IETF Logo Mail Archive

Re: [Curdle] Some work for the group

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Wed, 14 December 2016 15:02 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC3E31296CD for <curdle@ietfa.amsl.com>; Wed, 14 Dec 2016 07:02:27 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bUKnc0R1L9fd for <curdle@ietfa.amsl.com>; Wed, 14 Dec 2016 07:02:25 -0800 (PST)
Received: from gcc01-CY1-obe.outbound.protection.outlook.com (mail-cy1gcc01on0099.outbound.protection.outlook.com [23.103.200.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5F44E129532 for <curdle@ietf.org>; Wed, 14 Dec 2016 07:02:24 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=82dpiWFV25ndHDbVA3+O+YMgY/NQWeL8JK4Cqnawbt0=; b=difFpnChMFr5nwim3nnc+kELIwm0avYHQC1s4o5GOMImhv/FfVACDvIpyXUvFveOyKrUXqHQ9KSGNaIv4v/r1yBbUZpJMjyS1N7ihHwhd0qk1KqlwKwxmP2qJfElwvkF1uaZ120nE3Zh0r0K01YOz8ir+N0hreLj/p4qIyyjgxY=
Received: from CY4PR09MB1464.namprd09.prod.outlook.com (10.173.191.22) by CY4PR09MB1461.namprd09.prod.outlook.com (10.173.191.19) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.771.8; Wed, 14 Dec 2016 15:02:23 +0000
Received: from CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) by CY4PR09MB1464.namprd09.prod.outlook.com ([10.173.191.22]) with mapi id 15.01.0771.014; Wed, 14 Dec 2016 15:02:22 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Jim Schaad <ietf@augustcellars.com>, "Dang, Quynh (Fed)" <quynh.dang@nist.gov>, "curdle@ietf.org" <curdle@ietf.org>
Thread-Topic: [Curdle] Some work for the group
Thread-Index: AQHSUiKs3PWVL7wFScuPYdGzcgHHmKD/tuoAgAUxWICAAJMdgIAA392AgADiy4A=
Date: Wed, 14 Dec 2016 15:02:22 +0000
Message-ID: <D476C8AE.2D138%qdang@nist.gov>
References: <D4701965.2CFAB%qdang@nist.gov> <1481295892.20432.16.camel@redhat.com> <0e1701d254c6$46509670$d2f1c350$@augustcellars.com> <D4754C1E.2D0B1%qdang@nist.gov> <00f001d2557f$c298b140$47ca13c0$@augustcellars.com>
In-Reply-To: <00f001d2557f$c298b140$47ca13c0$@augustcellars.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.9.160926
authentication-results: spf=none (sender IP is ) smtp.mailfrom=quynh.dang@nist.gov;
x-ms-exchange-messagesentrepresentingtype: 1
x-originating-ip: [129.6.223.235]
x-microsoft-exchange-diagnostics: 1; CY4PR09MB1461; 7:KWIC4OeILt1iKqfQi5Ffk+JbaYCx+DqvjbZUbu4pLyShll6lz9yQkALohliXy7DpjyaftN8EzZe7K/OxQBFE39kSbEifGxMlOgawWuuo+M2CJ0puC7ct/vKObO/HZiR84iJZ30I4F3fEW76Qg7HYvuSoaIwdsfu3czTFaUgfZCyfvHmiapZQ1hOTlJ7cyU7JEjPqQQzAf4a+BDtFA8RWASEazi3GUxsXNsdOUyAQBK7Yw1UO4hbgJNTuXSEePQSYP71e8unlQsb5wb9J2fTbHjtJOS5jPEPFwBoFQ9ai0E3NcrjKmo8rKrEpH13fZyoMrtFJ4cF7M8rvMImLl/yl3+taMbcPp03QTNDgdehaNgcmB4lyIbI0d8QPlb3HJekDiTsBn2X3WhfphVXfyRuiWfIZeYKTKUfdohqt+RH0WvW1a90ZRPdGd/zm3Up2u7Fj5gXTl8IZC4tl4zkKvC0r1w==
x-forefront-antispam-report: SFV:SKI; SCL:-1SFV:NSPM; SFS:(10019020)(7916002)(39450400003)(39410400002)(39850400002)(39840400002)(377424004)(199003)(51444003)(76104003)(377454003)(24454002)(189002)(13464003)(81166006)(76176999)(38730400001)(50986999)(7906003)(5660300001)(99286002)(5001770100001)(2900100001)(4001350100001)(97736004)(36756003)(3846002)(7736002)(790700001)(102836003)(6116002)(105586002)(68736007)(106356001)(8676002)(106116001)(2950100002)(122556002)(2906002)(77096006)(606005)(3660700001)(3280700002)(93886004)(189998001)(83506001)(81156014)(6506006)(6512006)(2501003)(54356999)(229853002)(66066001)(6486002)(86362001)(101416001)(92566002)(6436002)(107886002)(8936002); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR09MB1461; H:CY4PR09MB1464.namprd09.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
x-ms-office365-filtering-correlation-id: f9e4524b-e825-4631-6cff-08d424323553
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(22001);SRVR:CY4PR09MB1461;
x-microsoft-antispam-prvs: <CY4PR09MB1461F871994A573BCEE64A71F39A0@CY4PR09MB1461.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(65766998875637)(192374486261705)(21748063052155);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(6040375)(601004)(2401047)(5005006)(8121501046)(3002001)(10201501046)(6055026)(6041248)(20161123555025)(20161123560025)(20161123562025)(20161123564025)(6072148); SRVR:CY4PR09MB1461; BCL:0; PCL:0; RULEID:; SRVR:CY4PR09MB1461;
x-forefront-prvs: 01565FED4C
received-spf: None (protection.outlook.com: nist.gov does not designate permitted sender hosts)
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/alternative; boundary="_000_D476C8AE2D138qdangnistgov_"
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 14 Dec 2016 15:02:22.6295 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR09MB1461
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/jUHGigfr-Zm7F9Dervgx4q0zmWo>
Subject: Re: [Curdle] Some work for the group
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Dec 2016 15:02:28 -0000


