Re: [Dcrup] I do not like the dcrup ECC document
Scott Kitterman <sklist@kitterman.com> Sun, 09 July 2017 21:22 UTC
Return-Path: <sklist@kitterman.com>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 383A1127180 for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 14:22:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=kitterman.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KTrcldZU3ff3 for <dcrup@ietfa.amsl.com>; Sun, 9 Jul 2017 14:22:14 -0700 (PDT)
Received: from mailout03.controlledmail.com (mailout03.controlledmail.com [IPv6:2607:f0d0:3001:aa::2]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 232D8126CB6 for <dcrup@ietf.org>; Sun, 9 Jul 2017 14:22:14 -0700 (PDT)
Received: from kitterma-e6430.localnet (static-72-81-252-22.bltmmd.fios.verizon.net [72.81.252.22]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by mailout03.controlledmail.com (Postfix) with ESMTPSA id EB5D4C4005E for <dcrup@ietf.org>; Sun, 9 Jul 2017 16:22:12 -0500 (CDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=kitterman.com; s=201409; t=1499635333; bh=jt0IxGC3uYHnpujVBU1E2Yt8mbTJCGkB/3HR9AyoDfg=; h=From:To:Subject:Date:In-Reply-To:References:From; b=mLWEYE7z3iEDlR0VOeMJ441tMLUnChklnuxWPxW/QSkpRQ6ahnXaPFD+SU4vdpKck NmG50vXWrv/nl3waevwI2G6M1FA+okJjz951qvSbTS3dmG6V/B+m+ByJoWqQKwqy2E dvB4mvUQXIMYteXY44g1SgtqSFXlTfswfWWeE5m8=
From: Scott Kitterman <sklist@kitterman.com>
To: dcrup@ietf.org
Date: Sun, 09 Jul 2017 17:22:12 -0400
Message-ID: <2578584.laa3YatE2f@kitterma-e6430>
User-Agent: KMail/4.13.3 (Linux/3.13.0-121-generic; KDE/4.13.3; x86_64; ; )
In-Reply-To: <alpine.OSX.2.21.1707091702130.6209@ary.qy>
References: <20170709203414.90415.qmail@ary.lan> <3A2ECF01-E8A0-4E11-9E3F-6A67C5198ACC@vigilsec.com> <alpine.OSX.2.21.1707091702130.6209@ary.qy>
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="us-ascii"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/7pZ0_LL0MBg5LZgmz5mtRyDDpo0>
Subject: Re: [Dcrup] I do not like the dcrup ECC document
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 09 Jul 2017 21:22:15 -0000
On Sunday, July 09, 2017 05:14:13 PM John R Levine wrote: > >> 3. EdDSA-SHA256 Signing Algorithm > >> > >> The eddsa-sha256 signing algorithm computes a message hash as defined > >> in section 3 of [RFC6376], and signs it with Ed25519, the EdDSA > >> algorithm using the edwards25519 curve, as defined in in RFC 8032 > >> section 5.1 [RFC8032]. The signing algorithm is PureEdDSA as defined > >> in RFC 8032 section 4, since the input to the signing algorithm has > >> already been hashed. The DNS record for the verification public key > >> MUST have a "k=eddsa" tag to indicate that the key is an EdDSA rather > >> than RSA key. > >> > >> If that's not right, please send text. > > > > PureEdDSA does not take a hash as input, it takes the whole to-be-signed > > content. > RFC 6376 describes in great detail in section 3.7 how to create the > material to be signed. What it ends up with is a sha-256 hash, but that's > not the signing algorithm's problem. I say PureEdDSA to emphasize that it > doesn't get hashed again. > > As it stands now, the RSA and EdDSA signing algorithms sign the same > thing. I suppose I could extensively rewrite the signing instructions so > that stuff to be signed by RSA is hashed while stuff to be signed by EdDSA > is not because it'll use HashEdDSA, but that seems a lot of work and a lot > of code changes for no benefit. The python crypto library I plan to use for this (python-nacl) supports both. Given the current structure of the dkimpy code, it would be much simpler to support PureEdDSA. Having looked at how I would implement this (but not having done it yet) I agree with your contention about implementation complexity. Scott K
- [Dcrup] I do not like the dcrup ECC document Salz, Rich
- Re: [Dcrup] I do not like the dcrup ECC document Mark D. Baushke
- Re: [Dcrup] I do not like the dcrup ECC document Rose, Scott
- Re: [Dcrup] I do not like the dcrup ECC document Salz, Rich
- Re: [Dcrup] I do not like the dcrup ECC document Mark D. Baushke
- Re: [Dcrup] I do not like the dcrup ECC document Rose, Scott
- Re: [Dcrup] I do not like the dcrup ECC document Scott Kitterman
- Re: [Dcrup] I do not like the dcrup ECC document denis bider
- Re: [Dcrup] I do not like the dcrup ECC document John Levine
- Re: [Dcrup] I do not like the dcrup ECC document Eric Rescorla
- Re: [Dcrup] I do not like the dcrup ECC document Russ Housley
- Re: [Dcrup] I do not like the dcrup ECC document John R Levine
- Re: [Dcrup] I do not like the dcrup ECC document John R Levine
- Re: [Dcrup] I do not like the dcrup ECC document Scott Kitterman
- Re: [Dcrup] I do not like the dcrup ECC document Murray S. Kucherawy
- Re: [Dcrup] I do not like the dcrup ECC document Brandon Long