IETF Logo Mail Archive

Re: [Curdle] Some work for the group

Phillip Hallam-Baker <phill@hallambaker.com> Fri, 09 December 2016 17:33 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6AA321295AC for <curdle@ietfa.amsl.com>; Fri, 9 Dec 2016 09:33:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ljUDOVbW-VQ for <curdle@ietfa.amsl.com>; Fri, 9 Dec 2016 09:33:19 -0800 (PST)
Received: from mail-wj0-x233.google.com (mail-wj0-x233.google.com [IPv6:2a00:1450:400c:c01::233]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E61D91299A0 for <curdle@ietf.org>; Fri, 9 Dec 2016 09:33:15 -0800 (PST)
Received: by mail-wj0-x233.google.com with SMTP id v7so20296130wjy.2 for <curdle@ietf.org>; Fri, 09 Dec 2016 09:33:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=pLCSuhvxXUhtHWvs+Wu/X5PS5c/6YIfoWAWpNMCRpyg=; b=UPdoWcqSYTgE9XtpG+t/2lRdUX2o4aA5U88CGQUjj6jcwDzRdkual0EbUuIg0gXG6U /At7dfBHhLNZUIjP+mBOT4Espp+t54//3cmQB2h+DILrg+sWs1E4k+JCV7TC3PPa+pn2 yXEXOM2FfoeyvFljL5oHdIJVwEF6eZVYzJ3FripvwW0YhRoq2lx0s50h09rGN3kmxJ7D giREgKt7awLLcVygtsL+u6YL2He57Fi2X3KyAEJNJugy/nlvvg43Onf0FS57cJ3BzIzR alxkWAMoeEhH8kENnnT4dl73PgjEd03M6b86fzlftu0gAKyhauq82xuiDTub0o9BkYSo bgqg==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=pLCSuhvxXUhtHWvs+Wu/X5PS5c/6YIfoWAWpNMCRpyg=; b=m1RY84CBSnkappxDP2KPxaRuTWgwoNn+CKSZLInYvi9DMRHrtDEsxQlKDZaLzfdqbr EnZeKE7CEpcx/43N6VwXqrdsY6S1VOu0BBWQ7zm0WIlpcls7iogzhPa3a3B9iYXrxGWB 95J9SO556RdOsIDoPNhY/XpfMf/oOBJOy+ZfDUF8DsnhfBfyWBFxxav46p0w3oKqPd9N eZDwBzJkIy/KqiW+kZe1YvaCo00BorNdhOjVT4T6skOuIEP4QksJFemi76Hkn1UqIe/w g6H0/9HXCwIv8YyBqEn1XzX2nmzzlRUi1UPItfI27NdmtiHAFrlNEIoggasVpOw6Vof4 zbpg==
X-Gm-Message-State: AKaTC01Yod8pCTGf+Ti1GdZFOj18VsmzmUiMsrNTB2cJMdzk5lX+HTkHl8arvoNe3zT4DHhEUftLXNmqh19gOQ==
X-Received: by 10.194.187.103 with SMTP id fr7mr67113551wjc.99.1481304794296; Fri, 09 Dec 2016 09:33:14 -0800 (PST)
MIME-Version: 1.0
Sender: hallam@gmail.com
Received: by 10.194.83.101 with HTTP; Fri, 9 Dec 2016 09:33:13 -0800 (PST)
In-Reply-To: <7F982A95-C7D3-408F-8B1D-D2F5F21CD166@vigilsec.com>
References: <ada1784daf4349afae3ec29414bb4444@usma1ex-dag1mb1.msg.corp.akamai.com> <7F982A95-C7D3-408F-8B1D-D2F5F21CD166@vigilsec.com>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Fri, 09 Dec 2016 12:33:13 -0500
X-Google-Sender-Auth: 9OU4PrmoEI4BTQ3IpRU5wFHwidg
Message-ID: <CAMm+LwhDUkwT31Ev3-L=8_G-q7uSUpjhxYP86H1DSdNUi3fdeQ@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="047d7bd6bc9c118da705433d26b9"
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/KEa8hOKw3mtwnaPufY4McixsmHU>
Cc: "Salz, Rich" <rsalz@akamai.com>, "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: [Curdle] Some work for the group
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2016 17:33:31 -0000

On Fri, Dec 9, 2016 at 11:42 AM, Russ Housley <housley@vigilsec.com> wrote:

>
> The text in draft-ietf-curdle-pkix says CA’s MUST NOT use pre-hash version
> of signatures.  Does anyone object to this?  There is a mention of the
> trade-offs in doing that at the end of section 5.  Please respond within a
> week.
>
>
>
> draft-ietf-curdle-cms-eddsa-signatures is aligned with this decision.  If
> it changes in one of the documents, it needs to change in both.
>

​I don't think it is sustainable in CMS so if it has to be the same in both
places then we have to reject it.

In order for a crypto mode to be viable, it has to be possible to implement
it in a streaming encoder. Memory is cheap but storage is cheaper. If I
have a digital camera that is signing pictures as they are taken, that
module has to be something that can be implemented in a hardware blob
somewhere close to the point the image is captured.

Another think I have great difficulty with here is actually working out
what the pure vs free hash implementation is from the specification. trying
to describe crypto in RFC plaintext isn't a good match at the best of
times. ​This is particularly hard to follow.

v2.23.0 | Report a Bug | By Email