IETF Logo Mail Archive

Re: [openpgp] Disadvantages of Salted Signatures

Stephan Verbücheln <verbuecheln@posteo.de> Wed, 13 December 2023 06:09 UTC

Return-Path: <verbuecheln@posteo.de>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FA98C14F5EC for <openpgp@ietfa.amsl.com>; Tue, 12 Dec 2023 22:09:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.104
X-Spam-Level:
X-Spam-Status: No, score=-7.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=posteo.de
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HBZVCCb0YvJ0 for <openpgp@ietfa.amsl.com>; Tue, 12 Dec 2023 22:09:19 -0800 (PST)
Received: from mout01.posteo.de (mout01.posteo.de [185.67.36.65]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286A9C14F5E3 for <openpgp@ietf.org>; Tue, 12 Dec 2023 22:09:17 -0800 (PST)
Received: from submission (posteo.de [185.67.36.169]) by mout01.posteo.de (Postfix) with ESMTPS id 1D63E240027 for <openpgp@ietf.org>; Wed, 13 Dec 2023 07:09:15 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=posteo.de; s=2017; t=1702447755; bh=u93yMlET4raMFo0gmB7reosidXMu3Lv0E+hEwN7Xi/0=; h=Message-ID:Subject:From:To:Date:MIME-Version:From; b=KOjQ1+Z5d4VacA4MrpZWXJ9+X7fXZZb1k3bVxNevuO833eATTxUIN+iCuf2XdYFd5 uphhayGaBz5MC1Svc2d7Igynso9k4JoAZ9O/PQxBTVvdT8P+yZPZ06sGQhx/iPcIRw A9IwugyZI9VfG3nRaaTNUBmoRSQPKQbDWOazcMGBQ2oOhKth2ZgbhbP7Yd0sxA3IxT /X8zXjW/F04Gmt61BOQCmq0UFQAPF5Ez8o7ghrwPZ/P2Q7hJDdXVO9uf4HHL+Wn9BN Y4U8I3f0z8Em3j1zzEdxi3klclCCcJLKI94VrSbqh61beWvTT2G5UhVSUvXxbyPZ2U M2FA0EzqVI82A==
Received: from customer (localhost [127.0.0.1]) by submission (posteo.de) with ESMTPSA id 4SqlRt3g2Fz6twL for <openpgp@ietf.org>; Wed, 13 Dec 2023 07:09:14 +0100 (CET)
Message-ID: <29e0fcfa58cfb4a264cf70ab746edba2d892d03b.camel@posteo.de>
From: Stephan Verbücheln <verbuecheln@posteo.de>
To: openpgp@ietf.org
Date: Wed, 13 Dec 2023 06:09:13 +0000
In-Reply-To: <1DuYV1yfQGi8kMdlyPV9Vh6I5lLi_hggtUbg7dIR3y2sx1QvnsEd8WYUaUQHUbiEVH6BQh3Ice1jfJwRK2SMtuWpecoadcpDp4K3x01dxiU=@protonmail.com>
References: <077dd27cef0c7d3968967fc4c3a880081b8bd9dd.camel@posteo.de> <8b5f251f-ae52-4937-9500-ddedb9fbef73@cs.tcd.ie> <709995498037ba59fb1a14d75ffa819702566d83.camel@posteo.de> <df7f0b41-f998-4f0e-b07e-67231031e54b@cs.tcd.ie> <a38abd9349683c1c0762daa8b203bc8578fc4853.camel@posteo.de> <1DuYV1yfQGi8kMdlyPV9Vh6I5lLi_hggtUbg7dIR3y2sx1QvnsEd8WYUaUQHUbiEVH6BQh3Ice1jfJwRK2SMtuWpecoadcpDp4K3x01dxiU=@protonmail.com>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="=-R01u/kbQ2SlTwdvjJ7lt"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/IOIvJWc8Ytw25_gmpVrfuxYggXI>
Subject: Re: [openpgp] Disadvantages of Salted Signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Dec 2023 06:09:23 -0000

Hi Daniel

For GCM and Argon2, I agree about the benefits. They are state of the
art building blocks for modern cryptography. There the only problem I
can see is potentially unnecessary complexity of the standard.

Salted Signatures are different in my view. They have cryptographical
disadvantages which should be seriously discussed. With that, I am not
claiming that there are no advantages, but pros and cons should be
properly gathered and compared. It would also be nice to have more
formal research on Salted Signatures.

Regards
Stephan

v2.31.3 | Report a Bug | By Email | System Status