Re: [COSE] Comments on draft-ietf-cose-hash-sig-01
Russ Housley <housley@vigilsec.com> Tue, 30 April 2019 14:22 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2C8171200E6 for <cose@ietfa.amsl.com>; Tue, 30 Apr 2019 07:22:41 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2BGT_SHD6-cU for <cose@ietfa.amsl.com>; Tue, 30 Apr 2019 07:22:39 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 23A46120075 for <cose@ietf.org>; Tue, 30 Apr 2019 07:22:39 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 0CF32300AA0 for <cose@ietf.org>; Tue, 30 Apr 2019 10:04:21 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id mXZ59m-VHEFz for <cose@ietf.org>; Tue, 30 Apr 2019 10:04:19 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 60A4C3004E7; Tue, 30 Apr 2019 10:04:19 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <B9925550-27F2-43A5-8A01-AB39BDFFD935@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_4D2A6D35-FED9-4694-B43F-F807CC4C548B"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Tue, 30 Apr 2019 10:22:35 -0400
In-Reply-To: <b45d459b-5d21-3fa8-8db5-bbc92647131d@cs.tcd.ie>
Cc: "cose@ietf.org" <cose@ietf.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <ED269B27-5C8D-4FC5-B763-08ED099314F7@ericsson.com> <0E85D28F-E211-45CA-A651-84D343B8AE94@vigilsec.com> <e0f43875-5940-a028-12d7-040b2b21dcad@cs.tcd.ie> <64085A04-DFA9-4C58-B267-2CA56E6F67CD@vigilsec.com> <b45d459b-5d21-3fa8-8db5-bbc92647131d@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/L8xZFrooiuuRPAeSmgelr3pPMmQ>
Subject: Re: [COSE] Comments on draft-ietf-cose-hash-sig-01
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 14:22:41 -0000
I can drop Section 1.1 if others think that is the best way forward. I think this document is ready for WG Last Call. Maybe we can explictly ask whether Section 1.1 should be kept or dropped. Russ > On Apr 30, 2019, at 7:54 AM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > Signed PGP part > > Hiya, > > On 30/04/2019 12:37, Russ Housley wrote: >> Stephen: >> >> This section is just offering the reason for someone to implement >> hash-based signatures. > > Sure. I'd suggest not leaving that in the RFC though, > otherwise you may end up adding the same text every > time you wanna define anything related to hash based > sigs, and that text will likely get outdated I'd guess. > > S. > >> >> Russ >> >> >>> On Apr 29, 2019, at 7:04 PM, Stephen Farrell >>> <stephen.farrell@cs.tcd.ie> wrote: >>> >>> Hi Russ, >>> >>> Sorry, I hadn't read this 'till just now, when the text below made >>> me wonder. >>> >>> I don't get the logic for including most of the text in this draft >>> (other than section 3, the samples and IANA stuff). >>> >>> Why would this draft be introducing Shor and LMS etc? That seems >>> like a thing to be done by reference only. (It may make sense for >>> the draft to include this text but for it to not be in an eventual >>> RFC I guess.) >>> >>> S. >>> >>> >>> On 29/04/2019 23:52, Russ Housley wrote: >>>> John: >>>> >>>> I was revisiting an old comment from you. >>>> >>>>> - Section 1.1: I think some short info on the threat from >>>>> Shor's algorithm would be good. I don't think [BH2013] talked >>>>> about quantum computers. >>>> >>>> There are two major points in this section: advances in >>>> cryptanalysis and advances in the development of quantum >>>> computers. The presentation in [BH2103] is about advances in >>>> cryptanalysis, not quantum computers. >>>> >>>> Does this make that more clear? >>>> >>>> There have been recent advances in cryptanalysis and advances in >>>> the development of quantum computers. Each of these advances >>>> pose a threat to widely deployed digital signature algorithms. >>>> >>>> At Black Hat USA 2013, some researchers gave a presentation on >>>> the current state of public key cryptography. They said: >>>> "Current cryptosystems depend on discrete logarithm and factoring >>>> which has seen some major new developments in the past 6 months" >>>> [BH2013]. Due to advances in cryptanalysis, they encouraged >>>> preparation for a day when RSA and DSA cannot be depended upon. >>>> >>>> Peter Shor showed that a large-scale quantum computer could be >>>> used to factor a number in polynomial time [S1997], effectively >>>> breaking RSA. If large-scale quantum computers are ever built, >>>> these computers will be able to break many of the public-key >>>> cryptosystems currently in use. A post-quantum cryptosystem >>>> [PQC] is a system that is secure against quantum computers that >>>> have more than a trivial number of quantum bits (qu-bits). It is >>>> open to conjecture when it will be feasible to build such >>>> computers; however, RSA, DSA, ECDSA, and EdDSA are all vulnerable >>>> if large-scale quantum computers come to pass. >>>> >>>> The HSS/LMS signature algorithm does not depend on the difficulty >>>> of discrete logarithm or factoring, as a result these algorithms >>>> are considered to be post-quantum secure. >>>> >>>> Thanks, Russ >> >> >> _______________________________________________ COSE mailing list >> COSE@ietf.org https://www.ietf.org/mailman/listinfo/cose >> > <0x5AB2FAF17B172BEA.asc> > >
- [COSE] Comments on draft-ietf-cose-hash-sig-01 John Mattsson
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Russ Housley
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 John Mattsson
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Russ Housley
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Russ Housley
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Stephen Farrell
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Russ Housley
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Stephen Farrell
- Re: [COSE] Comments on draft-ietf-cose-hash-sig-01 Russ Housley