Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re: Call for COSE Agenda Items for IETF 113 in Vienna]
Orie Steele <orie@transmute.industries> Thu, 10 March 2022 13:58 UTC
Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1])
by ietfa.amsl.com (Postfix) with ESMTP id 37FC63A110F
for <cose@ietfa.amsl.com>; Thu, 10 Mar 2022 05:58:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5
tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1,
DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001,
SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01,
URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key)
header.d=transmute.industries
Received: from mail.ietf.org ([4.31.198.44])
by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024)
with ESMTP id E4hqKWPyMz5m for <cose@ietfa.amsl.com>;
Thu, 10 Mar 2022 05:58:11 -0800 (PST)
Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com
[IPv6:2a00:1450:4864:20::236])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by ietfa.amsl.com (Postfix) with ESMTPS id 1C1BD3A0FFF
for <cose@ietf.org>; Thu, 10 Mar 2022 05:58:10 -0800 (PST)
Received: by mail-lj1-x236.google.com with SMTP id 17so5714072lji.1
for <cose@ietf.org>; Thu, 10 Mar 2022 05:58:10 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=transmute.industries; s=google;
h=mime-version:references:in-reply-to:from:date:message-id:subject:to
:cc; bh=X5JRGzWyAOlPPNSDyO8Elciw+OvaL250VCos0iNgv1A=;
b=WJju7koDTjA8l+rTpHCM1/Y0ykeGat/5jPsICLmeIO/CkDpCXgSV+4KqBrWxbYGIx5
SMa7lRYOnR3tIOacyh2b2SPN/rNA6IrMbi2uS3E5uca56TypIUqWI543K8jLmpYHUlvH
HhzNWRyp0BfOMu9mW8UINo7BBY0DQH9ethdX0fgF3233Mdc8ffeLIIcmGqTNKLMME1dH
rocIm01vSYDVv09pztM5R+Cw+RA1vZHl2SBB6bdT/ro5vM6H8sT7hZguV6n5D/WAaFAN
0kkD5u6DchhC9u0YKKXYgW3Mrf/6swf81m3swWYwcNgcfWJese06YcugGq7ybzl3Ue2n
VMOg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20210112;
h=x-gm-message-state:mime-version:references:in-reply-to:from:date
:message-id:subject:to:cc;
bh=X5JRGzWyAOlPPNSDyO8Elciw+OvaL250VCos0iNgv1A=;
b=0Au5la2s/Wax6nA9ZESlZt6SVQH6bWbWYvBLtzKx1ZVGduispLKc9Efo3YxSz4fDdq
2pQOrGdb2+coK3bSRLVb54Bhn6UNCqQi9/H96MDgRla8AFT421fi18broNdMu4/1WzAH
ccOLiCu5iVT/sXex+5x8BbZUJ+7HGn5OKVjQwAMq/CRwQ2BrfRoFM9bKSg6vr+LA3q3B
7+0fsBaLoO2voheVIdKxStmkg6FmSg30Ly10u+o4V6r5ZgorE5uEeoaWx2TqRykoXRs5
x5Ag8GDFU0rl5++2ygaHGDZjg523Y5cKkMGXkgZhrNtZDG8qpq8z9oIm2678hkwozvsv
tq6w==
X-Gm-Message-State: AOAM533B0nBeHjaL2niJq2l1pQaQzB3VASzsskIPyo250PDltMXPmsB1
RoApiXQyv/xIPdnuapY2tUAXjvOGW/rjk6e/aHfPRQ==
X-Google-Smtp-Source: ABdhPJzEtgQRt6YJHqhldhH3wbEQ/0jD9bTLYEKTrsE1bJUmTOwICKMzAFMZSP3QmbgIAq7axacTdXy+ZBjqtr0h3Mg=
X-Received: by 2002:a2e:9c44:0:b0:247:fdaa:7159 with SMTP id
t4-20020a2e9c44000000b00247fdaa7159mr3012606ljj.287.1646920688846; Thu, 10
Mar 2022 05:58:08 -0800 (PST)
MIME-Version: 1.0
References: <SA2PR00MB1002C64FDF9A7CF14E95D135F50B9@SA2PR00MB1002.namprd00.prod.outlook.com>
<a730ecbe-bbc5-2df1-ec60-a43353507b93@gmail.com>
<CAGJKSNSY5WdXXRrE-GBi7zgsy69ea8MhPsc0P4X7tNB4=JDRtw@mail.gmail.com>
In-Reply-To: <CAGJKSNSY5WdXXRrE-GBi7zgsy69ea8MhPsc0P4X7tNB4=JDRtw@mail.gmail.com>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 10 Mar 2022 07:57:58 -0600
Message-ID: <CAN8C-_+6ydynEFqiKvK2ONw9cwDxDX0F8xBXm4x6awvNfHOnkw@mail.gmail.com>
To: Mike Prorock <mprorock@mesur.io>
Cc: Anders Rundgren <anders.rundgren.net@gmail.com>,
Mike Jones <Michael.Jones@microsoft.com>,
Russ Housley <housley@vigilsec.com>, cose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000a1e34605d9dd9a18"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/6zm5bvfFlm81pcIYgWCTb2IGOrc>
Subject: Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re:
Call for COSE Agenda Items for IETF 113 in Vienna]
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>,
<mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>,
<mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 13:58:24 -0000
