IETF Logo Mail Archive

Re: [COSE] Comments on draft-ietf-cose-hash-sig-01

Russ Housley <housley@vigilsec.com> Mon, 29 April 2019 22:52 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 688541200DE for <cose@ietfa.amsl.com>; Mon, 29 Apr 2019 15:52:57 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zqN4MirePVyz for <cose@ietfa.amsl.com>; Mon, 29 Apr 2019 15:52:55 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C0E88120780 for <cose@ietf.org>; Mon, 29 Apr 2019 15:52:55 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A2485300ABE for <cose@ietf.org>; Mon, 29 Apr 2019 18:34:37 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id scGYWb8wYlaF for <cose@ietf.org>; Mon, 29 Apr 2019 18:34:36 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 7C6AB3004C7; Mon, 29 Apr 2019 18:34:36 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <ED269B27-5C8D-4FC5-B763-08ED099314F7@ericsson.com>
Date: Mon, 29 Apr 2019 18:52:53 -0400
Cc: "cose@ietf.org" <cose@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <0E85D28F-E211-45CA-A651-84D343B8AE94@vigilsec.com>
References: <ED269B27-5C8D-4FC5-B763-08ED099314F7@ericsson.com>
To: John Mattsson <john.mattsson@ericsson.com>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/pPZWZ78ZvIsf-2608yTBKlilmWk>
Subject: Re: [COSE] Comments on draft-ietf-cose-hash-sig-01
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 29 Apr 2019 22:52:58 -0000

John:

I was revisiting an old comment from you.

> - Section 1.1: I think some short info on the threat from Shor's algorithm would be good. I don't think [BH2013] talked about quantum computers.

There are two major points in this section: advances in cryptanalysis and advances in the development of quantum computers.  The presentation in [BH2103] is about advances in cryptanalysis, not quantum computers.

Does this make that more clear?

   There have been recent advances in cryptanalysis and advances in the
   development of quantum computers.  Each of these advances pose a
   threat to widely deployed digital signature algorithms.

   At Black Hat USA 2013, some researchers gave a presentation on the
   current state of public key cryptography.  They said: "Current
   cryptosystems depend on discrete logarithm and factoring which has
   seen some major new developments in the past 6 months" [BH2013].  Due
   to advances in cryptanalysis, they encouraged preparation for a day
   when RSA and DSA cannot be depended upon.

   Peter Shor showed that a large-scale quantum computer could be used
   to factor a number in polynomial time [S1997], effectively
   breaking RSA.  If large-scale quantum computers are ever built, these
   computers will be able to break many of the public-key cryptosystems
   currently in use.  A post-quantum cryptosystem [PQC] is a system that
   is secure against quantum computers that have more than a trivial
   number of quantum bits (qu-bits).  It is open to conjecture when it
   will be feasible to build such computers; however, RSA, DSA, ECDSA,
   and EdDSA are all vulnerable if large-scale quantum computers come to
   pass.

   The HSS/LMS signature algorithm does not depend on the difficulty of
   discrete logarithm or factoring, as a result these algorithms are
   considered to be post-quantum secure.

Thanks,
  Russ

v2.23.0 | Report a Bug | By Email