Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12

"Mark D. Baushke" <mdb@juniper.net> Mon, 12 March 2018 04:43 UTC

Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
To: denis bider <denisbider.ietf@gmail.com>
CC: "Salz, Rich" <rsalz@akamai.com>, "curdle@ietf.org" <curdle@ietf.org>
In-Reply-To: <CADPMZDCwRN-GHXhAe=-xPFHMnUBN39UWmENGNUeLbFkneEAgcA@mail.gmail.com>
References: <4C40F019-21FB-46AC-95D3-CC94BB976AAB@akamai.com> <12087.1520816187@eng-mail01.juniper.net> <CADPMZDCwRN-GHXhAe=-xPFHMnUBN39UWmENGNUeLbFkneEAgcA@mail.gmail.com>
Comments: In-reply-to: denis bider <denisbider.ietf@gmail.com> message dated "Sun, 11 Mar 2018 21:21:36 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sun, 11 Mar 2018 21:43:44 -0700
Message-ID: <17856.1520829824@eng-mail01.juniper.net>
Sender: mdb@juniper.net
MIME-Version: 1.0
Content-Type: text/plain
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2018 04:43:47.2541 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 861b722c-c0aa-4699-b132-08d587d3d888
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3059
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-12_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=935 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803120054
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/zRZ52cs-ICXEy5rqxPANwgdBUAM>
Subject: Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 04:43:55 -0000

Hi denis,

My question is answered.

Rich asked:

> Does anyone object?
> 
>     > > The value for 'rsa_signature_blob' is encoded as a string that
>     > > contains an octet string S (which is the output of RSASSA-PKCS1-v1_5)
>     > > and that has the same length (in octets) as the RSA modulus.  When S
>     > > contains leading zeros, there exist signers that will send a shorter
>     > > encoding of S that omits them.  A verifier MAY accept shorter
>     > > encodings of S with one or more leading zeros omitted.

I do not object.

Given at approximately 1/256 signatures will have a naturally occurring
leading zero for which some implementations do not send it and some do,
I have no objection with the change in text.

I do wonder if the text would better read:

 A verifier SHOULD accept shorter encodings of S with one or more
 leading zeros omitted.

to encourage a stronger likelyhood that a valid, but short signature
would still be accepted. However, I will leave that to others to
determine.

	-- Mark

[Curdle] Confirming a change to draft-ietf-curdle… Salz, Rich
Re: [Curdle] Confirming a change to draft-ietf-cu… Mark D. Baushke
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Mark D. Baushke
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Mark D. Baushke
Re: [Curdle] Confirming a change to draft-ietf-cu… Salz, Rich
Re: [Curdle] Confirming a change to draft-ietf-cu… Salz, Rich
Re: [Curdle] Confirming a change to draft-ietf-cu… Ron Frederick
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Peter Gutmann
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Peter Gutmann
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Peter Gutmann
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Peter Gutmann
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider
Re: [Curdle] Confirming a change to draft-ietf-cu… Ron Frederick
Re: [Curdle] Confirming a change to draft-ietf-cu… denis bider