IETF Logo Mail Archive

Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re: Call for COSE Agenda Items for IETF 113 in Vienna]

Orie Steele <orie@transmute.industries> Thu, 10 March 2022 13:41 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0F3613A089C for <cose@ietfa.amsl.com>; Thu, 10 Mar 2022 05:41:32 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oZJORFWU7Q85 for <cose@ietfa.amsl.com>; Thu, 10 Mar 2022 05:41:27 -0800 (PST)
Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 916693A091D for <cose@ietf.org>; Thu, 10 Mar 2022 05:41:26 -0800 (PST)
Received: by mail-lj1-x231.google.com with SMTP id bn33so7754018ljb.6 for <cose@ietf.org>; Thu, 10 Mar 2022 05:41:26 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=X3JdkD1Fw1r5OoTajU5VJ+UUL4F8tTqrqFM0F4poJBo=; b=OF7P4ggMW3WdI0bhQKQXZx2kcgpgay+c/JqilZf0v2R5Rs1ltD1tWcWEDxKaTtYKWh dYKnPgEa7Tpdn7iuQAcauUsPUS+xYwsYoB+lt6flTXGNe4rINW6Q5wjZIDAuMRBtkBu2 UGJs3q3fb0keix9UIcQ5xl3PRbShFazBMSnIUXL3vZiraLp3MT0dwlin8NfDsTvM43yT MdJlzA3mo3TttlyL9kDpj07R8t/BRxZPJNz/FpYypRw4V2t4vR3lmLT+Ba7wxkgB8Yjw Q7riNzCacvh8FARwmrMJNBbrV5lxAHm91qtn1fZIGKMFOM60nhDxjAXQkn7YN/1luO9V qbKg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=X3JdkD1Fw1r5OoTajU5VJ+UUL4F8tTqrqFM0F4poJBo=; b=TqL+CZ20e2hPKm2H2TJGJSNc775mZGOKcZ0ZalONBOBZz7sPX43sv2lysjxgrNIs1b Y6sz/L5iqn1/8Myq5FU90pDsksN96bVCMNuTnlyOsajNmvUMt6Y+iIj32w7TQMJKqmWH pCYnzQF2DCCOyGqihePg1CrCyfyayrHx9tw2Wo+70d18NwzN+sVR8Frjlo7s30IPDmM5 UTsb3swexpw23F/nLB1zgt6u6tCfQq+eNVnGFa6XhfBmmrU2LULxbU6rMunWdpPN9TYm zb9fvCheZKtFCquv0SVCl5XFZzT6BvRNeYn5aIfhzNSa2iTN2f2VcCBHNTCuLUHobEfy 7bdg==
X-Gm-Message-State: AOAM531xXeOifprm7/BbE4nS8YsSDWfX20lJSyb1dosEvUxUEFr2mlmX AZ0xvdQk8RRBSwGBZ9Cdi2s1F6j9HjTjdDX3NMiexigh2fiNqw==
X-Google-Smtp-Source: ABdhPJyic2uFAMmLucVtFMbcsKoPt5Qff7pxVmC/+TO84/WUvicgptymsM8b6+60K2oR/IJh6qWyx8I/cnif/kiT/VM=
X-Received: by 2002:a2e:a795:0:b0:248:2719:cc72 with SMTP id c21-20020a2ea795000000b002482719cc72mr2028036ljf.370.1646919684132; Thu, 10 Mar 2022 05:41:24 -0800 (PST)
MIME-Version: 1.0
References: <CAGJKSNSzuw7i2BXAw6DPQjTN7ujZiKPvU+o+N-agTLrSeRCUCw@mail.gmail.com> <YieQ4g30tZAK0uRL@LK-Perkele-VII2.locald> <4b0c9e4a-c4b7-80b6-382e-1a76311cc543@gmail.com> <CAGJKSNSuvmTWBkFPk-at3bZn57Y_VH6CoNx3VEwbQx37MeL8SQ@mail.gmail.com> <41420855-B73D-4E1E-8908-6162773F7335@vigilsec.com> <Yima9Whok1Z9ZvAd@LK-Perkele-VII2.locald>
In-Reply-To: <Yima9Whok1Z9ZvAd@LK-Perkele-VII2.locald>
From: Orie Steele <orie@transmute.industries>
Date: Thu, 10 Mar 2022 07:41:13 -0600
Message-ID: <CAN8C-_K_L1HGc8KAyhY9bB2W-7w57hMAzy2DSknjRWaRRm7PxQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: cose@ietf.org
Content-Type: multipart/alternative; boundary="000000000000bf62b805d9dd5edb"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/lUilDOXXotJnHi6yC8Q7QGaHIng>
Subject: Re: [COSE] draft-prorock-cose-post-quantum-signatures [Was: Re: Call for COSE Agenda Items for IETF 113 in Vienna]
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Mar 2022 13:41:32 -0000

The less new registrations we need to make, the better.

If we can drop the draft kty "PQK" for "OKP" we should.

We have a similar issue with "alg" at least for dilithium, where we need
"alg" to show up in the JWK as well as the signature, because we don't have
any other way to detect the parameter set in the key.

For example, in a JWK with crv "P-256" we know to use "ES256"  but if we
see a dilithium OKP, how do we know the "pset" to use?

If we were to register a new "crv" like property, we would want it to work
for a family of algs, i don't think we should register "pset" but we had
originally planned to.

Thanks for the feedback, looking forward to working with you all.

OS



On Thu, Mar 10, 2022 at 12:30 AM Ilari Liusvaara <ilariliusvaara@welho.com>
wrote:

> On Wed, Mar 09, 2022 at 05:55:56PM -0500, Russ Housley wrote:
> >
> >
> > > On Mar 8, 2022, at 2:36 PM, Mike Prorock <mprorock@mesur.io> wrote:
> > >
> > > Where the actual "kty" shakes out as we continue to improve the
> > > draft is yet to be seen.  "PQK" made sense at the time as this
> > > is dealing with post quantum keys and signatures - just as
> > > easily we could be looking at two key types, probably by family -
> > > e.g. one for lattice based, and one for hash based signatures,
> > > or could just as easily be "OKP" - we opened an issue to track
> > > that here:
> > > https://github.com/mesur-io/post-quantum-signatures/issues/48 <
> https://github.com/mesur-io/post-quantum-signatures/issues/48>
> > > and will discuss on our next call.
> > >
> > > This is exactly why we wanted the broader input from the COSE WG
> >
> > https://www.rfc-editor.org/rfc/rfc8778.txt
> >
> > Is there any reason to do things differently for other hash-based
> > signatures?
>
> IMO, Yes, there is a reason: HSS/LMS are stateful (note that there is
> no defined private key format in that RFC), while SPHINCS+ is stateless
> (with byte string public and private keys, and a closed set of small
> number of variants, which makes it map cleanly into OKP).
>
>
> -Ilari
>
> _______________________________________________
> COSE mailing list
> COSE@ietf.org
> https://www.ietf.org/mailman/listinfo/cose
>


-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>

v2.8.7 | Report a Bug | By Email