Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12

"Mark D. Baushke" <mdb@juniper.net> Mon, 12 March 2018 04:43 UTC

Return-Path: <mdb@juniper.net>
X-Original-To: curdle@ietfa.amsl.com
Delivered-To: curdle@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5595D126D3F for <curdle@ietfa.amsl.com>; Sun, 11 Mar 2018 21:43:55 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.702
X-Spam-Level:
X-Spam-Status: No, score=-2.702 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=juniper.net
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id G8JPFj1r6Q1b for <curdle@ietfa.amsl.com>; Sun, 11 Mar 2018 21:43:53 -0700 (PDT)
Received: from mx0a-00273201.pphosted.com (mx0a-00273201.pphosted.com [208.84.65.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4122C126CBF for <curdle@ietf.org>; Sun, 11 Mar 2018 21:43:53 -0700 (PDT)
Received: from pps.filterd (m0108158.ppops.net [127.0.0.1]) by mx0a-00273201.pphosted.com (8.16.0.22/8.16.0.22) with SMTP id w2C4cfjk012629; Sun, 11 Mar 2018 21:43:50 -0700
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=juniper.net; h=to : cc : subject : in-reply-to : references : from : date : message-id : sender : mime-version : content-type; s=PPS1017; bh=rK1KJx6KqvVgE0vqRaLG0TErtIvAUjVvA3EY7l9U14s=; b=NJsyANxjD7wbO/id6mWZqGju6Dnwp94btR8WsX4uFSPzDrL04bCUzb+WGBozKlLTN596 3/Ez/fdlFExJNiIjqCuyo8RnH2R9sdOs9PXHABWBL8JDLqejOuiHqTHh+AXsp8CBAqeT AGWW1bHOgF6qiQgbkUdWk1JZaA1P2wuKJLcYQNuEvPiE1QYLW6swCp+ihVQj8QVrxx/d aTIJEsx89bEk2J8eRG3TwgIXf/f+35afN8sa3KsWyp4SpkTXrNVnPcgt6zTSERDD7tXG H+dKVKAMpwHZwUioE0aIFtPelEd5IVNqMS/GG9LLccRG73FtDrRnfw80EvycocJXcWKZ Ig==
Received: from nam03-by2-obe.outbound.protection.outlook.com (mail-by2nam03lp0056.outbound.protection.outlook.com [216.32.180.56]) by mx0a-00273201.pphosted.com with ESMTP id 2gmbxuae6t-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Sun, 11 Mar 2018 21:43:50 -0700
Received: from BN6PR05CA0035.namprd05.prod.outlook.com (10.174.92.176) by BN6PR05MB3059.namprd05.prod.outlook.com (10.172.145.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.7; Mon, 12 Mar 2018 04:43:49 +0000
Received: from BY2NAM05FT008.eop-nam05.prod.protection.outlook.com (2a01:111:f400:7e52::207) by BN6PR05CA0035.outlook.office365.com (2603:10b6:405:39::48) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.588.7 via Frontend Transport; Mon, 12 Mar 2018 04:43:48 +0000
Received-SPF: SoftFail (protection.outlook.com: domain of transitioning juniper.net discourages use of 66.129.239.12 as permitted sender)
Received: from p-emfe01a-sac.jnpr.net (66.129.239.12) by BY2NAM05FT008.mail.protection.outlook.com (10.152.100.145) with Microsoft SMTP Server (version=TLS1_0, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA) id 15.20.588.11 via Frontend Transport; Mon, 12 Mar 2018 04:43:47 +0000
