Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06

Alessandro Vesely <vesely@tana.it> Sun, 24 September 2017 12:18 UTC

Return-Path: <vesely@tana.it>
X-Original-To: dcrup@ietfa.amsl.com
Delivered-To: dcrup@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A92133065 for <dcrup@ietfa.amsl.com>; Sun, 24 Sep 2017 05:18:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.901
X-Spam-Level:
X-Spam-Status: No, score=-2.901 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wo2w25QNUjwv for <dcrup@ietfa.amsl.com>; Sun, 24 Sep 2017 05:18:19 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DDBDD132A89 for <dcrup@ietf.org>; Sun, 24 Sep 2017 05:18:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=beta; t=1506255497; bh=8ScipKaPaI+wfBmCZPCCsg5l6+7+jOes+u24IEpNp/0=; l=1175; h=To:References:From:Date:In-Reply-To; b=MB6kD7S2hItPoUnG8pzaVWJ0vdp3SD9INQwC3VzC0FN2J2raMQJ4ROqTd7r8PVpCd ateYNokU/W+iHESwe1mpHOfj5ldnpzSBTv0SRzu60enW3oV4Pm31sN4+1FNFmTU8RC 7cGuzZS8SEizBgDZPDo45nWvAu8d0qEFGowzV0ks=
Authentication-Results: tana.it; auth=pass (details omitted)
Received: from [172.25.197.109] (pcale.tana [172.25.197.109]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k) by wmail.tana.it with ESMTPA; Sun, 24 Sep 2017 14:18:16 +0200 id 00000000005DC085.0000000059C7A288.00003C38
To: dcrup@ietf.org
References: <20170914014118.2378.qmail@ary.lan> <m3vakl9rjx.fsf@carbon.jhcloos.org> <alpine.OSX.2.21.1709142029180.6872@ary.local> <m38thf9azc.fsf@carbon.jhcloos.org> <m3lgle7sxm.fsf@carbon.jhcloos.org>
From: Alessandro Vesely <vesely@tana.it>
Openpgp: id=0A5B4BB141A53F7F55FC8CBCB6ACF44490D17C00
Message-ID: <286369e9-a074-1215-8b80-36a33ba224ca@tana.it>
Date: Sun, 24 Sep 2017 14:18:16 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.1
MIME-Version: 1.0
In-Reply-To: <m3lgle7sxm.fsf@carbon.jhcloos.org>
Content-Type: text/plain; charset="us-ascii"
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dcrup/vejZXEg6K_y9E550oVNZtqHkcqw>
Subject: Re: [Dcrup] I-D draft-ietf-dcrup-dkim-crypto-06
X-BeenThere: dcrup@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: DKIM Crypto Update <dcrup.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dcrup>, <mailto:dcrup-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dcrup/>
List-Post: <mailto:dcrup@ietf.org>
List-Help: <mailto:dcrup-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dcrup>, <mailto:dcrup-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Sep 2017 12:18:21 -0000

On Sat 16/Sep/2017 14:02:13 +0200 James Cloos wrote:
>> It is the impression I've gotten from reading the various project lists.
> 
> Nikos recently posted that he skipped pure because curdle chose to avoid it.

Yes, that's the reply to the question Jeremy told us he was going to ask on
that list, on Sep 14:
https://lists.gnupg.org/pipermail/gnutls-help/2017-September/004387.html

My understanding is that curdle's decision is due to the fact that PureEdDSA
requires two passes over the input.  But then I didn't read the full details of
their decision (summer 2016):
https://www.ietf.org/mail-archive/web/curdle/current/msg00266.html

Dealing with generic functions, the GnuTLS manual does not expand much on why
gnutls_privkey_sign_hash [1] won't work.  It may be interesting to compare its
man page with that of nettle's ed25519_sha512_sign [2].  BTW, nettle is yet
another lib which doesn't seem to be going to implement the pre-hash variant
any time soon.

[1] GnuTLS
https://gnutls.org/manual/html_node/Abstract-key-API.html#gnutls_005fprivkey_005fsign_005fhash

[2] Nettle
https://www.lysator.liu.se/~nisse/nettle/nettle.html#EdDSA

hth
Ale