:
X-Spam-Status: No, score=-4.407 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=josefsson.org header.b="WDeu2v/s"; dkim=pass (2736-bit key) header.d=josefsson.org header.b="iJs5Yt4p"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id chv5PkmJCeof; Thu, 21 Mar 2024 09:54:44 -0700 (PDT)
Received: from uggla.sjd.se (uggla.sjd.se [IPv6:2001:9b1:8633::107]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94FABC151062; Thu, 21 Mar 2024 09:54:43 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=ed2303; h=Content-Type:MIME-Version:Message-ID:In-Reply-To :Date:References:Subject:Cc:To:From:Sender:Reply-To:Content-Transfer-Encoding :Content-ID:Content-Description; bh=mIP94hm6ns1EdzrSTJ2Kuhc5/nNetPenKTyxSN9/08A=; t=1711040076; x=1712249676; b=WDeu2v/sXtK88STfcG9D4PGAjEILfQfh9K4saHwp9rHvtJYp1iw9KHZspEmAtdXuBnRMVOhS192 b8cIApSzwCw==;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=josefsson.org; s=rsa2303; h=Content-Type:MIME-Version:Message-ID: In-Reply-To:Date:References:Subject:Cc:To:From:Sender:Reply-To: Content-Transfer-Encoding:Content-ID:Content-Description; bh=mIP94hm6ns1EdzrSTJ2Kuhc5/nNetPenKTyxSN9/08A=; t=1711040076; x=1712249676; b=iJs5Yt4pS2YHb2nRHyC1nUCYCQXyfOiANIO7+Uv2pyA+jrRgQpK9D2yDpxpJ93EnPO4vaBfj7xw J7Vx0DJZ1kfoIsEWumfthLmyxm1cFUK18F3BYAXPFfiltmVleLyLbnMh8kvq8NMmZ3PgJtz9IluH6 E9iXHFetWQELDKW6FrVSAuvdxiYxNS1umBDFgvci8PQQwxDAAn5yiTh+5HpXLXaa/3SAlg5taucCD t0sAHMH7gS2J1OnK3pYV9hpa9/fxSQH4LzXuz+y/fwnWdZOpNYnLP9QrhiNnQRsP19N79Mfzbh0rf pRkgDyVpDBqbMDNuA/OSWJn0Pq8GbBFxgDTnQVZzl3Io4ugb6NrcK53aoCpo4GrGeRJ5z1a9INvkP 32cfLOF833GxxJ2++1ggxdViboZRjomNarYRrLKJ+zlZkf2seqHe1QqS+B/TuYOucdrpC9w74;
Received: from [2001:9b1:41ac:ff00:823f:5dff:fe09:16ac] (port=40370 helo=kaka) by uggla.sjd.se with esmtpsa (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from <simon@josefsson.org>) id 1rnLgW-00FvuG-VT; Thu, 21 Mar 2024 16:54:33 +0000
From: Simon Josefsson <simon@josefsson.org>
To: John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org>
Cc: "cfrg@ietf.org" <cfrg@ietf.org>
References: <171059902559.62439.16934208488045122879@ietfa.amsl.com> <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com>
OpenPGP: id=B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE; url=https://josefsson.org/key-20190320.txt
X-Hashcash: 1:23:240321:john.mattsson=40ericsson.com@dmarc.ietf.org::DF8lCLGMDo5o161O:7UNJ
X-Hashcash: 1:23:240321:cfrg@ietf.org::ncPGWfN8oNsH8+s4:8IoU
Date: Thu, 21 Mar 2024 17:54:19 +0100
In-Reply-To: <GVXPR07MB9678799A86599695B7B31F41892F2@GVXPR07MB9678.eurprd07.prod.outlook.com> (John Mattsson's message of "Sat, 16 Mar 2024 14:44:40 +0000")
Message-ID: <871q834jb8.fsf@kaka.sjd.se>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/txOBx1hfx9lBXflPWL0RzffK8aQ>
Subject: Re: [CFRG] I-D Action: draft-irtf-cfrg-det-sigs-with-noise-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://mailman.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://mailman.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 21 Mar 2024 16:54:52 -0000

John Mattsson <john.mattsson=40ericsson.com@dmarc.ietf.org> writes:

> Hi,
> We have just uploaded version -03 of Hedged ECDSA and EdDSA Signatures.

This still uses the approach to modify RFC 8032 instead of introducing
new primitives with new separate names.  I believe this will cause
confusion: will an implementation of 'Ed25519' behave per RFC 8032 or
your document?  It seems clear that the suggested changes here are not
applicable to all use-cases, and the changes may be undesirable to many
use-cases.

How about modifying your document to introduce new primitives HEd25519,
HEd25519ph, HEd25519ctx in parallel to existing primitives Ed25519,
Ed25519ph, Ed25519ctx?  Same for 448.

I suggested using names REd* for this earlier, so essentially this is
the same request but use the new term 'Hedged' instead of 'Randomized'.
I feel the term 'Hedged' is not the best term, as it conveys the notion
of a value judgement, but using any distinct name is better than
re-using the same name to mean two different things.

Btw, maybe this could go into a RFC 8032bis instead, fixing other
erratas on the way.

/Simon

v2.23.0 | Report a Bug | By Email