Re: [lamps] New Version Notification for draft-ietf-lamps-pkix-shake-04.txt
Russ Housley <housley@vigilsec.com> Mon, 26 November 2018 17:44 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A726F126CC7 for <spasm@ietfa.amsl.com>; Mon, 26 Nov 2018 09:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u07u2GcXdKo7 for <spasm@ietfa.amsl.com>; Mon, 26 Nov 2018 09:44:13 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A10124D68 for <spasm@ietf.org>; Mon, 26 Nov 2018 09:44:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4E21B300AAF for <spasm@ietf.org>; Mon, 26 Nov 2018 12:44:10 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id h7vuIbmUJJIf for <spasm@ietf.org>; Mon, 26 Nov 2018 12:44:08 -0500 (EST)
Received: from [192.168.1.161] (pool-71-178-45-35.washdc.fios.verizon.net [71.178.45.35]) by mail.smeinc.net (Postfix) with ESMTPSA id 60CD7300258; Mon, 26 Nov 2018 12:44:08 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <273e44fc0d3840978a4dad7827d76f7b@XCH-ALN-010.cisco.com>
Date: Mon, 26 Nov 2018 12:44:09 -0500
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8FB5D8CF-9F6B-4119-9B27-D9E83EB18393@vigilsec.com>
References: <154320772946.24401.15655998843236777567.idtracker@ietfa.amsl.com> <273e44fc0d3840978a4dad7827d76f7b@XCH-ALN-010.cisco.com>
To: Panos Kampanakis <pkampana@cisco.com>, Quynh Dang <quynh.dang@nist.gov>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/WJxqDTXrd1JZBVMvqMZh3vXCrgw>
Subject: Re: [lamps] New Version Notification for draft-ietf-lamps-pkix-shake-04.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 17:44:16 -0000
I have two comments and one suggestion.
1) Section 5.1.1: The third paragraph is describing a replacement for MGF1 defined in Section B.2.1 of RFC 8017. You are avoiding the use of RSASSA-PSS-params; it would be good to be explicit about that.
RFC 4055 specifies this structure:
RSASSA-PSS-params ::= SEQUENCE {
hashAlgorithm [0] HashAlgorithm DEFAULT
sha1Identifier,
maskGenAlgorithm [1] MaskGenAlgorithm DEFAULT
mgf1SHA1Identifier,
saltLength [2] INTEGER DEFAULT 20,
trailerField [3] INTEGER DEFAULT 1 }
This section is telling the implementer how to handle each of these parameters since they are now all bundled into the top-level OID.
2) I do not think that most of section 5.2 is needed.
I think you can simply point to RFC 4055 for RSASSA-PSS public keys, but keep this paragraph:
Additionally, when the RSA private key owner wishes to limit the use
of the public key exclusively to RSASSA-PSS, the AlgorithmIdentifiers
for RSASSA-PSS defined in Section 4 can be used as the algorithm
field in the SubjectPublicKeyInfo sequence [RFC5280]. The identifier
parameters, as explained in section Section 4, MUST be absent.
That said, I think the OIDs in Section 4 are used when the RSA private key owner wishes to limit the use to RSASSA-PSS with SHAKE.
I think you can simply point to RFC 5480 for ECDSA public keys. I do not see any additional information that is specific to the use of SHAKE here.
3) I suggest that "joint-iso-ccitt" be replaced by "joint-iso-itu-t" throughout the document. Right now, it is using both of these names.
Russ
P.S. I have not tried to compile the ASN.1.
> From: internet-drafts@ietf.org <internet-drafts@ietf.org>
> Sent: Sunday, November 25, 2018 11:49 PM
> To: Quynh Dang <quynh.dang@nist.gov>; Panos Kampanakis (pkampana) <pkampana@cisco.com>
> Subject: New Version Notification for draft-ietf-lamps-pkix-shake-04.txt
>
>
> A new version of I-D, draft-ietf-lamps-pkix-shake-04.txt
> has been successfully submitted by Panos Kampanakis and posted to the IETF repository.
>
> Name: draft-ietf-lamps-pkix-shake
> Revision: 04
> Title: Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs
> Document date: 2018-11-25
> Group: lamps
> Pages: 15
> URL: https://www.ietf.org/internet-drafts/draft-ietf-lamps-pkix-shake-04.txt
> Status: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/
> Htmlized: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-04
> Htmlized: https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake
> Diff: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-04
>
> Abstract:
> Digital signatures are used to sign messages, X.509 certificates and
> CRLs (Certificate Revocation Lists). This document describes the
> conventions for using the SHAKE function family in Internet X.509
> certificates and CRLs as one-way hash functions with the RSA
> Probabilistic signature and ECDSA signature algorithms. The
> conventions for the associated subject public keys are also
> described.
>
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
>
> The IETF Secretariat
>
- Re: [lamps] New Version Notification for draft-ie… Russ Housley