seems like I should have replied here first... I agree with the comments. If we think overloading will cause problems we should avoid it. The problem with switching on key type alone is that there are key types used for multiple signature algorithms. I would recommend switching on kty + crv when present... but even then, secp256k1 supports both ECDSA (ES256K) and Schnorr (unregistered, but I once proposed SS256K at DIF - https://github.com/decentralized-identity/SchnorrSecp256k1Signature2019)... we also have the problem of normalize to lower s in ES256K... we would probably need a new alg to signal that all ES256K signatures had been normalized... so there is a future where a single public key representation might verify many unique signature formats... without the requirement to signal which one it was "meant for". Our current approach with dilithium leaves us wishing `alg` were required in all key formats... it's also a best practice not to use the same key material for multiple algorithms... alg needs to be present to help mitigate this, because otherwise any signature that verifies with the key would be acceptable since the key representation does not signal an intention.... depending on your perspective on security, you might think this is a good thing. All this to say, if you are only looking at `kty` you might have other issues, at least with certain crv values that are registered today, we should avoid making this problem worse. OS On Thu, Mar 10, 2022 at 4:27 AM Mike Prorock <mprorock@mesur.io> wrote: > Thanks Anders, > This implementation side is exactly why I set kty as a unique value > first. This work started when I was testing an implementation of > Dilithium, and then SPHINCS+ with some of our existing code and I wanted a > clean way to branch down a path to the new libs without adjusting our > existing code that switches on key types. This was so that we could begin > validating our ability to handle post quantum algorithms once NIST > finalizes, based on a few customer requests. > > Mike Prorock > mesur.io > -- *ORIE STEELE* Chief Technical Officer www.transmute.industries <https://www.transmute.industries>
- [COSE] Call for COSE Agenda Items for IETF 113 in… Mike Jones
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Mike Jones
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Mike Jones
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Anders Rundgren
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Mike Prorock
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Hannes Tschofenig
- [COSE] draft-prorock-cose-post-quantum-signatures… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Jones
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] Call for COSE Agenda Items for IETF 11… Göran Selander
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Orie Steele
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Orie Steele
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Jones
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Rafael Misoczki
- Re: [COSE] draft-prorock-cose-post-quantum-signat… John K
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Rafael Misoczki
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Orie Steele
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Jones
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Orie Steele
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… David Waite
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Anders Rundgren
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Orie Steele
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Ilari Liusvaara
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Russ Housley
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Prorock
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Michael Richardson
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Jones
- Re: [COSE] draft-prorock-cose-post-quantum-signat… Mike Jones