Received: from p-mailhub01.juniper.net (10.47.226.20) by p-emfe01a-sac.jnpr.net (172.24.192.21) with Microsoft SMTP Server (TLS) id 14.3.123.3; Sun, 11 Mar 2018 21:43:46 -0700
Received: from eng-mail01.juniper.net (eng-mail01.juniper.net [172.17.28.114]) by p-mailhub01.juniper.net (8.14.4/8.11.3) with ESMTP id w2C4hjP6032185; Sun, 11 Mar 2018 21:43:45 -0700 (envelope-from mdb@juniper.net)
Received: from eng-mail01.juniper.net (localhost [127.0.0.1]) by eng-mail01.juniper.net (Postfix) with ESMTP id B4B7611494; Sun, 11 Mar 2018 21:43:44 -0700 (PDT)
To: denis bider <denisbider.ietf@gmail.com>
CC: "Salz, Rich" <rsalz@akamai.com>, "curdle@ietf.org" <curdle@ietf.org>
In-Reply-To: <CADPMZDCwRN-GHXhAe=-xPFHMnUBN39UWmENGNUeLbFkneEAgcA@mail.gmail.com>
References: <4C40F019-21FB-46AC-95D3-CC94BB976AAB@akamai.com> <12087.1520816187@eng-mail01.juniper.net> <CADPMZDCwRN-GHXhAe=-xPFHMnUBN39UWmENGNUeLbFkneEAgcA@mail.gmail.com>
Comments: In-reply-to: denis bider <denisbider.ietf@gmail.com> message dated "Sun, 11 Mar 2018 21:21:36 -0500."
From: "Mark D. Baushke" <mdb@juniper.net>
Date: Sun, 11 Mar 2018 21:43:44 -0700
Message-ID: <17856.1520829824@eng-mail01.juniper.net>
Sender: <mdb@juniper.net>
MIME-Version: 1.0
Content-Type: text/plain
X-EOPAttributedMessage: 0
X-MS-Office365-Filtering-HT: Tenant
X-Forefront-Antispam-Report: CIP:66.129.239.12; IPV:NLI; CTRY:US; EFV:NLI; SFV:NSPM; SFS:(10019020)(39860400002)(346002)(376002)(39380400002)(396003)(2980300002)(189003)(199004)(336012)(77096007)(186003)(26005)(68736007)(4326008)(97736004)(6266002)(316002)(54906003)(47776003)(6246003)(7126002)(5660300001)(53936002)(76176011)(51416003)(7696005)(4743002)(305945005)(16586007)(2906002)(2810700001)(39060400002)(55016002)(356003)(6392003)(7846003)(105596002)(48376002)(50466002)(117636001)(106466001)(8936002)(53416004)(8676002)(81166006)(81156014)(2950100002)(6916009)(229853002)(76506005)(478600001)(86362001)(69596002)(97876018)(42262002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR05MB3059; H:p-emfe01a-sac.jnpr.net; FPR:; SPF:SoftFail; PTR:InfoDomainNonexistent; MX:1; A:1; LANG:en;
X-Microsoft-Exchange-Diagnostics: 1; BY2NAM05FT008; 1:+NNXpeYdilL48AU6JADniOxqUp8YcXbosY7QCKF73kPwkZL8nAmA168P36CTW5hBpp4gSkY+XJ3cmZtoATiAWNYYA//JkZ8ILJxg9b/32qjyqfWTM68J0Br1xm9ceVXG
X-MS-PublicTrafficType: Email
X-MS-Office365-Filtering-Correlation-Id: 861b722c-c0aa-4699-b132-08d587d3d888
X-Microsoft-Antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060); SRVR:BN6PR05MB3059;
