Re: [Curdle] call for adoption for draft-mu-curdle-ssh-xmss-00

"Hammell, Jonathan F" <> Thu, 28 November 2019 19:59 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 006CF1208C9 for <>; Thu, 28 Nov 2019 11:59:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id qWjIOG9_v1-V for <>; Thu, 28 Nov 2019 11:59:56 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D27F61208C7 for <>; Thu, 28 Nov 2019 11:59:55 -0800 (PST)
From: "Hammell, Jonathan F" <>
To: "''" <>
Thread-Topic: Re: [Curdle] call for adoption for draft-mu-curdle-ssh-xmss-00
Thread-Index: AdWmJkGEMFahM0o9SKC7ecNzuSJWEA==
Date: Thu, 28 Nov 2019 19:59:53 +0000
Accept-Language: en-US
Content-Language: en-US
x-classification: UNCLASSIFIED
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Message-Id: <>
Archived-At: <>
Subject: Re: [Curdle] call for adoption for draft-mu-curdle-ssh-xmss-00
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "List for discussion of potential new security area wg." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 28 Nov 2019 20:04:11 -0000

Classification: UNCLASSIFIED

Hash-based signature schemes, such as XMSS, are appropriate for use cases where a limited number of signing operations will take place (due to the tree-based structure and high cost of signature generation) and those signatures will be validated far in the future (requiring the quantum-safe property).  Signing for SSH connections does not fit this model.  Furthermore, as others have pointed out, there are many concerns with managing the state of the private key in typical SSH scenarios.

I only see security concerns with using XMSS in SSH and no strong advantages.  Therefore, I am opposed to adoption.

Canadian Centre for Cyber Security

> Daniel Migault <> Wed, 20 November 2019 14:38 UTCShow header
> Hi,
> This mail starts a call for adoption for draft-mu-curdle-ssh-xmss-00 XMSS
> public key algorithms for the Secure Shell (SSH) protocol. Please state on
> the mailing list whether you support the adoption of the draft or if you
> have any objection by December 5.
> Yours,
> Rich and Daniel
> [1]