IETF Logo Mail Archive

Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures

Martin Thomson <martin.thomson@gmail.com> Mon, 09 May 2016 01:23 UTC

Return-Path: <martin.thomson@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9AE7412D13C for <curdle@ietfa.amsl.com>; Sun, 8 May 2016 18:23:31 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G5B-wnwKWFnJ for <curdle@ietfa.amsl.com>; Sun, 8 May 2016 18:23:29 -0700 (PDT)
Received: from mail-ig0-x236.google.com (mail-ig0-x236.google.com [IPv6:2607:f8b0:4001:c05::236]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8F0A12D101 for <curdle@ietf.org>; Sun, 8 May 2016 18:23:29 -0700 (PDT)
Received: by mail-ig0-x236.google.com with SMTP id u10so92022958igr.1 for <curdle@ietf.org>; Sun, 08 May 2016 18:23:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc; bh=JCyPq7jEDmyQwPfSl0oXbebz/FCYGrsVnG2yId+8Y8c=; b=H967ABWR3pY12SuFjld9zHXTUNXIyGPvg6wUv5OAFm8OBmpg5c/4fzoHllEETFsvc6 UzQmmvhkY20TK1n11a5SLOzWvEhSCRkySO+ZtLOq4aO+HAqFD7fIxkkDs7F+Wfcp3GH+ ya4Ns3wezJ7p7tTYMQ4VDEiAEyRX1BgXuXuZo34lB3mDR+AA32BFmVF6dubgNUF1v+C9 zzgMzhNh2ZzPAWmBOqTZuvqYd5HAi6NBU5YNXZIru1QWPoocN8ph10Bh5v9CAMUBL7nL BEA9UAslmgnHQ2ljdmLr8CxvBGF7/2Ci2KA+Sb4tKzGDSfGTIMj8FJOVPf5A7Z61R9zZ +7CA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc; bh=JCyPq7jEDmyQwPfSl0oXbebz/FCYGrsVnG2yId+8Y8c=; b=mpsB5kysDgjB2grsa1Hy0wZrTozPylEAO19kcQG1q0H60TBAhuCohfpnr1J/ndD1qa JKLWNDp4NUOjDQ4dFkuxoZKh2dqVvczU6/HqmnuUr1jhX3U9nB8HcPWu5Hv377SfsYm2 7cxh2icUvAMPa074iOZ+18kCQgRGs1h6wrq79z3QdoXx5/fZ3blpG8wSL4ug3D5uXKRF 0DdCmdZQ4uOU0Z3VlTn7HZ43EfZTZWtv36nizB+sY5UsswJQOvWw6Z0TVsl4g61tIEUN xESmaThY7xsY9IWpHidY9hfKPITCYio1BdShMLWckSYsluNoFEemX/E85HrCkbxJb/iG phYQ==
X-Gm-Message-State: AOPr4FXdjwDTW9yaOhSVEa/O/qbJCPZR40J71Yljg4lJqcNO4A7VynOl4Ayif/1VYMmoYi6/QLfSwOh7h32aHg==
MIME-Version: 1.0
X-Received: by 10.50.59.211 with SMTP id b19mr8655055igr.58.1462757009044; Sun, 08 May 2016 18:23:29 -0700 (PDT)
Received: by 10.36.43.82 with HTTP; Sun, 8 May 2016 18:23:28 -0700 (PDT)
In-Reply-To: <BN1PR09MB1247156C24CEC4B06712C9BF37D0@BN1PR09MB124.namprd09.prod.outlook.com>
References: <086701d1a0e4$965f2320$c31d6960$@augustcellars.com> <9458BE75-3657-4726-949C-6C9D7511AF21@vigilsec.com> <0c7301d1a4a2$cc47a680$64d6f380$@augustcellars.com> <B0C9A58C-2BDB-4CB5-867E-CE6FE02F9AA4@vigilsec.com> <106f01d1a70f$4d5c07c0$e8141740$@augustcellars.com> <549A2D33-98AF-4935-98A3-2EF475904B78@vigilsec.com> <10a001d1a72f$cece40a0$6c6ac1e0$@augustcellars.com> <BN1PR09MB1247156C24CEC4B06712C9BF37D0@BN1PR09MB124.namprd09.prod.outlook.com>
Date: Mon, 09 May 2016 11:23:28 +1000
Message-ID: <CABkgnnUD9+oL4ORDUQ4pcrj=MzUMYhed8FWx3hU=S-EkXJDtoQ@mail.gmail.com>
From: Martin Thomson <martin.thomson@gmail.com>
To: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <http://mailarchive.ietf.org/arch/msg/curdle/9v_W25bDVxlqGbmz8Fh4y55aNHI>
Cc: Jim Schaad <ietf@augustcellars.com>, Russ Housley <housley@vigilsec.com>, "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 09 May 2016 01:23:32 -0000

On 6 May 2016 at 21:16, Dang, Quynh (Fed) <quynh.dang@nist.gov> wrote:
> For ed25519 and ed448 EdDSA signatures, hash algorithm OID should be null/absent. For ed25519ph and ed448ph, the hash algorithm is the prehash function: SHA512 for ed25519ph and SHAKE256/512 for ed448ph.

The decision in TLS was to treat signature and hash as a single
primitive, rather than a composable one, since these are not
composable anyway. And Russ has suggested to drop the *ph versions,
which is a good idea.

That suggests no need to identify SHAKE* with respect to the
signatures, only to use in other parts of the CMS that need hashes.
And only where you want the hashes to be consistent throughout.

Could Jim's concern about size be addressed by defining different OIDs
for different output sizes?

v2.23.0 | Report a Bug | By Email