Re: [COSE] Roman Danyliw's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
Roman Danyliw <rdd@cert.org> Tue, 09 June 2020 12:24 UTC
Return-Path: <rdd@cert.org>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9996F3A085A; Tue, 9 Jun 2020 05:24:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id unv4etti6-i5; Tue, 9 Jun 2020 05:24:19 -0700 (PDT)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7611F3A00C1; Tue, 9 Jun 2020 05:24:11 -0700 (PDT)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 059CO3np023598; Tue, 9 Jun 2020 08:24:04 -0400
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 059CO3np023598
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1591705444; bh=ISLaSj4r5F2at/lPCWM9rIhi1VhZCeZamgXf3J4hQ+g=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=S8+0Y0m5yuTUFC5USu4+174EcBviKJY4WrFWxlhO63uwXdFq1lqypn3cPkFxC7JES gRnc7ChQd3zUhA0g65tYaP/L8KI80ienp/doHbPoXKuRHUb7g6UPajrYb4q3ELuT6t hknk36jrksYAwl20C8ZZ9QAw+K1JFbJol72uIiwk=
Received: from CASSINA.ad.sei.cmu.edu (cassina.ad.sei.cmu.edu [10.64.28.249]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 059CO2Jn021392; Tue, 9 Jun 2020 08:24:02 -0400
Received: from MURIEL.ad.sei.cmu.edu (147.72.252.47) by CASSINA.ad.sei.cmu.edu (10.64.28.249) with Microsoft SMTP Server (TLS) id 14.3.487.0; Tue, 9 Jun 2020 08:24:02 -0400
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1979.3; Tue, 9 Jun 2020 08:24:01 -0400
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.1979.003; Tue, 9 Jun 2020 08:24:01 -0400
From: Roman Danyliw <rdd@cert.org>
To: Jim Schaad <ietf@augustcellars.com>, 'The IESG' <iesg@ietf.org>
CC: "draft-ietf-cose-hash-algs@ietf.org" <draft-ietf-cose-hash-algs@ietf.org>, "cose-chairs@ietf.org" <cose-chairs@ietf.org>, "cose@ietf.org" <cose@ietf.org>, 'Ivaylo Petrov' <ivaylo@ackl.io>
Thread-Topic: Roman Danyliw's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
Thread-Index: AQHWPg1EBs7HJMbIWkaTKkd0YFguUajP8JwAgABEUFA=
Date: Tue, 09 Jun 2020 12:24:01 +0000
Message-ID: <7ee5a04ba88142dfaf1d5ad4c6a7a825@cert.org>
References: <159167297006.10862.5277339478597521934@ietfa.amsl.com> <005c01d63e14$d74aa630$85dff290$@augustcellars.com>
In-Reply-To: <005c01d63e14$d74aa630$85dff290$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.211]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/bto6DFD1LhOFWRVej5kGT_WaHYs>
Subject: Re: [COSE] Roman Danyliw's No Objection on draft-ietf-cose-hash-algs-04: (with COMMENT)
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Jun 2020 12:24:22 -0000
Hi Jim! Thanks for the quick response. You refinements below are an improvement over mine. Thanks for making them. Regards, Roman > -----Original Message----- > From: Jim Schaad <ietf@augustcellars.com> > Sent: Tuesday, June 9, 2020 12:17 AM > To: Roman Danyliw <rdd@cert.org>; 'The IESG' <iesg@ietf.org> > Cc: draft-ietf-cose-hash-algs@ietf.org; cose-chairs@ietf.org; cose@ietf.org; > 'Ivaylo Petrov' <ivaylo@ackl.io> > Subject: RE: Roman Danyliw's No Objection on draft-ietf-cose-hash-algs-04: > (with COMMENT) > > > > -----Original Message----- > From: Roman Danyliw via Datatracker <noreply@ietf.org> > Sent: Monday, June 8, 2020 8:23 PM > To: The IESG <iesg@ietf.org> > Cc: draft-ietf-cose-hash-algs@ietf.org; cose-chairs@ietf.org; cose@ietf.org; > Ivaylo Petrov <ivaylo@ackl.io>; ivaylo@ackl.io > Subject: Roman Danyliw's No Objection on draft-ietf-cose-hash-algs-04: (with > COMMENT) > > Roman Danyliw has entered the following ballot position for > draft-ietf-cose-hash-algs-04: No Objection > > When responding, please keep the subject line intact and reply to all email > addresses included in the To and CC lines. (Feel free to cut this introductory > paragraph, however.) > > > Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html > for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-cose-hash-algs/ > > > > ---------------------------------------------------------------------- > COMMENT: > ---------------------------------------------------------------------- > > Thanks for extending COSE for this additional use. > > ** I added my thoughts on the Section 2 language to the email thread of > Barry’s ballot > > ** Per “To distinguish between these two cases, a new value in the > recommended column of the COSE Algorithms registry is to be added. > "Filter Only" indicates that the only purpose of a hash function > should be to filter results and not those which require collision > resistance”, I would recommend: > > NEW: > To distinguish between these two cases, a new value in the recommended > column of the COSE Algorithms registry is to be added. "Filter Only" indicates > that the only purpose of a hash function should be to filter results and it is not > intended for applications which require a cryptographically strong algorithm is > needed. > > It doesn’t change the intent, but it does generalize to all the security properties > we might want of a hash algorithm. > [JLS] Yes that makes sense, but I removed the trailing "is needed" because it > does not read well. > > ** Section 5. Since collision and second-preimage attacks are mentioned, for > completeness it would be worth mentioning the need for preimage resistance > for cryptographic usage too. > > ** Editorial nits: > > -- Abstract. Editorial. The abstract has an explicit reference, [I-D.ietf-cose- > rfc8152bis-struct], which abstracts are not permitted to have. > [JLS] ACK - I left it this way because it is a draft and not an RFC to make sure > that it is highlighted for the RFC Editor. > > -- Section 2.1. Editorial. s/this could /This could/ [JLS] Already caught. > > -- Section 3.1. Editorial. s/assign a point/assign a code point/ [JLS] Done. > > -- Section 3.2. Editorial. > > OLD > Locations that use this hash function > need either to analysis the potential problems with having a > collision occur, or where the only function of the hash is to > narrow the possible choices. > > NEW > Applications that use this hash function need either to analyze the potential > impact with having a collision occur, or use it only where the function of the > hash is to narrow the possible choices. > [JLS] This was already rewritten in response to comments from Barry. > > Use of this hash function needs analysis of the potential problems with > having a collision occur, or must be limited to where the function of the hash is > non-cryptographic. > > -- Section 3.3. Per “The pair of algorithms known as SHAKE-128 and SHAKE-256 > are the instances of SHA-3 that are currently being standardized in the IETF”, it > isn’t clear this sentence will age well. > [JLS] It may not age well but it is why these are the ones in the document. > Perhaps "currently being standardized in the IETF. This is the reason for > including these algorithms in this document." > > -- Section 4. Typo. s/preseved/preserved/ [JLS] Fixed > >
- [COSE] Roman Danyliw's No Objection on draft-ietf… Roman Danyliw via Datatracker
- Re: [COSE] Roman Danyliw's No Objection on draft-… Jim Schaad
- Re: [COSE] Roman Danyliw's No Objection on draft-… Roman Danyliw