Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC
Rene Struik <rstruik.ext@gmail.com> Thu, 01 May 2014 16:04 UTC
Return-Path: <rstruik.ext@gmail.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 30E231A6F8F for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 09:04:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.878
X-Spam-Level:
X-Spam-Status: No, score=-0.878 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, SPF_PASS=-0.001, URI_HEX=1.122] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dbQNbDkumRKc for <ietf@ietfa.amsl.com>; Thu, 1 May 2014 09:04:25 -0700 (PDT)
Received: from mail-ig0-x229.google.com (mail-ig0-x229.google.com [IPv6:2607:f8b0:4001:c05::229]) by ietfa.amsl.com (Postfix) with ESMTP id D03E31A6F6E for <ietf@ietf.org>; Thu, 1 May 2014 09:04:25 -0700 (PDT)
Received: by mail-ig0-f169.google.com with SMTP id h18so701749igc.2 for <ietf@ietf.org>; Thu, 01 May 2014 09:04:23 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=message-id:date:from:user-agent:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; bh=BhF1VDtqAz5DolENqSKY83gsBDDqNCiUgUk50laq6w4=; b=KA7jqWXWeqiU4Fsjvk/B5fkVyWJZ5vltK955xQ4KbOXWAJDImcLEyh+p7jgbMWPpco c2XiYBJ2GuwvuMznZAw6jd/p2ZVFniDA+l6ybtHZW8ST1/UfeBUkeVMHwUAZvXa80mQj 3w60jnx85nQUmgt1oj75OBGT24ZSdMsyoYEK4Rtt1/T7k7XV7y9lPqNqBsNtnxXstQ6q 0Fwt1rDGQ2Y410IBGB2Tu1zxMktpuYF68VoX4D3bV50aOwpQfTwuEf5hktc2SUCEKfrY mq4UQv+VcC/C8c5gDbIv8MUs4ETYEWdivjbYsD3D0ovwwewWg3MxU3zv96PA3s8RvuPh C4vA==
X-Received: by 10.50.141.198 with SMTP id rq6mr4016888igb.38.1398960263751; Thu, 01 May 2014 09:04:23 -0700 (PDT)
Received: from [192.168.1.103] (CPE0013100e2c51-CM001cea35caa6.cpe.net.cable.rogers.com. [99.231.3.110]) by mx.google.com with ESMTPSA id hi8sm9809526igb.8.2014.05.01.09.04.21 for <multiple recipients> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Thu, 01 May 2014 09:04:22 -0700 (PDT)
Message-ID: <53627083.9050305@gmail.com>
Date: Thu, 01 May 2014 12:04:19 -0400
From: Rene Struik <rstruik.ext@gmail.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.5.0
MIME-Version: 1.0
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, "ietf@ietf.org" <ietf@ietf.org>
Subject: Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using ED25519 in SSHFP Resource Records) to Informational RFC
References: <20140501145735.18958.1971.idtracker@ietfa.amsl.com> <53626216.6070903@cs.tcd.ie>
In-Reply-To: <53626216.6070903@cs.tcd.ie>
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/YdvN4gVhXkBPGkLrVserhG5fKQU
X-Mailman-Approved-At: Mon, 05 May 2014 08:13:46 -0700
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 May 2014 16:04:27 -0000
Dear colleagues: I had a brief look at the draft document draft-moonesamy-sshfp-ed25519-01. Please find my comments below: Section 1 & 2: The paper [Ed25519] defines a set of signature algorithms, but also specifies a concrete instantiation Ed25519-SHA512 (see Section 2 of the paper). It is not clear whether the draft wants to use Ed25519-SHA512 or that scheme with another hash function. A disadvantage of using Ed25519-SHA512 is that this may require implementation of both SHA-256 and SHA-512 (witness Section 2 of the internet draft). Would it make sense to use, e.g., SHA-512/256 for fingerprinting instead of SHA-256 (or get rid of SHA-512, at the expense of having to tweak Ed25519 somewhat). Tweaking Ed25519 could be done as follows: for ephemeral private keys one can simply use as hash function SHA-256 (since the curve has very close to a power of two number of elements biases are close to zero, so Bleichenbacher-style attacks do not apply); instead of using SHA-512(k) use SHA-256(k,0) || SHA-256(k,1). The use of hash functions for generation of ephemeral and static private keys does not influence interoperability; only the choice of hash function for the Schnorr-style signing equation does, since affecting the signature component s. Section 6.2: Please replace the informative reference [Ed25519] <http://ed25519.cr.yp.to/ed25519-20110926.pdf> by the permanent reference [Ed25519] D. Bernstein, T. Lange, P. Schwabe, B-Y. Yang, High-Speed High-Security Signatures, J. of Cryptographic Engineering, Vol. 2, September 26, 2011. Best regards, Rene On 5/1/2014 11:02 AM, Stephen Farrell wrote: > FYI, this was discussed briefly here and has been > discussed on the old secsh (ssh) WG mailing list. > > IETF LC has started. > > S > > > -------- Original Message -------- > Subject: Last Call: <draft-moonesamy-sshfp-ed25519-01.txt> (Using > ED25519 in SSHFP Resource Records) to Informational RFC > Date: Thu, 01 May 2014 07:57:35 -0700 > From: The IESG <iesg-secretary@ietf.org> > Reply-To: ietf@ietf.org > To: IETF-Announce <ietf-announce@ietf.org> > > > The IESG has received a request from an individual submitter to consider > the following document: > - 'Using ED25519 in SSHFP Resource Records' > <draft-moonesamy-sshfp-ed25519-01.txt> as Informational RFC > > The IESG plans to make a decision in the next few weeks, and solicits > final comments on this action. Please send substantive comments to the > ietf@ietf.org mailing lists by 2014-05-29. Exceptionally, comments may be > sent to iesg@ietf.org instead. In either case, please retain the > beginning of the Subject line to allow automated sorting. > > Abstract > > > The Ed25519 signature algorithm has been implemented in OpenSSH. > This document updates the IANA "SSHFP RR Types for public key > algorithms" registry by adding an algorithm number for Ed25519. > > > > The file can be obtained via > http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/ > > IESG discussion can be tracked via > http://datatracker.ietf.org/doc/draft-moonesamy-sshfp-ed25519/ballot/ > > > No IPR declarations have been submitted directly on this I-D. > > Note that there is no current standardised format for the input > to the hash function here, but there are two implementations > of this so a codepoint is needed and useful. A standard public > key format is likely to be developed in future (but could take > some time) at which point it may make sense to assign another > codepoint, but there are no issues with codepoint scarcity here > so that seems like it will work given the implemeners seem ok > with it, even if its not ideal. > > > > > > > _______________________________________________ > saag mailing list > saag@ietf.org > https://www.ietf.org/mailman/listinfo/saag -- email: rstruik.ext@gmail.com | Skype: rstruik cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moones… S Moonesamy
- Re: Fwd: Re: [saag] Fwd: Last Call: <draft-moones… S Moonesamy
- Re: [saag] Fwd: Last Call: <draft-moonesamy-sshfp… Rene Struik