Re: [Gen-art] Genart last call review of draft-ietf-cose-hash-sig-05

Russ Housley <housley@vigilsec.com> Wed, 04 December 2019 20:02 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DFBA512097C for <gen-art@ietfa.amsl.com>; Wed, 4 Dec 2019 12:02:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oJGYWPpQ8OBP for <gen-art@ietfa.amsl.com>; Wed, 4 Dec 2019 12:02:04 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9A8D112098E for <gen-art@ietf.org>; Wed, 4 Dec 2019 12:01:46 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 070BC300B23 for <gen-art@ietf.org>; Wed, 4 Dec 2019 15:01:45 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id ZNrFevPfiYBg for <gen-art@ietf.org>; Wed, 4 Dec 2019 15:01:42 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-108-51-198-163.washdc.fios.verizon.net [108.51.198.163]) by mail.smeinc.net (Postfix) with ESMTPSA id 54403300460; Wed, 4 Dec 2019 15:01:42 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <157230544744.16080.11317427545621451267@ietfa.amsl.com>
Date: Wed, 04 Dec 2019 15:01:42 -0500
Cc: IETF Gen-ART <gen-art@ietf.org>, last-call@ietf.org, draft-ietf-cose-hash-sig.all@ietf.org, cose@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <351AF9D0-8D01-40F0-A861-AF6ED825C439@vigilsec.com>
References: <157230544744.16080.11317427545621451267@ietfa.amsl.com>
To: Elwyn Davies <elwynd@dial.pipex.com>
X-Mailer: Apple Mail (2.3445.104.11)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/Z4JW-ZM4mIqD1EWyKCx_tnvd75k>
Subject: Re: [Gen-art] Genart last call review of draft-ietf-cose-hash-sig-05
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 04 Dec 2019 20:02:06 -0000

Elwyn:

Thanks for the review.  I missed the review when you posted it, but I saw Alissa's recent reply to it.

> Reviewer: Elwyn Davies
> Review result: Almost Ready
> 
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.
> 
> Document: draft-ietf-cose-hash-sig-05
> Reviewer: Elwyn Davies
> Review Date: 2019-10-28
> IETF LC End Date: 2019-10-29
> IESG Telechat date: Not scheduled for a telechat
> I am the assigned Gen-ART reviewer for this draft. The General Area
> Review Team (Gen-ART) reviews all IETF documents being processed
> by the IESG for the IETF Chair.  Please treat these comments just
> like any other last call comments.
> 
> For more information, please see the FAQ at
> 
> <" dir="auto">https://trac.ietf.org/trac/gen/wiki/GenArtfaq>;.
> 
> Document: draft-ietf-cose-hash-sig-05
> Reviewer: Elwyn Davies
> Review Date: 2019/10/28
> IETF LC End Date: 2019/10/29
> IESG Telechat date: (if known) N/A
> 
> Summary:
> Almost ready,  There is one minor issue (barely above editorial) and a number
> of nits.  I haven't checked the details of the HSS/LMS summary derived from RFC
> 8554 and I am taking the contents of the Appendix on trust!
> 
> Major issues:
> None
> 
> Minor issues:
> s1.1, last para:  I found the note which provides particular motivation for
> this proposal rather obscure on first reading.  After thinking about it, I now
> understand why this is here, but another sentence or so reinforcing the idea
> that getting the software distribution system post-quantum secure at the
> earlest opportunity is key to avoiding melt down should quantum computing
> develop more quickly than we might expect.   Also referring to the SUIT WG is
> not future proof.

I hope this resolved your concern:

   Since the HSS/LMS signature algorithm does not depend on the
   difficulty of discrete logarithm or factoring, the HSS/LMS signature
   algorithm is considered to be post-quantum secure.  The use of HSS/
   LMS hash-based signatures to protect software update distribution
   will allow the deployment of future software that implements new
   cryptosystems.  By deploying HSS/LMS today, authentication and
   integrity protection of the future software can be provided, even if
   advances break current digital signature mechanisms.


> Nits/editorial comments:
> s1, HASHSIG reference anchor:  I would be inclined to stick with the 'standard'
> anchor for RFC 8554 i.e. [RFC8554].

I guess this is taste.  I find [HASHSIG] easier to read in many of the places where RFC 8554 is referenced.

> s1, para 2: Expand DSA, ECDSA and EdDSA on first use ( RSA is claimed to be
> well-known).  Arguably references for the various mechanisms might be desirable.

All of these are well known digital signature algorithms.  They only appear as part of the motivation section; however, I will add references.

> s2, last para: s/The the/The/

Good catch.  Thanks for the careful read.  Corrected.

> s2 and subsections:  The terminology and symbology used (e.g, || for
> concatenation) are (I believe) those defined in RFC 8554. This should be
> mentioned.

At the first use, I added:

   where, the notation comes from [HASHSIG].

> s2.2, para 1:  'This specification supports only SHA-256':  I think this is a
> cut-and-paste from RFC 8554.   Suggest: s/This specification supports/[RFC8554]
> initially only supports/ and add at the end 'This specification would
> automatically support any such additional hash functions.'

I suggest:

   The [HASHSIG] specification supports only SHA-256,
   with m=32.  An IANA registry is defined so that other hash functions
   could be used in the future.

> s4/s4.1: Rather than leaving an empty s4 and having a single subsection
> (generally frowned upon), the phraseology used at the start of s17 of RFC 8152
> would be an improvement.

Agreed.  That is an improvement.

> s4: The security considerations of RFCs 8152 and 8554 are also relevant to
> implementations of this specification.

Agreed.  I added a paragraph.

> s6: References to the relevant IANA registries for 'COSE Algrithms' and 'COSE
> Key Types' should be added.

Agreed.  I added a reference to the IANA Registry page.

Russ