Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC
S Moonesamy <sm+ietf@elandsys.com> Fri, 02 May 2014 17:54 UTC
Return-Path: <sm@elandsys.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 00C5F1A6F8E for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 10:54:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.529
X-Spam-Level:
X-Spam-Status: No, score=-1.529 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, URI_HEX=1.122] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id PtXTrrkkpj1B for <ietf@ietfa.amsl.com>; Fri, 2 May 2014 10:54:01 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 587151A6FA3 for <ietf@ietf.org>; Fri, 2 May 2014 10:54:00 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.226.233.56]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id s42HrTDZ008665 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 2 May 2014 10:53:39 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1399053221; bh=PCQ+7bQ7kA7p9Gv9fSGR644UzJnyc99GK3NnvBtPgg4=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=DcCKpDEwPuvsT1n9AcDBFSMl6wjUUDw2DREN6MbfwhiL+AcqRNDpurPJ9Aq4C+upd pobu3TgzIEgA7e+e5YCaU0n7mdUPN6tj7PLx1KL+NDCbXEpt43UYRHQX/YPRHB0aLM xus66wXzgiUt3+uSJxZXy6EK2Ron3EYbXGODF96U=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1399053221; i=@elandsys.com; bh=PCQ+7bQ7kA7p9Gv9fSGR644UzJnyc99GK3NnvBtPgg4=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=ogL7RbJqIBtqR8p1y6A3VDQHRG3Mbeckir6/5U+jIIvRJ+lxcvsq+J67YQuNvfzoU OTCsNGj0oCY6obOkYMt9CfvPSj2IPctnARa2XlaazV88PgIFNHz9b/RvcyTlqa4rtZ P8x+o1BONnv5jNrJ2hrrSO1HSUACtboGQq578fl8=
Message-Id: <6.2.5.6.2.20140501112248.0c2a1770@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Fri, 02 May 2014 10:44:15 -0700
To: Rene Struik <rstruik.ext@gmail.com>
From: S Moonesamy <sm+ietf@elandsys.com>
Subject: Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC
In-Reply-To: <536270BB.7010103@gmail.com>
References: <53627083.9050305@gmail.com> <536270BB.7010103@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/Bq-Ked-_kNyUQXDzjGoOvQ74yuY
Cc: ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 02 May 2014 17:54:02 -0000
Hi Rene, At 09:05 01-05-2014, Rene Struik wrote: >I had a brief look at the draft document >draft-moonesamy-sshfp-ed25519-01. Please find my comments below: Thanks for the review. I'll acknowledge you in the draft. >Section 1 & 2: >The paper [Ed25519] defines a set of signature algorithms, but also >specifies a concrete instantiation Ed25519-SHA512 (see Section 2 of the >paper). It is not clear whether the draft wants to use >Ed25519-SHA512 or that scheme with another hash function. A disadvantage I'll suggest the following text change to Section 1 to clarify what has been implemented: The Ed25519 [Ed25519] signature algorithm, specifically Ed25519-SHA-512, has been implemented in OpenSSH. >of using Ed25519-SHA512 is that this may require implementation of both >SHA-256 and SHA-512 (witness Section 2 of the internet draft). Would it Yes. >make sense to use, e.g., SHA-512/256 for fingerprinting instead of >SHA-256 (or get rid of SHA-512, at the expense of having to tweak >Ed25519 somewhat). Tweaking Ed25519 could be done as follows: for Section 2 mentions a SHA-256 fingerprint as an example as the current implementation uses existing code for that. The draft does not specify the fingerprint type to be used. It may make sense to use SHA-512. However, that would have to be done in a Standards Track RFC to cover the public key algorithms which have already been registered. There are also some other changes which have been suggested during the discussions about this draft. >ephemeral private keys one can simply use as hash function SHA-256 >(since the curve has very close to a power of two number of elements >biases are close to zero, so Bleichenbacher-style attacks do not apply); >instead of using SHA-512(k) use SHA-256(k,0) || SHA-256(k,1). The use of >hash functions for generation of ephemeral and static private keys does >not influence interoperability; only the choice of hash function for the >Schnorr-style signing equation does, since affecting the signature >component s. I'll discuss the above with the people who wrote the code. >Section 6.2: >Please replace the informative reference [Ed25519] ><http://ed25519.cr.yp.to/ed25519-20110926.pdf> by the permanent reference >[Ed25519] D. Bernstein, T. Lange, P. Schwabe, B-Y. Yang, High-Speed >High-Security Signatures, J. of Cryptographic Engineering, Vol. 2, >September 26, 2011. There was a short discussion about the reference on the ietf-ssh mailing list. I'll switch to the above with some minor edits. Regards, S. Moonesamy
- Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moones… S Moonesamy
- Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moones… S Moonesamy
- Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp… Rene Struik