IETF Logo Mail Archive

Re: [COSE] Comments on draft-ietf-cose-hash-sig-01

Russ Housley <housley@vigilsec.com> Tue, 30 April 2019 11:37 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5EA551200E6 for <cose@ietfa.amsl.com>; Tue, 30 Apr 2019 04:37:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id h_oF3DMYoCnZ for <cose@ietfa.amsl.com>; Tue, 30 Apr 2019 04:37:22 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3019412008C for <cose@ietf.org>; Tue, 30 Apr 2019 04:37:22 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id DFA02300A11 for <cose@ietf.org>; Tue, 30 Apr 2019 07:19:03 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id EUwmC8TXF2kv for <cose@ietf.org>; Tue, 30 Apr 2019 07:19:01 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id D1C70300400; Tue, 30 Apr 2019 07:19:01 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <64085A04-DFA9-4C58-B267-2CA56E6F67CD@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_FEDBAA1B-D538-4DC7-8A5F-46DFB759FB98"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\))
Date: Tue, 30 Apr 2019 07:37:17 -0400
In-Reply-To: <e0f43875-5940-a028-12d7-040b2b21dcad@cs.tcd.ie>
Cc: "cose@ietf.org" <cose@ietf.org>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <ED269B27-5C8D-4FC5-B763-08ED099314F7@ericsson.com> <0E85D28F-E211-45CA-A651-84D343B8AE94@vigilsec.com> <e0f43875-5940-a028-12d7-040b2b21dcad@cs.tcd.ie>
X-Mailer: Apple Mail (2.3445.104.8)
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/pRyHVfniTr8PxkCfjQp3tOUHEgM>
Subject: Re: [COSE] Comments on draft-ietf-cose-hash-sig-01
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 30 Apr 2019 11:37:24 -0000

Stephen:

This section is just offering the reason for someone to implement hash-based signatures.

Russ


> On Apr 29, 2019, at 7:04 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote:
> 
> Hi Russ,
> 
> Sorry, I hadn't read this 'till just now, when the
> text below made me wonder.
> 
> I don't get the logic for including most of the text
> in this draft (other than section 3, the samples and
> IANA stuff).
> 
> Why would this draft be introducing Shor and LMS etc?
> That seems like a thing to be done by reference only.
> (It may make sense for the draft to include this text
> but for it to not be in an eventual RFC I guess.)
> 
> S.
> 
> 
> On 29/04/2019 23:52, Russ Housley wrote:
>> John:
>> 
>> I was revisiting an old comment from you.
>> 
>>> - Section 1.1: I think some short info on the threat from Shor's algorithm would be good. I don't think [BH2013] talked about quantum computers.
>> 
>> There are two major points in this section: advances in cryptanalysis and advances in the development of quantum computers.  The presentation in [BH2103] is about advances in cryptanalysis, not quantum computers.
>> 
>> Does this make that more clear?
>> 
>>   There have been recent advances in cryptanalysis and advances in the
>>   development of quantum computers.  Each of these advances pose a
>>   threat to widely deployed digital signature algorithms.
>> 
>>   At Black Hat USA 2013, some researchers gave a presentation on the
>>   current state of public key cryptography.  They said: "Current
>>   cryptosystems depend on discrete logarithm and factoring which has
>>   seen some major new developments in the past 6 months" [BH2013].  Due
>>   to advances in cryptanalysis, they encouraged preparation for a day
>>   when RSA and DSA cannot be depended upon.
>> 
>>   Peter Shor showed that a large-scale quantum computer could be used
>>   to factor a number in polynomial time [S1997], effectively
>>   breaking RSA.  If large-scale quantum computers are ever built, these
>>   computers will be able to break many of the public-key cryptosystems
>>   currently in use.  A post-quantum cryptosystem [PQC] is a system that
>>   is secure against quantum computers that have more than a trivial
>>   number of quantum bits (qu-bits).  It is open to conjecture when it
>>   will be feasible to build such computers; however, RSA, DSA, ECDSA,
>>   and EdDSA are all vulnerable if large-scale quantum computers come to
>>   pass.
>> 
>>   The HSS/LMS signature algorithm does not depend on the difficulty of
>>   discrete logarithm or factoring, as a result these algorithms are
>>   considered to be post-quantum secure.
>> 
>> Thanks,
>>  Russ

v2.23.0 | Report a Bug | By Email