IETF Logo Mail Archive

Re: [Curdle] call for adoption for draft-mu-curdle-ssh-xmss-00

Daniel Migault <daniel.migault@ericsson.com> Fri, 06 December 2019 15:36 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B0E85120836 for <curdle@ietfa.amsl.com>; Fri, 6 Dec 2019 07:36:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.47
X-Spam-Level:
X-Spam-Status: No, score=-1.47 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.073, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZOUX5BYz9tWG for <curdle@ietfa.amsl.com>; Fri, 6 Dec 2019 07:36:08 -0800 (PST)
Received: from mail-ua1-f47.google.com (mail-ua1-f47.google.com [209.85.222.47]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E379112081C for <curdle@ietf.org>; Fri, 6 Dec 2019 07:35:59 -0800 (PST)
Received: by mail-ua1-f47.google.com with SMTP id v19so2214222uap.0 for <curdle@ietf.org>; Fri, 06 Dec 2019 07:35:59 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Ksyisg0cLfdLdlDJaXjQF5gBYyHZR1L5AxXj7Mywbwk=; b=gIADLedJyZTeMf2ziHbLpZoA0IgMZYiz1HyqEohxWW5UITC5VWadDP2Dx4Pb3OSbH1 40KhYuPZcKqacbUYoHoXsTreZ9/K2ImkaJLQxIL1PQHFUO5bhIwDa0rQ02/Y1JgzO9hx ObxGAiwPQEQCJ3ipH5v9K58Z0cQ8ojEa4kG6PijCQWFdwjuxAR+0rLqsMdqFcESRNBrM hMkSp4JiiMD7fyvznh/PQIbf+hVjTRsf+gLG4/twaamT+EkwpePRicEOoa05TekBPWWR 0K4YupCjURHLjeDuVd2ziw4XwDkdOlPSkw4daFOnu9ojEvqA/a5UjjtHTB68PK/HiIM/ 6Fqg==
X-Gm-Message-State: APjAAAWQC12YyoO95zeYoELP+4HTYZ//Cio78R2fUVsU9+k2EQFcYJz6 Qy4pQqcBqBiF0IQoQDWqOGaexV6lRm3aLLnkxWY=
X-Google-Smtp-Source: APXvYqxD9gMMJpSawZsNPuvVOv2mJGQ3gKcap4bi90LwvGYqi7nsxQZaP81EGprw9dz9wf/YnJBQehQK3WhFXClenHo=
X-Received: by 2002:ab0:64c7:: with SMTP id j7mr1161488uaq.23.1575646558825; Fri, 06 Dec 2019 07:35:58 -0800 (PST)
MIME-Version: 1.0
References: <20191128195955.D27F61208C7@ietfa.amsl.com> <086cc504-34b7-1b34-7a53-0d1f69ffdc88@cs.tcd.ie> <0F19AF8B-BC50-430C-B45E-132BB3B4D875@akamai.com> <CADPMZDA0WPY249WJ1u8h5bYMFUN=3uS_oxEEZM=cyt0Bc+faXg@mail.gmail.com>
In-Reply-To: <CADPMZDA0WPY249WJ1u8h5bYMFUN=3uS_oxEEZM=cyt0Bc+faXg@mail.gmail.com>
From: Daniel Migault <daniel.migault@ericsson.com>
Date: Fri, 06 Dec 2019 10:35:47 -0500
Message-ID: <CADZyTknFgOTqZLjN+Zw02qSoNAtcWDY5Ryq1euNBx6UWDtu-Lw@mail.gmail.com>
To: denis bider <denisbider.ietf@gmail.com>, "ietf-ssh@NetBSD.org" <ietf-ssh@netbsd.org>
Cc: "Salz, Rich" <rsalz@akamai.com>, "curdle@ietf.org" <curdle@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006e2f9205990acd2d"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/-B5xEQ5GfmuFK9nT0I5L8A5r1No>
Subject: Re: [Curdle] call for adoption for draft-mu-curdle-ssh-xmss-00
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Dec 2019 15:36:10 -0000

Hi,


The draft draft-mu-curdle-ssh-xmss-00 "XMSS public key algorithms for the
Secure Shell (SSH) protocol" seems to encounter significant opposition to
be adopted. The main reasons are that the xmss signature scheme is very
specific to use cases that seems not easily in scope with ssh, than the
management of the private key states when used in conjunction of ssh seems
problematic.



While the WG does not seems to believe this work should happen in the WG,
the chairs would like to understand the status of development using xmss in
ssh to ensure the IANA registry does not allocate in the future the code
point used for XMSS. If such implementation existed, the chairs would
welcome any advises to avoid code point collision. Possible ways (but not
limited ) are:

* informational publication

* individual publication

* simply reserving code point

* ...


Yours,

Rich and Daniel

On Fri, Nov 29, 2019 at 10:34 PM denis bider <denisbider.ietf@gmail.com>
wrote:

> I have been convinced by others' feedback that the safe use of a stateful
> signature scheme in SSH would require the state to be encapsulated in a
> dedicated authentication device. This could be (not limited to) a USB token
> or a TPM. It's clear that such a device could exist, but does not currently
> exist, and the IETF process would require it to exist in order to proceed
> with standardization.
>
> On Fri, Nov 29, 2019 at 12:13 PM Salz, Rich <rsalz@akamai.com> wrote:
>
>> Is there anyone in favor of adoption beyond the original submitters?
>> Please speak up now.
>>
>>
>> _______________________________________________
>> Curdle mailing list
>> Curdle@ietf.org
>> https://www.ietf.org/mailman/listinfo/curdle
>>
> _______________________________________________
> Curdle mailing list
> Curdle@ietf.org
> https://www.ietf.org/mailman/listinfo/curdle
>

v2.23.0 | Report a Bug | By Email