Re: [openpgp] Disadvantages of Salted Signatures
Stephen Farrell <stephen.farrell@cs.tcd.ie> Sun, 10 December 2023 13:58 UTC
Return-Path: <stephen.farrell@cs.tcd.ie>
X-Original-To: openpgp@ietfa.amsl.com
Delivered-To: openpgp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 26B5EC40399D for <openpgp@ietfa.amsl.com>; Sun, 10 Dec 2023 05:58:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.008
X-Spam-Level:
X-Spam-Status: No, score=-2.008 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=cs.tcd.ie
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CWLsNvf_sdE3 for <openpgp@ietfa.amsl.com>; Sun, 10 Dec 2023 05:58:46 -0800 (PST)
Received: from EUR04-VI1-obe.outbound.protection.outlook.com (mail-vi1eur04on2115.outbound.protection.outlook.com [40.107.8.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A04D1C239618 for <openpgp@ietf.org>; Sun, 10 Dec 2023 05:58:45 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=CN0Kb4NA1LNyrXg+5qXefM/hi3V4Z12bE8kf5DmugGhyiVXV0+awJRxBpA8YloK5+j/+T6SvSGBnHjlm6OPA6/LTRe6Xb2emZHBcWuTfyDmOy0vr+KafNLI+r66mWB3MJpo8BEy/WySOwm8w29AhmxK7kqH9XiTjMOMmC/MGrepKsZQggE5zUQzklTzuQYeEEIBgDfpoCMqkvKeWjDXSLQthvwixJ5yc1PiFtnBS3Url7o0ZQE8Cq2VNehqiLs4KufXTJd4TtUBjAzx2HSswz0W2yTAOqZJtHAOagaE8uq2clAHBEzoxr/XrK1RB42btCOI89NEYLqj6P+y8D78orA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9JR1IX9V6x9R5wjXEXQbzvFZLTdByFusZVqKU3GIOAI=; b=dTov8qXqw4rgza93x61cpnn/1wYWYF7FplCT/yjFhBmhq5Wg0rsuPYZHrfTfmhu8w9bM0vmdctfD7BVBU86m65UxkscrpKf95PrTdr47JPPCWXOFY+/3Fw+nTKRBYP5rDjYDognVsm3yApxaR+kfFe0OvE3nWq7xwFCikG+qnx5A/LTdD8eRd2dhdqS6Xo2h7UheKnMOA6ksgQYQ8WipdU3eRBWmd/My1G6kZbV2sHewKyc/Ny6d9hAs1Rx3lO8VeetVSPXdRD1lCDemrumoecUUXufBqEfAGWulR9iQ2UsGmNkyelt6KTjC8x+tGTW9qEElEaRChAN7Yhk3ybVL5g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cs.tcd.ie; dmarc=pass action=none header.from=cs.tcd.ie; dkim=pass header.d=cs.tcd.ie; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cs.tcd.ie; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=9JR1IX9V6x9R5wjXEXQbzvFZLTdByFusZVqKU3GIOAI=; b=CjFTFDiZgOCjxE7B6GO/WK0IJ86ft8HCMWllujLGck7Q/cbYQcuxB7gkRJ4AVAXhBpkSvsp9ks7KAfihuTeBncK4EmuP7wBJuoKphKKvbEUhiNUl5PFq/55vXKCI5VzpuK7xtmheeMBbr6Z1NF3ht1015VFe+y8Jfc2CsNLJSrrhhYIHdCEQZD1mzrZQCHMUsFiW0f5kL0NcR4nnw5OqorTTyXxzd9fIBdUyKZxGNGcPtUg90L3H1PVY0WtfXi6hyGLFWxAbBdP0m9A1SQRPP++T61bW3yM6lh48m4XZZlBZG0im/eqaeagFVzPWdpbXDnFj3dfM/HnqEOjJ0epDNQ==
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cs.tcd.ie;
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15) by PA6PR02MB10740.eurprd02.prod.outlook.com (2603:10a6:102:3c7::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7068.30; Sun, 10 Dec 2023 13:58:42 +0000
Received: from DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::d7cb:f7b5:ad53:c139]) by DB7PR02MB5113.eurprd02.prod.outlook.com ([fe80::d7cb:f7b5:ad53:c139%5]) with mapi id 15.20.7068.031; Sun, 10 Dec 2023 13:58:42 +0000
Message-ID: <df7f0b41-f998-4f0e-b07e-67231031e54b@cs.tcd.ie>
