IETF Logo Mail Archive

Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures

"Dang, Quynh (Fed)" <quynh.dang@nist.gov> Fri, 06 May 2016 10:53 UTC

Return-Path: <quynh.dang@nist.gov>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9C7712D66E for <curdle@ietfa.amsl.com>; Fri, 6 May 2016 03:53:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=nistgov.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id w1uFiJnOp7uK for <curdle@ietfa.amsl.com>; Fri, 6 May 2016 03:53:46 -0700 (PDT)
Received: from gcc01-dm2-obe.outbound.protection.outlook.com (mail-dm2gcc01on0125.outbound.protection.outlook.com [23.103.201.125]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F2AC712D5A1 for <curdle@ietf.org>; Fri, 6 May 2016 03:53:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nistgov.onmicrosoft.com; s=selector1-nist-gov; h=From:To:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=FCexG8hE/uZIAjI9lvIo5U5MGAQq0JnhLMjQCzFNRvQ=; b=si3tSswVLQesd1O0DAelMVcxdekqyn0vXoKjfj0i/ocyacJ2ylH3WIzKrA0r7tsqUYqmA4Zr7JrAWIY+P51UpNzmyK4ICWiuKooQq1Bl8XubgJOfWWxfVYEA7aIrVwuvt4653u3Le9CURkDsh3VfmbJFYShoVG+UJA8ek5UvMLU=
Received: from BN1PR09MB124.namprd09.prod.outlook.com (10.255.200.27) by BN1PR09MB122.namprd09.prod.outlook.com (10.255.200.156) with Microsoft SMTP Server (TLS) id 15.1.477.8; Fri, 6 May 2016 10:53:43 +0000
Received: from BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) by BN1PR09MB124.namprd09.prod.outlook.com ([10.255.200.27]) with mapi id 15.01.0477.017; Fri, 6 May 2016 10:53:43 +0000
From: "Dang, Quynh (Fed)" <quynh.dang@nist.gov>
To: Russ Housley <housley@vigilsec.com>, Jim Schaad <ietf@augustcellars.com>
Thread-Topic: [Curdle] Comments on draft-housley-cms-eddsa-signatures
Thread-Index: AQHRpJiiUMFvavyrw02yfEgwrMzH1p+l/FuAgATNYQCAAAurAIAAOBsAgACzsgE=
Date: Fri, 06 May 2016 10:53:43 +0000
Message-ID: <BN1PR09MB1242F1F646324E4D3F98636F37D0@BN1PR09MB124.namprd09.prod.outlook.com>
References: <086701d1a0e4$965f2320$c31d6960$@augustcellars.com> <9458BE75-3657-4726-949C-6C9D7511AF21@vigilsec.com> <0c7301d1a4a2$cc47a680$64d6f380$@augustcellars.com> <B0C9A58C-2BDB-4CB5-867E-CE6FE02F9AA4@vigilsec.com> <106f01d1a70f$4d5c07c0$e8141740$@augustcellars.com>, <549A2D33-98AF-4935-98A3-2EF475904B78@vigilsec.com>
In-Reply-To: <549A2D33-98AF-4935-98A3-2EF475904B78@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=nist.gov;
x-originating-ip: [74.96.246.53]
x-ms-office365-filtering-correlation-id: 13ce6a77-8a08-4349-0ee8-08d3759cb126
x-microsoft-exchange-diagnostics: 1; BN1PR09MB122; 5:JVdjx6Vty1Lp66A6P842gmKzRWDuFhn42Cl5peukDDgjXcGMAhbLipBmHET85+fOfsk0M9Fd7w1FFw3dCoaX5wA9iz1CERg8lQPiDEFf1hMa4UXXr8bVxTFh2qsmxKIKNGJLSF/vUJuFyP+Oidzwkw==; 24:s7/tw2aE75jzDUmW8UHbfz4taGnx8eKGmmwLus3VqxvleszqVc3FPb/5JRdsgz1oRi3jDLtDesZ9AlxSGL8tSygA9Qs6ewtUJykJnE0lpnQ=; 7:wjLmWIH4O284XRIAecPjWDl78W1MIOe7mxDgA3XlnGDkoqOCiTfPBxt9Tmo98v9z+l09rD3EF9xuQVXXrtdovX5ZNd+MqDmBO2dfK09q+Frb2bNWPkYQK7A03z8Rf4LM8Vt7BWToMApK2RlS1sO22HoQD1r3CCbO1kJDhvwTBPPMow3zHa3Ggn1LfwnZMU9f
x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:;SRVR:BN1PR09MB122;
x-microsoft-antispam-prvs: <BN1PR09MB1223761322BF83C298B3589F37D0@BN1PR09MB122.namprd09.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:;
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(601004)(2401047)(8121501046)(5005006)(10201501046)(3002001)(6055026); SRVR:BN1PR09MB122; BCL:0; PCL:0; RULEID:; SRVR:BN1PR09MB122;
x-forefront-prvs: 09347618C4
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(6009001)(377454003)(24454002)(66066001)(15975445007)(77096005)(92566002)(33656002)(74316001)(87936001)(93886004)(54356999)(9686002)(50986999)(76176999)(122556002)(5004730100002)(86362001)(81166005)(10400500002)(11100500001)(2950100001)(5008740100001)(3280700002)(3660700001)(3900700001)(2900100001)(5003600100002)(5001770100001)(4326007)(76576001)(189998001)(106116001)(2906002)(8936002)(99286002)(586003)(19580405001)(19580395003)(3846002)(5002640100001)(102836003)(6116002)(230783001)(1220700001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN1PR09MB122; H:BN1PR09MB124.namprd09.prod.outlook.com; FPR:; SPF:None; MLV:sfv; LANG:en;
spamdiagnosticoutput: 1:23
spamdiagnosticmetadata: NSPM
Content-Type: text/plain; charset="Windows-1252"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: nist.gov
X-MS-Exchange-CrossTenant-originalarrivaltime: 06 May 2016 10:53:43.5375 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 2ab5d82f-d8fa-4797-a93e-054655c61dec
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1PR09MB122
Archived-At: <http://mailarchive.ietf.org/arch/msg/curdle/lH_Gy_OuOL6tabiWwuOr4YOVQFc>
Cc: "curdle@ietf.org" <curdle@ietf.org>
Subject: Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2016 10:53:49 -0000