X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3059; 3:oaP4T78fUq63aem3MeufmMUkfBt5IUJjfdxAoFt4JhtME8l1y5WBlWDUXyn895JIb9T69Ssd6/XC58PbUUfbUaFKLBtH2opBexp6RUk8zAKb9v6EZ8iXih0tladJYrnQ4v6qXzHJu9hfkhrFb1N6QArD0pCqftUBXC9E17hr//Xv+tl/9+qh0m4EkbhvznooZSfmLucx8sglVsCNSbrldiY6xD5VgqITv0ZvX22LOcVrFZQU2ZmoaGFz4n0oMtd24U1V20/4dGs4fXTGP4GS+3SjUl6cJNj5xzfeuB/Y4STtfSEZf51E7nQpLpzWYUtfrB/5IMKBPTVosfqsJu5vSfhz6GJv0lQETv8l0ZOFB8w=; 25:wk9swP8TPU7+eFg9inzjH5Pmx3G5eljFasa+E5TJXRD6AcISJMPmHeXSvO02mxibKyZiN5rPog3QmNZKrrPflu/K5NHD/DGozo8dekDbN3/GCHi2Wncl0u/Ca4TgxI3sZwv8hjFF6jB72jfCoMv2Lm28+Hw8tyYg6RkWpjYTXn2Bwoa6op0IiVXDPtt95X2ieBjF2tOJKGP7Venhpr4+3iAFpQ1zMVM3FCdgh7poqB9QXDni88sUG/9SLiMYNqbWSf2ZnPdxDZXqsjLRMYQJ9YDEXTPoYwsHC7a+JJoQPGQCvWd5RrLqhwFZW3ABYLnc890OwCHgON8fDVzddqaH9w==
X-MS-TrafficTypeDiagnostic: BN6PR05MB3059:
X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3059; 31:nJyiMMBzgL8IOv9a1z7lHs3HCskqhdBOviqsZ/UTygl/18dNwkwFRQI6Jxg/CSm85yu98W1KNbAVwRcez72qI61ZdEaXM49jJGzDAgiYkne7teWKes4Cc7IBmDfpoPVTMf1sPDMXp0sYgEC5nJ5mC4nE1OwBz+hxpf3lMifw9MwIndREy4tapDEP2TrOhbJy8FaodycTrmPSBL+2YXlPU7MlcXjNv7Qk0yyvJ2/nu+A=; 20:R7PwRgm19waEe4V16mOBEmw8AkTwLTPqoHbkexfx4OBS2Z0ZAVSZ1KTZsyvoRZjXwmXbqqJwRlYiDL7LaS8PDpypNvtWh1FYTJGL+HEJYQ527kquTY+s/Jjp6ZANdubncrWf1iBn+YPXAEfG8KrO/7pHZQL1zDlsfBGALnOWfhOAwhdNLFcNGZrXwMYzCQK+8ooDAN0Vz6toWJPjYuyUEOvOk/8rTjeEt6iCbjmA55O8ufN4bu6v7X5jL2hfF7uenEr9vG7mv3R1OwRNhrQYXtnIKqVFA84rWKL9FG062G9hQ1L528b2IYRFUFWuw1Ev3UgTM7yQ/tmtD5X9uHZM5awMxEuN+UZT7OWFABsXptwVzlHHdC8pEpMmj1SWBhCn31vMCNw6+MkeAcPf3FGre0PUo37liBI4wwxBBn/4QVxdEQ8EOAgnceZdDmurpm0WOeT8IFg3tsGxSe/QXTlVOPH6dnRN7ZUV1K1uAv93MTENljkUcTQp1Q81vnbaY3AV
X-Microsoft-Antispam-PRVS: <BN6PR05MB3059D0F8F62A0CE052FF1622BFD30@BN6PR05MB3059.namprd05.prod.outlook.com>
X-Exchange-Antispam-Report-Test: UriScan:;
X-Exchange-Antispam-Report-CFA-Test: BCL:0; PCL:0; RULEID:(8211001083)(6040522)(2401047)(8121501046)(5005006)(3002001)(93006095)(93003095)(10201501046)(3231220)(944501244)(52105095)(6055026)(6041310)(20161123564045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123558120)(6072148)(201708071742011); SRVR:BN6PR05MB3059; BCL:0; PCL:0; RULEID:; SRVR:BN6PR05MB3059;
X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3059; 4:G5hu5KUAVoNCG+clr6GdFA6LFXcqDUuXBeFD/3yKo+64hWmhElTjx5tQQ+T/3agBIZC/feHuh+U4Mf5NPCgqXz5S+EZAajm6/JtRe6XBAyeSoNNy59IRjlwHZ/IFtb2XbaqEcOl5KxZEbXGEMUkiT84C2UvBo1AkDBmwZinA7rRKnia29fqaMWGp/dsjsunLS71VKzpJE/pZ/XuDQUCJGfdTLJvNunxTiYr6fUMohDw5FloZo1BpXte+LszdwjVse1f6Vo/1j5DZcNje52wfWQ==
X-Forefront-PRVS: 06098A2863