From: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>
Date: Tuesday, December 13, 2016 at 3:30 PM
To: 'Quynh' <Quynh.Dang@nist.gov<mailto:Quynh.Dang@nist.gov>>, "curdle@ietf.org<mailto:curdle@ietf.org>" <curdle@ietf.org<mailto:curdle@ietf.org>>
Subject: RE: [Curdle] Some work for the group



From: Dang, Quynh (Fed) [mailto:quynh.dang@nist.gov]
Sent: Tuesday, December 13, 2016 4:09 AM
To: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>; 'Nikos Mavrogiannopoulos' <nmav@redhat.com<mailto:nmav@redhat.com>>; Dang, Quynh (Fed) <quynh.dang@nist.gov<mailto:quynh.dang@nist.gov>>; rsalz@akamai.com<mailto:rsalz@akamai.com>; curdle@ietf.org<mailto:curdle@ietf.org>
Subject: Re: [Curdle] Some work for the group



From: Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>>
Date: Monday, December 12, 2016 at 5:22 PM
To: 'Nikos Mavrogiannopoulos' <nmav@redhat.com<mailto:nmav@redhat.com>>, 'Quynh' <Quynh.Dang@nist.gov<mailto:Quynh.Dang@nist.gov>>, "rsalz@akamai.com<mailto:rsalz@akamai.com>" <rsalz@akamai.com<mailto:rsalz@akamai.com>>, "curdle@ietf.org<mailto:curdle@ietf.org>" <curdle@ietf.org<mailto:curdle@ietf.org>>
Subject: RE: [Curdle] Some work for the group



-----Original Message-----
From: Curdle [mailto:curdle-bounces@ietf.org] On Behalf Of Nikos
Mavrogiannopoulos
Sent: Friday, December 09, 2016 7:05 AM
To: Dang, Quynh (Fed) <quynh.dang@nist.gov<mailto:quynh.dang@nist.gov>>; rsalz@akamai.com<mailto:rsalz@akamai.com>;
curdle@ietf.org<mailto:curdle@ietf.org>
Subject: Re: [Curdle] Some work for the group
On Fri, 2016-12-09 at 13:46 +0000, Dang, Quynh (Fed) wrote:
> There are no security issues with the pre-hash option. One more hash
> does not create any performance issues for the current protocols.  In
> addition, the pre-hash option provides the need for long messages as
> we know: one example is the long CRLs on small devices as pointed out
> on Jim's slides.
>
> If I had to choose one algorithm which works well for all situations,
> I would choose the pre-hash option.
I agree.
Moreover, I don't quite follow the rationale for having it a must not on some
scenarios. Of the options:
1. CA uses SECP256R1 (no prehash)
2. CA uses Ed25519R1 (prehash)
3. CA uses Ed25519R1 (no prehash)

I am going to assume that this is just a typo as the prehash and no prehash are reversed on the above list.

There is one low level argument that I have found for forbidding the pre-hash version for Ed25519.   There is a possibility that if the pre-hash version is allowed somebody is going to implement it incorrectly and do the pre-hash as the item to be signed for pure mode as that is what is currently available.  The current restrictions would avoid this possibility for certificates but not for other uses.

Hi Jim,

Don't people check or test their implementations.  It is hard for me to imagine why when someone does not want to use the pre-hash, decides to implement the non pre-hash version, but ended implementing the pre-hash version, then don't check or test his or her implementation at all.

Quynh,

No, this is I implement the pure version and somebody else abuses it and uses it as a pre-hash version.  That is they do what comes naturally today.

Hi Jim,

I am not sure I understand what you think is a security issue here? Could you please explain?

Thank you,
Quynh.




Jim



I appreciate your work and contributions!


Quynh.


the 3rd is banned. I kind of understand what the authors try to achieve, but
adding local policies into RFCs does not make much sense (especially if the
policy is dubious as in this case; one option with this particular curve is banned,
with the other curves it is fine). The option (2) is apparently better than 3, but I
do not see why the existence of better option should prevent a CA from using
option (3).
Similar argumentation could be made for banning Ed25519R1 since Ed441 is
better.
I instead propose 2 alternatives, (a) remove the prehash option, or (b) create an
RFC mandating policies for CAs, which algorithms they MUST use and which not.
A CA can chose to follow them.

I think that option B would be more for the CA Consortium that for the IETF to do.

Jim

regards,
Nikos
_______________________________________________
Curdle mailing list
Curdle@ietf.org<mailto:Curdle@ietf.org>
https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email