Date: Sun, 10 Dec 2023 13:58:38 +0000
User-Agent: Mozilla Thunderbird
Content-Language: en-US
To: Stephan Verbücheln <verbuecheln@posteo.de>, openpgp@ietf.org
References: <077dd27cef0c7d3968967fc4c3a880081b8bd9dd.camel@posteo.de> <8b5f251f-ae52-4937-9500-ddedb9fbef73@cs.tcd.ie> <709995498037ba59fb1a14d75ffa819702566d83.camel@posteo.de>
From: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Autocrypt: addr=stephen.farrell@cs.tcd.ie; keydata= xjMEY9GzphYJKwYBBAHaRw8BAQdAo6JvjmSbxHdQWPZdvciQYsHhM1NxQBU398Mmimoy4p7N M1N0ZXBoZW4gRmFycmVsbCAoMjU1MTkpIDxzdGVwaGVuLmZhcnJlbGxAY3MudGNkLmllPsKQ BBMWCAA4FiEEMG54R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwMFCwkIBwIGFQoJCAsCBBYC AwECHgECF4AACgkQ5Njp+ZeoM93bogEA25ElRyX0wwg+kGEN1AoL60MoZfvQZ/VtmXY6IC5j +csBAIBpkL5ySuzJK2zLNZn9qQGht8IaUcA7cvDcLvS2uHUEzjgEY9GzphIKKwYBBAGXVQEF AQEHQILCPWOwW36e8D3pY8GmvvtItIT+A5uV80ist+WokVsQAwEIB8J4BBgWCAAgFiEEMG54 R8tZDyZFrDOn5Njp+ZeoM90FAmPRs6YCGwwACgkQ5Njp+ZeoM92bcAEA8R+8cpqRUIS+SoAN iO05xE6O/wEx8/e88BqzAYki3SoBAOQdwiPX+MQrAxkWD8xxOsdMOAtxYKpkD1n8aPJUw6QJ
In-Reply-To: <709995498037ba59fb1a14d75ffa819702566d83.camel@posteo.de>
Content-Type: multipart/signed; micalg="pgp-sha256"; protocol="application/pgp-signature"; boundary="------------aoRAXt2J13ll1Y0o90Hfb7Pz"
X-ClientProxiedBy: DU2PR04CA0051.eurprd04.prod.outlook.com (2603:10a6:10:234::26) To DB7PR02MB5113.eurprd02.prod.outlook.com (2603:10a6:10:77::15)
MIME-Version: 1.0
X-MS-Exchange-MessageSentRepresentingType: 1
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR02MB5113:EE_|PA6PR02MB10740:EE_
X-MS-Office365-Filtering-Correlation-Id: cda5f127-69ab-43c6-6384-08dbf9881da6
X-MS-Exchange-SharedMailbox-RoutingAgent-Processed: True
X-TCD-Routed-via-EOP: Routed via EOP
X-TCD-ROUTED: Passed-Transport-Routing-Rules
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: fiUzS7kZbQ4l4FeVQhFYmJnwgJk1q1XPGqCzaXvCoQjUbiqMlTq5WvgkYmK+XO/j3YcrPemW3cMJW0bYz6h5FOLJGhmPleIAiGiP0Mi+n8ZRUHAprGTsl/FNEWgRegzp3ZMshCdbg6cQnTykZAQozJarwvJmtWjc73/OUUoytjZFrTjuK8cqZBGeJvWmcZ5QQHEsvd4+RDrwuBcATtWJN09I3q3wy5Pfmf7Kt1n8BBJtZWxScWtXIOlGiks8TIYqsbpLgGBkJvsDscsRD9AsajvM7rHnsUjNgRL9AOPOhfiRBdg/7Yf1rL/zzxlGe09uQsOorhDl5Qj87G6bzzwhTY7CfQeBQ6ZIoz1KAhgtk3D/y5lvgGA+CmHI99MhV/LexWafGVaKX7wbjg3Z23jAPllHsOUsKl5hSBgElkTf5CbnIYsXYGoYDXcILX1mPp08qfbanZ/QjrnigMvc0t3qEj96SPTniGHutdRxaY6xmD4UmhTqy/LrxNFLRZirqbEJI/q9kNV/gJNj/ImLUyHIGMimpwM96AFJZz7ckqI/zW01ODPBGSMlTpgFHc6/r1a1E6pm46UbfcYtrMgukuu2FDNbkkZnykVQym3pj0V6BLsJtPB0kHXlWotHmLyoNZoI3pojPi0HxyDnqFUc2Ts+Bg==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DB7PR02MB5113.eurprd02.