X-Microsoft-Exchange-Diagnostics: =?us-ascii?Q?1; BN6PR05MB3059; 23:FLGpRtHhbxtGpa/2GA84T4CqQ6p3vNsXO6100osDr?= =?us-ascii?Q?G74EsqgblEjleCPgr2YCuR/fch5PYuw0cmfnylT83h6MjVfwzhlgVEyATGuC?= =?us-ascii?Q?52+HigbVCaM734AI2DVc8byHTn7KniVnHX3kOfbM8mrhem+lT8Cm74StmW5R?= =?us-ascii?Q?VzmeMnSTGafZH5f2t1TD7m/EusoIW2dOn/9Uctno352q6nDe9GvQMzdyUnio?= =?us-ascii?Q?sRbmu7pjvqu6cY6TH9nQyzUMxaq9XvFc+eC613PVpudY0bKoHBjObZ9RxiYj?= =?us-ascii?Q?itXadzQUJU9uJKIjKZ96Ozlm9ZLQ7tDoqfjUYf9HkCIvzoKN5247YlwGKlKs?= =?us-ascii?Q?VCMk3164oLGTjjdfurK9339hjbBGwgE8x/B7uxLBWCF2u39ETGwKQMLcv6vJ?= =?us-ascii?Q?Qsmv+4VoJVYkg2cEuPI/1sb2w/02uhEUPzUKQ/KsVUzohRMzxVS7k/KVhUaS?= =?us-ascii?Q?ntZiNrccponfeiBX6OhBKdlfrrG2Ok3D4ToWysw8gNdeIzsX4aHwz0my6ZMP?= =?us-ascii?Q?bLJW5VaKnAnnsixiY5O2c2E1Se2fJ0sTOJOuZu3ZdEIFmQncl3vOHUEf04Pm?= =?us-ascii?Q?58vjKZ/14Pa1z4P4YgoKAiXQrUdWyPzJA6VfjNyHxQTfJJyaD/UZ8WbTd+su?= =?us-ascii?Q?0oC9ufM4WA9oHplu+hs3k5xwELBWtoKn/AK1i9GIVIOPZHEKcjPvRDi0h1cK?= =?us-ascii?Q?gelrF4UJpndfXQcwWo1pqf+84F97bCRXtfATvxTyB/x7S3A5iDngdojt4Fz9?= =?us-ascii?Q?VpHGQrdUTKSqaWl63RTAnX0wDGbhoZWSO8VyM9jckGoC/0Nz8M7p6DrrBHza?= =?us-ascii?Q?by4CQ3Jr00WCfW0z9cXwQYyKGvMpC/VHNqs6ZD8iIPWjw06k5mJX6BEdOQ3D?= =?us-ascii?Q?+6nS3KeA1iUld0z2HXuuS8IzFJ+pcR5v7bzT0z5Src5VThntt0Ua+7CmQwyk?= =?us-ascii?Q?2ZjEE5f0LAGAfYb+wL+1kFmaC6vAMm2TrAN8RhduOksYfK3HukEGcnZ9ctVT?= =?us-ascii?Q?S5PvZIZOhAxmqDy1ncv+YqGkmZNpifNw7FkQGhf3xOJ1kLbrpP7eDc7N2sMC?= =?us-ascii?Q?+hddyrjrrO3+Vf2IXHemtVY2ZVTF3Xpk4VRQQ/v9TW4RnClrGAwp+5lgc49y?= =?us-ascii?Q?Dgh481TL1kHub/GqEFUFHi0JuyCjl/sS86191Hc7FJhxCcAG5qwI6vo8uNK/?= =?us-ascii?Q?pq3tm2ikZtsgyYiiyt2kawkS8LSFEyFLKNaBrdreDkPCIvzHvSd4c2Kqa6Mj?= =?us-ascii?Q?P1Fh4FwbXBA/8OHpH7q4f9vuDt+wdoJRRdTRw+r?=
X-Microsoft-Antispam-Message-Info: 9X+YjxKxfLf1b6gSdI6nPWpa9y+TxyyhOS4AThvkOi91Z4YQj7fKYMFLgGWaOQA16XiVkY1j9LMMEJjZLGgZzTSEnHh+1PJ+qq1QTorRhMAnIh3np89YerNoadbOI/HW9CxHboC9+N/R8nj8CDsr0scb4k9iemojZpm4BnAy9yNXN/WgVGsLQ0+QvvgUpozr
X-Microsoft-Exchange-Diagnostics: 1; BN6PR05MB3059; 6:KVlXcIWIKqf8t3fx6nKRcW1r0+eCeF2Y9XPScFTzAxnsJtQUe2Ya+8rniqLqlEuJXNCId+4oUgUFamScJxnR2wW5NcIGQ+a157RlAPgfEkCdZ+F3MwqOL+a/nWUC+zM+WmSuTMJoSiCLCIZhYt8laOQcU5nnWTq8uuPJ+PifHdq1MQsfjI2hHP76pXR2Huptd3KKUU7o9nAdr3Wyz2BntBxYKQkLIkwZIgFLfkSnq/3ylgy6yjqvcbRQnySg2w3DeE6tthI1ih1DyJGQmy25oW5zECnvC30wkIwG2MibSACwhEXE8i1B1vN5LCUZvbgyG6tpgGFQVxTJORlBjCsYo8jvbgJzmBRa03paM0aYUrw=; 5:5p6aSx+1xXTZprma7UsUF4ngaY3NaArzCMKrApbKGwnX9LnC15bZ19D3biGwgfxWiWZNATcc9SmpU0BHVFCLPqXE64kGW+pziSCg+lvX/Fm2EGvai5ZC/YvIIzGdjaVeCdjzXdHRiXs30Z/9Oodub2dckKFgifyfhy8KeYl9Ro8=; 24:KYvG6rRJTgYGhZJyKJM/aCsBknH7fSWPyQM/AqkLndhBASk111bWjxSvwjc3iP9D6NjLLGS1LOwWHayXK3NOXJ7yYTYRshQWgsB1/FGQ7pc=; 7:jtMLR0W7mv9DxWldEh/p5zvgVLdb5RdpYUEq3udN0trp0pHolzKhpvDZ958GhPvacvOojvGt596zH9aTexI4CsBzghHnMSgvaackW4oTEn2uFTC0JnkwFXSzsBaHowcGI6yAaTDDJdmzLarBr216m90EJgFZlUyzP4siYncwcVC8daj1t6vnbsjovALBDqNuUaHoR3ksVroa192vGtKmkGT/zAkjf4i4sYtmnUaKzJUXg1sV4Q4lnBhzffEgsrPQ
