[COSE] Review of draft-ietf-cose-hash-sig-01
Jim Schaad <ietf@augustcellars.com> Wed, 20 March 2019 08:06 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3035C1240D3; Wed, 20 Mar 2019 01:06:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6C-PX2rjEZ5; Wed, 20 Mar 2019 01:06:57 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2646C1277CE; Wed, 20 Mar 2019 01:06:57 -0700 (PDT)
Received: from Jude (62.168.35.125) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 20 Mar 2019 01:06:51 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ietf-cose-hash-sig@ietf.org
CC: 'cose' <cose@ietf.org>
Date: Wed, 20 Mar 2019 09:06:48 +0100
Message-ID: <010e01d4def3$dff43610$9fdca230$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdTezIxxDjqGIyfgQKi5I6wJ4l4Z8Q==
Content-Language: en-us
X-Originating-IP: [62.168.35.125]
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/EFVQOicqZD8_H2uMZOfPBCZEiGA>
Subject: [COSE] Review of draft-ietf-cose-hash-sig-01
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Mar 2019 08:06:59 -0000
First, I don't think I have any technical issues with how to use this with COSE, that said I find there are numerous issues about the description of HSS/LMS. 1. Section 2.1: Same comment as for LAMPS about stand-along tree definition. 2. Section 2.2: LMS systems have three not two parameters, Hash Function, # of bytes used, tree depth. It is possible to use fewer bytes than the hash function generates. I don't know that this would ever be used but it is more correct. 3. Section 2.2: The registry would also allow for new hash functions to be used as well. 4. Section 2.3: See comment #2 about adding hash function 5. Section 4.1: In paragraph 3, implementation currently violates the conditions in this paragraph. I am resigning the same input with the same key multiple times because I need to generate the signature on the public key each time I build a signature. Should this be restated to allow for that to occur? 6. Section 4.1: I think that it might be worth while having a statement about the use of appendix A in [HASHSIG]. The use of this does two things: 1) it decreases the size of the private key and 2) it decreases the effective size of the private key down to the seed value rather than having all of the LMOTS keys generated independently. Jim
- [COSE] Review of draft-ietf-cose-hash-sig-01 Jim Schaad
- Re: [COSE] Review of draft-ietf-cose-hash-sig-01 Russ Housley