Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03

Ryan Sleevi <ryan-ietf@sleevi.com> Tue, 02 April 2019 06:22 UTC

Return-Path: <ryan.sleevi@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE2D120089 for <spasm@ietfa.amsl.com>; Mon, 1 Apr 2019 23:22:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Level:
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKabwLlP5G3E for <spasm@ietfa.amsl.com>; Mon, 1 Apr 2019 23:22:54 -0700 (PDT)
Received: from mail-it1-f176.google.com (mail-it1-f176.google.com [209.85.166.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A5712001E for <spasm@ietf.org>; Mon, 1 Apr 2019 23:22:54 -0700 (PDT)
Received: by mail-it1-f176.google.com with SMTP id y10so3319347itc.1 for <spasm@ietf.org>; Mon, 01 Apr 2019 23:22:54 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PzJiS6IGhupAtO9V++pgtz2wJC5eieJYVZlgMSTAfl0=; b=LnsoWouq5baCZ+dMQ1AKpCh75jthMMv9w56SF3DlWXJ3oE7BSR0pRjxmaKmhd9vxO3 Eu2UVPbwuk5x2JI1Pfut8DkcOsMr71yNSAYaCY12ib47c5LCjoSCFeyFCB18S0pXuBX4 oc1bvC7MVKg/ZrniubVJWWCWDD6lI2vxNKrUaAvtdO0GZYN8x669CMoNBe5JKF0snLKE d0FFuo4EAQst0Pz0t9zHMUeAu8RIP3V61+BPnFG9LVNBh0XVIOLSi/1wRk5vRbJ9Fu+g mduNI4nhBuesPlPG/Xl/a8S5eS8SkcH0EFQ0JtXm3aiSdXhumSx2oj+4NIEhrZgc5nSx g6lQ==
X-Gm-Message-State: APjAAAWzRjxH86ydse1ntQjcDrAT0Uhv2pYhXU2Drxsk8+T2r7RteBIU AznX3q6HX7Iql8cpwUFA4mV+KAyhEfc=
X-Google-Smtp-Source: APXvYqwP6BYKKgNxq+33mbyf7Rn0KW+Qpi1wZj/mtXooJO9CJQI11Od1Iz7X0W9rFUHKJNx74IZCvg==
X-Received: by 2002:a24:628b:: with SMTP id d133mr2858402itc.32.1554186173605; Mon, 01 Apr 2019 23:22:53 -0700 (PDT)
Received: from mail-io1-f47.google.com (mail-io1-f47.google.com. [209.85.166.47]) by smtp.gmail.com with ESMTPSA id k201sm3925058itb.10.2019.04.01.23.22.53 for <spasm@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Apr 2019 23:22:53 -0700 (PDT)
Received: by mail-io1-f47.google.com with SMTP id d201so9931406iof.7 for <spasm@ietf.org>; Mon, 01 Apr 2019 23:22:53 -0700 (PDT)
X-Received: by 2002:a5e:c204:: with SMTP id v4mr3073870iop.252.1554186173200; Mon, 01 Apr 2019 23:22:53 -0700 (PDT)
MIME-Version: 1.0
References: <BN6PR14MB1106140408FFB08553DEAE98835F0@BN6PR14MB1106.namprd14.prod.outlook.com> <D6AB5830-C69A-44CA-BD63-9B64F92C032E@vigilsec.com>
In-Reply-To: <D6AB5830-C69A-44CA-BD63-9B64F92C032E@vigilsec.com>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Tue, 2 Apr 2019 15:22:42 +0900
X-Gmail-Original-Message-ID: <CAErg=HGbR=xK4ib0THMH1MPMdz3vaW+atPychDhJX_P+qwXjCg@mail.gmail.com>
Message-ID: <CAErg=HGbR=xK4ib0THMH1MPMdz3vaW+atPychDhJX_P+qwXjCg@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: SPASM <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="000000000000c4c4740585862a30"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/RW26kMtmCvjnHtyqg1qmtc5jT3U>
Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 02 Apr 2019 06:22:57 -0000

Opposed.

It does not seem the concerns raised in the November thread - e.g.
https://mailarchive.ietf.org/arch/msg/spasm/4EP3bX2adJBCmTjBMYazAKQJFU0 -
have been addressed.

Much like we should be careful about introducing CBC or other non-AEAD
constructions in TLS, we should be very careful in introducing algorithms
with critical system failures in the presence of issues widespread in
existing PKIs. Moving from a stateful signature algorithm to a stateless
one seems the best way to achieve the goals stated in the draft, and
without such (significant) risks.

On Tue, Mar 26, 2019 at 9:56 PM Russ Housley <housley@vigilsec.com> wrote:

> We talked about the "Algorithm Identifiers for HSS and XMSS for Use in the
> Internet X.509 Public Key Infrastructure" <
> https://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> document
> today dat the face-to-face meeting session.  It was suggested that the
> document is read for WG adoption.  Please voice your support or concerns on
> the list.
>
> Russ
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>