Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC

Rene Struik <rstruik.ext@gmail.com> Thu, 01 May 2014 16:04 UTC

Return-Path: <rstruik.ext@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30E231A6F8F for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 09:04:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.878
X-Spam-Level:
X-Spam-Status: No, score=-0.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URI_HEX=1.122] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbQNbDkumRKc for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 09:04:25 -0700 (PDT)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) by ietfa.amsl.com (Postfix) with ESMTP id D03E31A6F6E for <ietf@ietf.org>; Thu, 1 May 2014 09:04:25 -0700 (PDT)
Received: by mail-ig0-f169.google.com with SMTP id h18so701749igc.2 for <ietf@ietf.org>; Thu, 01 May 2014 09:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=BhF1VDtqAz5DolENqSKY83gsBDDqNCiUgUk50laq6w4=; b=KA7jqWXWeqiU4Fsjvk/B5fkVyWJZ5vltK955xQ4KbOXWAJDImcLEyh+p7jgbMWPpco c2XiYBJ2GuwvuMznZAw6jd/p2ZVFniDA+l6ybtHZW8ST1/UfeBUkeVMHwUAZvXa80mQj 3w60jnx85nQUmgt1oj75OBGT24ZSdMsyoYEK4Rtt1/T7k7XV7y9lPqNqBsNtnxXstQ6q 0Fwt1rDGQ2Y410IBGB2Tu1zxMktpuYF68VoX4D3bV50aOwpQfTwuEf5hktc2SUCEKfrY mq4UQv+VcC/C8c5gDbIv8MUs4ETYEWdivjbYsD3D0ovwwewWg3MxU3zv96PA3s8RvuPh C4vA==
X-Received: by 10.50.141.198 with SMTP id rq6mr4016888igb.38.1398960263751; Thu, 01 May 2014 09:04:23 -0700 (PDT)
Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.3.110]) by mx.google.com with ESMTPSA id hi8sm9809526igb.8.2014.05.01.09.04.21 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 01 May 2014 09:04:22 -0700 (PDT)
Message-ID: <53627083.9050305@gmail.com>
Date: Thu, 01 May 2014 12:04:19 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC
References: <20140501145735.18958.1971.idtracker@ietfa.amsl.com> <53626216.6070903@cs.tcd.ie>
In-Reply-To: <53626216.6070903@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/YdvN4gVhXkBPGkLrVserhG5fKQU
X-Mailman-Approved-At: Mon, 05 May 2014 08:13:46 -0700
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 16:04:27 -0000

Dear colleagues:

I had a brief look at the draft document 
draft-moonesamy-sshfp-ed25519-01. Please find my comments below:

Section 1 & 2:
The paper [Ed25519] defines a set of signature algorithms, but also 
specifies a concrete instantiation Ed25519-SHA512 (see Section 2 of the 
paper). It is not clear whether the draft wants to use
Ed25519-SHA512 or that scheme with another hash function. A disadvantage 
of using Ed25519-SHA512 is that this may require implementation of both 
SHA-256 and SHA-512 (witness Section 2 of the internet draft). Would it 
make sense to use, e.g., SHA-512/256 for fingerprinting instead of 
SHA-256 (or get rid of SHA-512, at the expense of having to tweak 
Ed25519 somewhat). Tweaking Ed25519 could be done as follows: for 
ephemeral private keys one can simply use as hash function SHA-256 
(since the curve has very close to a power of two number of elements 
biases are close to zero, so Bleichenbacher-style attacks do not apply); 
instead of using SHA-512(k) use SHA-256(k,0) || SHA-256(k,1). The use of 
hash functions for generation of ephemeral and static private keys does 
not influence interoperability; only the choice of hash function for the 
Schnorr-style signing equation does, since affecting the signature 
component s.

Section 6.2:
Please replace the informative reference [Ed25519] 
<http://ed25519.cr.yp.to/ed25519-20110926.pdf> by the permanent reference
[Ed25519] D. Bernstein, T. Lange, P. Schwabe, B-Y. Yang, High-Speed 
High-Security Signatures, J. of Cryptographic Engineering, Vol. 2, 
September 26, 2011.

Best regards, Rene

On 5/1/2014 11:02 AM, Stephen Farrell wrote:
> FYI, this was discussed briefly here and has been
> discussed on the old secsh (ssh) WG mailing list.
>
> IETF LC has started.
>
> S
>
>
> -------- Original Message --------
> Subject: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using
> ED25519 in SSHFP Resource Records) to Informational RFC
> Date: Thu, 01 May 2014 07:57:35 -0700
> From: The IESG <iesg-secretary@ietf.org>
> Reply-To: ietf@ietf.org
> To: IETF-Announce <ietf-announce@ietf.org>
>
>
> The IESG has received a request from an individual submitter to consider
> the following document:
> - 'Using ED25519 in SSHFP Resource Records'
>    <draft-moonesamy-sshfp-ed25519-01.txt> as Informational RFC
>
> The IESG plans to make a decision in the next few weeks, and solicits
> final comments on this action. Please send substantive comments to the
> ietf@ietf.org mailing lists by 2014-05-29. Exceptionally, comments may be
> sent to iesg@ietf.org instead. In either case, please retain the
> beginning of the Subject line to allow automated sorting.
>
> Abstract
>
>
>     The Ed25519 signature algorithm has been implemented in OpenSSH.
>     This document updates the IANA "SSHFP RR Types for public key
>     algorithms" registry by adding an algorithm number for Ed25519.
>
>
>
> The file can be obtained via
> http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/
>
> IESG discussion can be tracked via
> http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/ballot/
>
>
> No IPR declarations have been submitted directly on this I-D.
>
> Note that there is no current standardised format for the input
> to the hash function here, but there are two implementations
> of this so a codepoint is needed and useful. A standard public
> key format is likely to be developed in future (but could take
> some time) at which point it may make sense to assign another
> codepoint, but there are no issues with codepoint scarcity here
> so that seems like it will work given the implemeners seem ok
> with it, even if its not ideal.
>
>
>
>
>
>
> _______________________________________________
> saag mailing list
> saag@ietf.org
> https://www.ietf.org/mailman/listinfo/saag


-- 
email: rstruik.ext@gmail.com | Skype: rstruik
cell: +1 (647) 867-5658 | US: +1 (415) 690-7363