Re: [Cfrg] RGLC on draft-irtf-cfrg-xmss-hash-based-signatures-03.txt

Stephen Farrell <stephen.farrell@cs.tcd.ie> Tue, 28 June 2016 15:08 UTC

Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 946C212D50C for <cfrg@ietfa.amsl.com>; Tue, 28 Jun 2016 08:08:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -5.727
X-Spam-Level:
X-Spam-Status: No, score=-5.727 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-1.426, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 22ohjzP2AVwz for <cfrg@ietfa.amsl.com>; Tue, 28 Jun 2016 08:08:22 -0700 (PDT)
Received: from mercury.scss.tcd.ie (mercury.scss.tcd.ie [134.226.56.6]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 50E3112D516 for <cfrg@irtf.org>; Tue, 28 Jun 2016 08:08:08 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mercury.scss.tcd.ie (Postfix) with ESMTP id EB98FBE2C; Tue, 28 Jun 2016 16:08:06 +0100 (IST)
X-Virus-Scanned: Debian amavisd-new at scss.tcd.ie
Received: from mercury.scss.tcd.ie ([127.0.0.1]) by localhost (mercury.scss.tcd.ie [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I3swLrwM2gN2; Tue, 28 Jun 2016 16:08:05 +0100 (IST)
Received: from [10.87.48.210] (95-45-153-252-dynamic.agg2.phb.bdt-fng.eircom.net [95.45.153.252]) by mercury.scss.tcd.ie (Postfix) with ESMTPSA id 4AB1ABE25; Tue, 28 Jun 2016 16:08:05 +0100 (IST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.tcd.ie; s=mail; t=1467126485; bh=kWGI0N28vhDgXIlSs+x9rwNEjvYnb493j/NDsH/NPU4=; h=Subject:To:References:Cc:From:Date:In-Reply-To:From; b=S6MY7SQtkUntW4HlJbSyf4MNDfrlyv106z6Z7/GHQRl6x+gophYdXAcBwK1F/vpQd KT67bZkBeWx2JG5QU6eQcHVh8+gvdFqF0SM/6ujwvr3m+BayEHPWgwDB1LtHJOnZWF WvijyB67h+0smbGJFVCE/EnqTcvKiUVRuPzkaAtE=
To: Watson Ladd <watsonbladd@gmail.com>
References: <56E9B7E2.7050105@isode.com> <5772900A.8020507@cs.tcd.ie> <CACsn0ck0f_XajqcB8a3SZLudO4DQc7OrRCg06j2Zk-oyHFo-Sg@mail.gmail.com> <CACsn0cnodzDWrkXVD9uOac6_jHZFj7pKZziA3=nFJF4d-u6HkQ@mail.gmail.com>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Openpgp: id=D66EA7906F0B897FB2E97D582F3C8736805F8DA2; url=
Message-ID: <577292D5.8000402@cs.tcd.ie>
Date: Tue, 28 Jun 2016 16:08:05 +0100
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.8.0
MIME-Version: 1.0
In-Reply-To: <CACsn0cnodzDWrkXVD9uOac6_jHZFj7pKZziA3=nFJF4d-u6HkQ@mail.gmail.com>
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms090703000506030102070704"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uWosfTUZl2Hu5n1GyZH6MPOSDVc>
Resent-From: <alias-bounces@ietf.org>
Resent-To: @ietf.org
Cc: cfrg@irtf.org
Subject: Re: [Cfrg] RGLC on draft-irtf-cfrg-xmss-hash-based-signatures-03.txt
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Jun 2016 15:08:24 -0000


On 28/06/16 16:02, Watson Ladd wrote:
> We actually have significantly more confidence in XMSS security then any
> other signature scheme. Signatures imply one way functions which are all
> XMSS needs. There is a catch with backups I don't like, but there are
> workarrounds.

That was not my only concern and nor was my concern specific to
this scheme.

But sure, if someone wants to make a claim that this scheme is
one on which large chunks of the Internet could today safely
depend, and if that's a CFRG consensus position then saying that
would be fine.

Personally, I'd be in rough in that case, if for no other reason
that the relatively immaturity of implementations.

S.