[lamps] Re: Composite Signatures and KEM open issues that need feedback
Carl Wallace <carl@redhoundsoftware.com> Sat, 17 August 2024 11:30 UTC
Return-Path: <carl@redhoundsoftware.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5D9CC14F6FC for <spasm@ietfa.amsl.com>; Sat, 17 Aug 2024 04:30:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=redhoundsoftware.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BGpEwvqtrm_D for <spasm@ietfa.amsl.com>; Sat, 17 Aug 2024 04:30:19 -0700 (PDT)
Received: from mail-yb1-xb2e.google.com (mail-yb1-xb2e.google.com [IPv6:2607:f8b0:4864:20::b2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 135CAC14F6AA for <spasm@ietf.org>; Sat, 17 Aug 2024 04:30:18 -0700 (PDT)
Received: by mail-yb1-xb2e.google.com with SMTP id 3f1490d57ef6-e116b591e15so2957649276.3 for <spasm@ietf.org>; Sat, 17 Aug 2024 04:30:18 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhoundsoftware.com; s=google; t=1723894217; x=1724499017; darn=ietf.org; h=mime-version:thread-topic:message-id:to:from:subject:date :user-agent:from:to:cc:subject:date:message-id:reply-to; bh=5jmogy4zTICUpljMa3tjVSZ92W+px47VK0tSEhWu3Yc=; b=f1HSRjeRMoJtrqyQpzDLe0FT+XUuOqZppwGScCiWm1hhR4/uRAPIEfe1p/ngG/ZvSo tOPM5NpF7G489njJoRlj9R1wNSQ0p0UHTPx+fjS/DRnXaYw/BXGNszSppM45gI0kTjfF uY6xL5+qXq2juDWDMfpo0G4ukAMhZnnlKNmwM=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1723894217; x=1724499017; h=mime-version:thread-topic:message-id:to:from:subject:date :user-agent:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=5jmogy4zTICUpljMa3tjVSZ92W+px47VK0tSEhWu3Yc=; b=VeemVsAWuHdjVaCDzKUTUAO8eGUTSoMlI3C+cWuaFOBjR7/SZo5XgXddPN6jSr6PTY 3kNizUFqPh7nwyJlWtuhSEdJgL3N9fMDiCU3oHIb5SBLmSYBrXnMykRGyElI4D7I5/Zw 4kr+KPDcdIqIRISmq4h+97O1f4Heqt8wsWKjGt/NODH+C1fHCn/+nf721y9xXZI3z9ge WE3UKUjK1CA7rpQ7W4py2Oem7OpIu/fS89HfRfWXimwLj7gNIxGXlocjeKCq71dLauah r7aZLCGRKT+NKgzk2G8NwKhY4ZrVnz/Tt6MsMaJ9z/+iTp+5VMq39X+paAOPoNWtqd86 PwTA==
X-Forwarded-Encrypted: i=1; AJvYcCX7lDWESKX3/Ad31Vpl+5RavYaGOKRU6pXW4r1tMxyS+bDNyEgvJV9R8WzSrl454AtW+h9U7yf348oMTedtMw==
X-Gm-Message-State: AOJu0Yy+GuodLC+9rihx/RMvfTHvR3jnHxI4KrGyiS+6zBYGWPxe4+l2 ATk0KfCJp6GsVLkNm8MC6rTuA9I0GCSlHnBS0Sv0OqXwrmuh/Z3nQr6avHk0LPg=
X-Google-Smtp-Source: AGHT+IFKfS/VTSeO6iEoD1XbuflT2TqTmj43T3MouzodZWxP934fXNdbt39Vtf1/GX7xLTsVXsMjUA==
X-Received: by 2002:a05:690c:438a:b0:615:1a0:78ea with SMTP id 00721157ae682-6b1bdd0f026mr54346477b3.34.1723894217322; Sat, 17 Aug 2024 04:30:17 -0700 (PDT)
Received: from [10.110.0.110] (syn-098-101-204-034.biz.spectrum.com. [98.101.204.34]) by smtp.gmail.com with ESMTPSA id 00721157ae682-6af99507597sm9456137b3.22.2024.08.17.04.30.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sat, 17 Aug 2024 04:30:16 -0700 (PDT)
User-Agent: Microsoft-MacOutlook/16.88.24081116
Date: Sat, 17 Aug 2024 07:30:15 -0400
From: Carl Wallace <carl@redhoundsoftware.com>
To: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>, John Gray <John.Gray=40entrust.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
Message-ID: <3495440B-FB71-4477-B201-F06EE7217DCF@redhoundsoftware.com>
Thread-Topic: [lamps] Re: Composite Signatures and KEM open issues that need feedback
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3806724616_1037453012"
Message-ID-Hash: NUMCXCG2W3KYRC7HLX2ZBLPPON7HSU4H
X-Message-ID-Hash: NUMCXCG2W3KYRC7HLX2ZBLPPON7HSU4H
X-MailFrom: carl@redhoundsoftware.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [lamps] Re: Composite Signatures and KEM open issues that need feedback
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KJ5T2SjHxpDxTA0wtKMWQNqn4Qk>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
Inline… From: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org> Date: Friday, August 16, 2024 at 1:20 PM To: John Gray <John.Gray=40entrust.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org> Subject: [lamps] Re: Composite Signatures and KEM open issues that need feedback DigiCert's CA engineering team has some comments on the open issues related to the composite-sigs draft. We're going to put them in one email just because we have comments on quite a few of them. ISSUE #1 (Github issue: https://github.com/lamps-wg/draft-composite-sigs/issues/9) ASN.1 wrapping confuses people. This came up in the hash-based signatures updates last call. Nobody knows what ASN.1 is, or what the consequences of omiting it are (to be clear, there are really none). We agree that this is largely a question of people being unfamiliar with ASN.1, and that explanatory text is sufficient. All that is needed is a clear explanation of example what the BIT STRING is, and explaining that it's simply the bits of the key itself seems pretty straightforward. [CW] Just to highlight one point relative to issue 1. Re: ENCODED BY vs explanatory text, I agree explanatory text is fine if there is not attempt to use CONTAINING. The id-raw-key suggestion was a replacement for use of CONTAINING. Simply providing explanatory text for the non-ASN.1 encoded key seems fine to me, provided the more complicated embedded SEQUENCE is dropped (as it should be for several reasons that were previously enumerated). Unfortunately, the current ASN.1 definitions in the editor’s copy still lean on an embedded SEQUENCE that attempts to use CONTAINING for non-ASN.1 encoded data, so explanatory text alone doesn’t quite make it without other changes to the definitions. <snip>
- [lamps] Re: Composite Signatures and KEM open iss… Mike Ounsworth
- [lamps] Composite Signatures and KEM open issues … John Gray
- [lamps] Re: Composite Signatures and KEM open iss… Tim Hollebeek
- [lamps] Re: Composite Signatures and KEM open iss… Carl Wallace
- [lamps] Responding to ISSUE #2 with additional qu… Kaliski, Burt
- [lamps] Re: Responding to ISSUE #2 with additiona… Mike Ounsworth