SpamDiagnosticOutput: 1:99
SpamDiagnosticMetadata: NSPM
X-OriginatorOrg: juniper.net
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 12 Mar 2018 04:43:47.2541 (UTC)
X-MS-Exchange-CrossTenant-Network-Message-Id: 861b722c-c0aa-4699-b132-08d587d3d888
X-MS-Exchange-CrossTenant-Id: bea78b3c-4cdb-4130-854a-1d193232e5f4
X-MS-Exchange-CrossTenant-OriginalAttributedTenantConnectingIp: TenantId=bea78b3c-4cdb-4130-854a-1d193232e5f4; Ip=[66.129.239.12]; Helo=[p-emfe01a-sac.jnpr.net]
X-MS-Exchange-CrossTenant-FromEntityHeader: HybridOnPrem
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB3059
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2018-03-12_02:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_spam_notspam policy=outbound_spam score=0 priorityscore=1501 malwarescore=0 suspectscore=1 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=935 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1711220000 definitions=main-1803120054
Archived-At: <https://mailarchive.ietf.org/arch/msg/curdle/zRZ52cs-ICXEy5rqxPANwgdBUAM>
Subject: Re: [Curdle] Confirming a change to draft-ietf-curdle-rsa-sha2-12
X-BeenThere: curdle@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "List for discussion of potential new security area wg." <curdle.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/curdle>, <mailto:curdle-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/curdle/>
List-Post: <mailto:curdle@ietf.org>
List-Help: <mailto:curdle-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/curdle>, <mailto:curdle-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Mar 2018 04:43:55 -0000

Hi denis,

My question is answered.

Rich asked:

> Does anyone object?
> 
>     > > The value for 'rsa_signature_blob' is encoded as a string that
>     > > contains an octet string S (which is the output of RSASSA-PKCS1-v1_5)
>     > > and that has the same length (in octets) as the RSA modulus.  When S
>     > > contains leading zeros, there exist signers that will send a shorter
>     > > encoding of S that omits them.  A verifier MAY accept shorter
>     > > encodings of S with one or more leading zeros omitted.

I do not object.

Given at approximately 1/256 signatures will have a naturally occurring
leading zero for which some implementations do not send it and some do,
I have no objection with the change in text.

I do wonder if the text would better read:

 A verifier SHOULD accept shorter encodings of S with one or more
 leading zeros omitted.

to encourage a stronger likelyhood that a valid, but short signature
would still be accepted. However, I will leave that to others to
determine.

	-- Mark