Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures
"Jim Schaad" <ietf@augustcellars.com> Mon, 09 May 2016 03:07 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30F0E12D1BE for <curdle@ietfa.amsl.com>; Sun, 8 May 2016 20:07:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P9HSZXcrK8O6 for <curdle@ietfa.amsl.com>; Sun, 8 May 2016 20:07:29 -0700 (PDT)
Received: from smtp1.pacifier.net (smtp1.pacifier.net [64.255.237.171]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6E8AA12D1B6 for <curdle@ietf.org>; Sun, 8 May 2016 20:07:29 -0700 (PDT)
Received: from hebrews (c-24-21-96-37.hsd1.or.comcast.net [24.21.96.37]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: schaad@nwlink.com) by smtp1.pacifier.net (Postfix) with ESMTPSA id 5AF222CA2B; Sun, 8 May 2016 20:07:28 -0700 (PDT)
From: Jim Schaad <ietf@augustcellars.com>
To: 'Martin Thomson' <martin.thomson@gmail.com>, "'Dang, Quynh (Fed)'" <quynh.dang@nist.gov>
References: <086701d1a0e4$965f2320$c31d6960$@augustcellars.com> <9458BE75-3657-4726-949C-6C9D7511AF21@vigilsec.com> <0c7301d1a4a2$cc47a680$64d6f380$@augustcellars.com> <B0C9A58C-2BDB-4CB5-867E-CE6FE02F9AA4@vigilsec.com> <106f01d1a70f$4d5c07c0$e8141740$@augustcellars.com> <549A2D33-98AF-4935-98A3-2EF475904B78@vigilsec.com> <10a001d1a72f$cece40a0$6c6ac1e0$@augustcellars.com> <BN1PR09MB1247156C24CEC4B06712C9BF37D0@BN1PR09MB124.namprd09.prod.outlook.com> <CABkgnnUD9+oL4ORDUQ4pcrj=MzUMYhed8FWx3hU=S-EkXJDtoQ@mail.gmail.com>
In-Reply-To: <CABkgnnUD9+oL4ORDUQ4pcrj=MzUMYhed8FWx3hU=S-EkXJDtoQ@mail.gmail.com>
Date: Sun, 08 May 2016 20:07:27 -0700
Message-ID: <127501d1a99f$eb6787e0$c23697a0$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQIfBLXiu/ETDZDECg/NZrmdRKtKuwH6YJMHAx0dd7oCqvUiewJXg3G6AjjTr8QBi+TJAAJD4AFYANSuehOejXw/4A==
Content-Language: en-us
Archived-At: <http://mailarchive.ietf.org/arch/msg/curdle/2wpCrqKZAtwiCZgpLjmO1qbdo3Q>
Cc: curdle@ietf.org, 'Russ Housley' <housley@vigilsec.com>
Subject: Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2016 03:07:31 -0000
This would definitely be one approach to solving my issue. The second would be to define a new OID which takes an integer parameter which is the size of the desired output. Jim -----Original Message----- From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Martin Thomson Sent: Sunday, May 08, 2016 6:23 PM To: Dang, Quynh (Fed) <quynh.dang@nist.gov> Cc: Jim Schaad <ietf@augustcellars.com>; Russ Housley <housley@vigilsec.com>; curdle@ietf.org Subject: Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures On 6 May 2016 at 21:16, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote: > For ed25519 and ed448 EdDSA signatures, hash algorithm OID should be null/absent. For ed25519ph and ed448ph, the hash algorithm is the prehash function: SHA512 for ed25519ph and SHAKE256/512 for ed448ph. The decision in TLS was to treat signature and hash as a single primitive, rather than a composable one, since these are not composable anyway. And Russ has suggested to drop the *ph versions, which is a good idea. That suggests no need to identify SHAKE* with respect to the signatures, only to use in other parts of the CMS that need hashes. And only where you want the hashes to be consistent throughout. Could Jim's concern about size be addressed by defining different OIDs for different output sizes? _______________________________________________ Curdle mailing list Curdle@ietf.org https://www.ietf.org/mailman/listinfo/curdle
- [Curdle] Comments on draft-housley-cms-eddsa-sign… Russ Housley
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Jim Schaad
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Dang, Quynh (Fed)
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Jim Schaad
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Dang, Quynh (Fed)
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Russ Housley
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Jim Schaad
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Russ Housley
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Jim Schaad
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Dang, Quynh (Fed)
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Dang, Quynh (Fed)
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Martin Thomson
- Re: [Curdle] Comments on draft-housley-cms-eddsa-… Jim Schaad