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(346002)(366004)(396003)(376002)(39860400002)(230922051799003)(64100799003)(451199024)(1800799012)(186009)(31686004)(41300700001)(235185007)(38100700002)(2906002)(5660300002)(44832011)(316002)(786003)(8676002)(8936002)(66946007)(66476007)(66556008)(2616005)(86362001)(36756003)(31696002)(66574015)(21480400003)(83380400001)(6486002)(478600001)(6666004)(6512007)(33964004)(6506007)(53546011)(45980500001)(43740500002); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: tl0VSKEDZmH85SGHCxyKm1lVRs8iNbkkSjxixCi50qjwZZ1uB/oDlZyUdA70k68iH4oIK790qwKLw73eQxCnSSPMoXHKHGF5iafWsQMp10XEUzZPHA3TLj0Qj2ljDFYRB52PnDCYCW94qA6r2/m4n9WplIpg+sTJfK+aA55Wdi0CzVZlaozjBh7yxXNWAkh4nbg9k82AZdi2ftfOKOzJ0nu56vNhH7AGxd48sLMxnNv3+XeJWHqypTyBoNrVxlz4cgvM55v5ZoYGrXlnMXy+O327575x2ATPBFVTACPynrk5TpuWulubxa1gAiZQxTRER8g26E8aK0iivAxtPf+yTIAo7DbjkTLjAO5xcRQUsJq4QxsnUGdlRDvRTfacJZs4q+F0M4F/iWvsxUjivlJPAYfP1PQ2Kfa6AgAsKcs+1WfJlzNz28eltu6d+y/UQOOKDgnAx71KYGIM/v4dFMvpMXipeaiYpoca03VxJ4rO3xiYjLyXzqZc5iV00kM7/CVuZVK6fdNP+//kf4c7TCdHsKThu8xAdHrRDd0PhRrRv2dVT6w4aCVlM+Se/H/k+eXl5IlHmGvn7jjiYFmmErRLQhJ5C/ZJVijjszZBeUphEkZwjpTGRAnSI/i2GoDcMhtQcmob8lDKgo183yE/2FncDGljOIRiHWZSzgr6uC1cRmZKdYuosY3BAcPiGET6D2R/EywdPlbhTmDTTTDWpKlhcxouUxZw+S7FV0KCMUnS3lkK+LOMgtZzyrjwY5unXYw/9Rl4dKi0VThNCWkfS6vHc93HLGDkesly51BQhXW7Pxg74Wyw8OdODdaa/WHcllP2NP6/IT2Ea/Zsghb01eujNdW4cRIE2VtJO3Gzi8J7vab6GFLzNwzm4fHvboT7+GQH6xaS9EmDSrEyxTIifb7kptYygh+1kbYZHvQ1d1vfOeSiBzEK5RFT3DYF7aHUxnwiFBjFb4+7NQ8skPWHcAWUX2hDdp8If10Drvm/afGw0idS/uKiFNPMSeG7vw92YETlvsbCY0pcvW8D/Z/Oqg2/m/XXGGkTK4EChQrfzX3tTA8USF3nc+Vb6BeTgSMUovqRYSIFlxVjOXeCg3tQLGC0j1Ehk5fe5cYr9NA2sM77bjo/Rqk6PijVkxkIifmpi1XSXSVEEuddAFMCy5ZIZnCMHb669icnHHlerhXI4yJhkvn9+pIUTi6O9OFVPs9Kl0h2H5gKRFSWH0vgNMjrvuB795GhAI/8m+EGszKQXrpzGMlQQlGSaANjuvKfOBO6GhtJW7WViGV8QzImWDeW5CB4AGD/B4Dubi6Bl+HINL1epS0qVZVg8ox10osoeud5FMwBpO5cFnpOTev7CtQ8HDw0pbVNZ839EEFCp5dv/Ec5EVB6Xn8j2b5jTGptxN1qEIZeDEpK2P4R96UAo6ViA8SA79Mj6XksXL++OOWu+KsO4xYeIti+a4bwSH79/B3ddFLaRoyweGf/CQPHGi3BeO1hdiEXeG+qULzNCcsxJiGJ2BVYhs26BqtthSRJrECuTNNnobZAyIrtTKh5LveqsyjPIk+Qgf5j6F+59UZ2QWpFKSV0Zh72yQk0LEUe9Z8yNTiFwVXWpioTMnDqeLjZXfYGutevlNa+GbRnAONMytfaWbTLs4ZPvJiDaNZAp3rjanEQ
X-OriginatorOrg: cs.tcd.ie
X-MS-Exchange-CrossTenant-Network-Message-Id: cda5f127-69ab-43c6-6384-08dbf9881da6
X-MS-Exchange-CrossTenant-AuthSource: DB7PR02MB5113.eurprd02.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 10 Dec 2023 13:58:41.6771 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: d595be8d-b306-45f4-8064-9e5b82fbe52b
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: WWQNH+rhvI7vIQs5/2XhCT/ezpA4IRil37TvaYgYQw4t3r9duOrWEfX/wvt4JqeR
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA6PR02MB10740
Archived-At: <https://mailarchive.ietf.org/arch/msg/openpgp/_HkmNwYEzj85LGwp_OguEo-dauY>
Subject: Re: [openpgp] Disadvantages of Salted Signatures
X-BeenThere: openpgp@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "Ongoing discussion of OpenPGP issues." <openpgp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/openpgp>, <mailto:openpgp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/openpgp/>
List-Post: <mailto:openpgp@ietf.org>
List-Help: <mailto:openpgp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/openpgp>, <mailto:openpgp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 10 Dec 2023 13:58:51 -0000
