Re: [Spasm] New Version Notification for draft-wconner-blake2sigs-00.txt
Russ Housley <housley@vigilsec.com> Sun, 30 April 2017 19:08 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 50CAC129B18 for <spasm@ietfa.amsl.com>; Sun, 30 Apr 2017 12:08:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HGxkckYXkD4j for <spasm@ietfa.amsl.com>; Sun, 30 Apr 2017 12:08:06 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C90FE12702E for <spasm@ietf.org>; Sun, 30 Apr 2017 12:05:51 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 2AA123004BD for <spasm@ietf.org>; Sun, 30 Apr 2017 15:05:51 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id rtKgWhFXgWJT for <spasm@ietf.org>; Sun, 30 Apr 2017 15:05:48 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id B74F8300209; Sun, 30 Apr 2017 15:05:48 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <8854FBBB-F70C-4D1C-A272-1CFF983E7EB9@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_81DA804B-E855-486B-A9AF-96779BFEDCC0"
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
Date: Sun, 30 Apr 2017 15:05:49 -0400
In-Reply-To: <CAFTQxQtMSzVNr8oae1U6Nbu_YjkYbTDxk6FJ2FkA4yH9vGnZ0g@mail.gmail.com>
Cc: SPASM <spasm@ietf.org>
To: William Conner <wconner@google.com>
References: <149218146333.15800.10260233763572420696.idtracker@ietfa.amsl.com> <CAFTQxQtMSzVNr8oae1U6Nbu_YjkYbTDxk6FJ2FkA4yH9vGnZ0g@mail.gmail.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HYFjdjfPhQ2k955PixMihV4-rCo>
Subject: Re: [Spasm] New Version Notification for draft-wconner-blake2sigs-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Apr 2017 19:08:09 -0000
As a matter of taste, I’d prefer to see the Object Identifiers assigned in the PKIX algorithm arc: https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.6 <https://www.iana.org/assignments/smi-numbers/smi-numbers.xhtml#smi-numbers-1.3.6.1.5.5.7.6> The Object Identifiers will be slightly smaller, but not enough to argue about. My preference is to have them assigned in an arc that is managed by IANA. I think more needs to be said about the parameters field. For example, RFC 4055 provides a syntax for parameters for RSASSA-PSS and RSAES-OAEP. I think that the intent here is that the object identifier implies a value for each of those parameters. The text needs to be expanded to give the details. Using RSAES-OAEP as an example, you need to say that the hashFunc is BLAKE2b-512, the maskGenFunc is MGF1 with BLAKE2b-512, and the pSourceFunc is pSpecifiedEmptyIdentifier (which in the nullOctetString). Security considerations are needed. At a minimum, you should point to the security considerations in RFC 5280 and https://blake2.net/blake2_20130129.pdf <https://blake2.net/blake2_20130129.pdf>. Russ > On Apr 28, 2017, at 12:40 PM, William Conner <wconner@google.com> wrote: > > I believe that this submission is relevant to this working group. Feedback welcome. > > Thanks, > William > > ---------- Forwarded message ---------- > From: <internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>> > Date: Fri, Apr 14, 2017 at 9:51 AM > Subject: New Version Notification for draft-wconner-blake2sigs-00.txt > To: Adam Langley <agl@google.com <mailto:agl@google.com>>, William Conner <wconner@google.com <mailto:wconner@google.com>>, Andrei Popov <Andrei.Popov@microsoft.com <mailto:Andrei.Popov@microsoft.com>>, Andrei Popov <andrei.popov@microsoft.com <mailto:andrei.popov@microsoft.com>>, Ryan Sleevi <sleevi@google.com <mailto:sleevi@google.com>> > > > > A new version of I-D, draft-wconner-blake2sigs-00.txt > has been successfully submitted by William Conner and posted to the > IETF repository. > > Name: draft-wconner-blake2sigs > Revision: 00 > Title: BLAKE2 Algorithms and Identifiers for use in the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile > Document date: 2017-04-14 > Group: Individual Submission > Pages: 6 > URL: https://www.ietf.org/internet-drafts/draft-wconner-blake2sigs-00.txt <https://www.ietf.org/internet-drafts/draft-wconner-blake2sigs-00.txt> > Status: https://datatracker.ietf.org/doc/draft-wconner-blake2sigs/ <https://datatracker.ietf.org/doc/draft-wconner-blake2sigs/> > Htmlized: https://tools.ietf.org/html/draft-wconner-blake2sigs-00 <https://tools.ietf.org/html/draft-wconner-blake2sigs-00> > Htmlized: https://datatracker.ietf.org/doc/html/draft-wconner-blake2sigs-00 <https://datatracker.ietf.org/doc/html/draft-wconner-blake2sigs-00> > > > Abstract: > This document describes the conventions for using the BLAKE2b-512 > hash function with each of the following signature algorithms: RSA > Public-Key Cryptography Standards #1 version 1.5 (RSA PKCS#1 v1.5), > RSA Probabilistic Signature Scheme (RSASSA-PSS), RSA Encryption > Scheme - Optimal Asymmetric Encryption Padding (RSAES-OAEP), Elliptic > Curve Digital Signature Algorithm (ECDSA), and Edwards-curve Digital > Signature Algorithm (EdDSA). This specification applies to the > Internet X.509 Public Key Infrastructure (PKI) when digital > signatures are used to sign certificates and certificate revocation > lists (CRLs). This document also specifies the object identifiers > (OIDs) for the combinations of the BLAKE2b-512 hash function with the > aforementioned signature algorithms. > > > > > Please note that it may take a couple of minutes from the time of submission > until the htmlized version and diff are available at tools.ietf.org <http://tools.ietf.org/>. > > The IETF Secretariat > > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- Re: [Spasm] Fwd: New Version Notification for dra… Jim Schaad
- [Spasm] Fwd: New Version Notification for draft-w… William Conner
- Re: [Spasm] New Version Notification for draft-wc… Russ Housley
- Re: [Spasm] New Version Notification for draft-wc… Russ Housley
- Re: [Spasm] New Version Notification for draft-wc… Jim Schaad
- Re: [Spasm] New Version Notification for draft-wc… Ryan Sleevi
- Re: [Spasm] New Version Notification for draft-wc… Brian Smith
- Re: [Spasm] New Version Notification for draft-wc… Brian Smith
- Re: [Spasm] New Version Notification for draft-wc… Jim Schaad
- Re: [Spasm] New Version Notification for draft-wc… Rob Stradling
- Re: [Spasm] New Version Notification for draft-wc… Salz, Rich
- Re: [lamps] [Spasm] New Version Notification for … William Conner