Re: [Curdle] Pure/Hash issue with draft-ietf-curdle-cms-eddsa-signatures-08
Jim Schaad <ietf@augustcellars.com> Wed, 11 April 2018 17:12 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B9E8127869 for <curdle@ietfa.amsl.com>; Wed, 11 Apr 2018 10:12:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hB48kcrHtM-Z for <curdle@ietfa.amsl.com>; Wed, 11 Apr 2018 10:12:57 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 45CFC12785F for <curdle@ietf.org>; Wed, 11 Apr 2018 10:12:57 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1347.2; Wed, 11 Apr 2018 10:10:36 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: "'Conrado P. L. Gouvêa'" <conradoplg@gmail.com>, curdle@ietf.org
References: <CAHTptW__GLEqODUucyiSSj+DFV1+-UOuE+qkJ1B7POwZRfGJGg@mail.gmail.com>
In-Reply-To: <CAHTptW__GLEqODUucyiSSj+DFV1+-UOuE+qkJ1B7POwZRfGJGg@mail.gmail.com>
Date: Wed, 11 Apr 2018 10:12:48 -0700
Message-ID: <015e01d3d1b8$52bb7180$f8325480$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQNGAcsphkxSP5J11C9ccUL0GXVD96EXbC3g
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/wbCjQ6FcsfY3AfoV8ACgqWEruV4>
Subject: Re: [Curdle] Pure/Hash issue with draft-ietf-curdle-cms-eddsa-signatures-08
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Apr 2018 17:12:59 -0000
If you sign w/ attributes, then the main message is hashed and that hash is part of the signed attributes. This means that when you sign w/ attributes only the signed attributes are processed twice by the signature algorithm. This is a small sized set of bytes so doing two passes is not a huge problem. It is more of an issue when you sign w/o attributes as in that case the entire message body is passed to the signature algorithm. > -----Original Message----- > From: Curdle <curdle-bounces@ietf.org> On Behalf Of Conrado P. L. Gouvêa > Sent: Monday, April 9, 2018 12:00 PM > To: curdle@ietf.org > Subject: [Curdle] Pure/Hash issue with draft-ietf-curdle-cms-eddsa- > signatures-08 > > Hi, > > I have a question about draft-ietf-curdle-cms-eddsa-signatures-08. > (I'm not sure if this is the right place to ask...) > > Quoting the draft: > > "In most situations the CMS SignedData includes signed attributes, including > the message digest of the content. Since HashEdDSA offers no benefit when > signed attributes are present, only PureEdDSA is used with the CMS." > "The EdDSA specification [RFC8032] includes the following warning. It > deserves highlighting, especially when signed-data is used without signed > attributes and the content to be signed might be quite large: > PureEdDSA requires two passes over the input. (...)" > > It's not clear, but this seems to imply that when signed-data is used > *with* signed attributes, then two-pass is not an issue. > However, I fail to see why that's the case. Doesn't the two-pass requirement > always apply? AFAIK the whole message is signed in both cases. > > Cheers, > > Conrado Gouvea > > _______________________________________________ > Curdle mailing list > Curdle@ietf.org > https://www.ietf.org/mailman/listinfo/curdle
- [Curdle] Pure/Hash issue with draft-ietf-curdle-c… Conrado P. L. Gouvêa
- Re: [Curdle] Pure/Hash issue with draft-ietf-curd… Jim Schaad
- Re: [Curdle] Pure/Hash issue with draft-ietf-curd… Conrado P. L. Gouvêa