Hi Russ,

Since SHAKE256 is used in the function, one just goes with SHAKE256/512 instead of SHA512 and just needs to allocate on OID for SHAKE256/512.

Regards,
Quynh. 

________________________________________
From: Curdle <curdle-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Sent: Thursday, May 5, 2016 8:08 PM
To: Jim Schaad
Cc: curdle@ietf.org
Subject: Re: [Curdle] Comments on draft-housley-cms-eddsa-signatures

On May 5, 2016, at 4:47 PM, Jim Schaad <ietf@augustcellars.com> wrote:

>> A second worry is that SHAK256 is defined as being an XOF function and
>> not a hash function.  I think it might make more sense to say that we
>> should be using SHA3-256 rather than SHAKE256.  In any event the OID
>> assigned on the NIST web site does not make any statements about the
>> size of output of
>> SHAKE256 and if we are going to use it as a hash algorithm here we
>> need to do that.  Suffice it to say that I don't think that using
>> SHAKE256 as a hash algorithm here is sufficiently defined.
>
> Doesn't this need to be addressed in draft-irtf-cfrg-eddsa?
>
> [JLS] No, I am not worried about how SHAKE256 is being used in the EdDSA
> process (it is fully defined there), I am looking at the use of SHAKE256
> when it is placed in the digestAlgorithm attribute of the SignerInfo
> structure.  In this case the length of the output needs to be specified
> (i.e. how long is the message digest signed attribute).  This is defined for
> hash algorithms, but is not defined for XOF functions.

I was not understanding you issue until now…

You are worried about this:

       Compute SHAKE256(dom(F, C) || prefix || M, 114), where M is the
       message to be signed, …

Maybe we just make M = SHA512(ValueOnly(DER(SignedAttrs)))

Russ


_______________________________________________
Curdle mailing list
Curdle@ietf.org
https://www.ietf.org/mailman/listinfo/curdle

v2.23.0 | Report a Bug | By Email