Hiya, On 10/12/2023 13:46, Stephan Verbücheln wrote: > However, after reading various threads, it all came down back to the > fault attack. Well, s/attack/attacks/ as there're a bunch of different ones, but I'd basically agree. > What I am missing is a balanced discussion about the costs and > benefits of deterministic vs. salted signatures in the PGP use case. Right, that'd be interesting. For the lake WG I think it's an important aspect that, if edhoc sees wide deployment, many of the devices concerned would be "commercial" grade and servers. Applications using openpgp likely experience a different menu of risks, e.g. I'd imagine co-tenant side-channel attacks would be much more relevant here. All that said, in that discussion, we should bear in mind that the liklihood that we change or re-open crypto-refresh is small, and that should be the case, unless we find some show-stopper issue. FWIW, I don't think this is one such. Cheers, S.
- Re: [openpgp] Disadvantages of Salted Signatures Stephen Farrell
- Re: [openpgp] Disadvantages of Salted Signatures Andrew Gallagher
- Re: [openpgp] Disadvantages of Salted Signatures Stephen Farrell
- [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Neal H. Walfield
- Re: [openpgp] Disadvantages of Salted Signatures Simon Josefsson
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Andrew Gallagher
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Vincent Breitmoser
- Re: [openpgp] Disadvantages of Salted Signatures Neal H. Walfield
- Re: [openpgp] Disadvantages of Salted Signatures Aron Wussler
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Stephen Farrell
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Neal H. Walfield
- Re: [openpgp] Disadvantages of Salted Signatures Andrew Gallagher
- Re: [openpgp] Disadvantages of Salted Signatures Nickolay Olshevsky
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Justus Winter
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures holger krekel
- Re: [openpgp] Disadvantages of Salted Signatures Daniel Huigens
- Re: [openpgp] Disadvantages of Salted Signatures Stephan Verbücheln
- Re: [openpgp] Disadvantages of Salted Signatures Andrew Gallagher
- Re: [openpgp] Disadvantages of Salted Signatures Neal H. Walfield
- Re: [openpgp] Disadvantages of Salted Signatures Nickolay Olshevsky
- Re: [openpgp] Disadvantages of Salted Signatures Paul Schaub
- Re: [openpgp] Disadvantages of Salted Signatures Nickolay Olshevsky
- Re: [openpgp] Disadvantages of Salted Signatures Werner Koch
- [openpgp] Signing of literal data packet [was: Re… Heiko Schäfer
- Re: [openpgp] Signing of literal data packet [was… Werner Koch
- Re: [openpgp] Signing of literal data packet [was… Andrew Gallagher
- Re: [openpgp] Signing of literal data packet [was… Andrew Gallagher
- Re: [openpgp] Signing of literal data packet [was… Daniel Kahn Gillmor
- Re: [openpgp] Signing of literal data packet [was… Andrew Gallagher