Re: [lamps] New Version Notification for draft-ietf-lamps-pkix-shake-04.txt

Russ Housley <housley@vigilsec.com> Mon, 26 November 2018 17:44 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A726F126CC7 for <spasm@ietfa.amsl.com>; Mon, 26 Nov 2018 09:44:15 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id u07u2GcXdKo7 for <spasm@ietfa.amsl.com>; Mon, 26 Nov 2018 09:44:13 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D6A10124D68 for <spasm@ietf.org>; Mon, 26 Nov 2018 09:44:12 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 4E21B300AAF for <spasm@ietf.org>; Mon, 26 Nov 2018 12:44:10 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id h7vuIbmUJJIf for <spasm@ietf.org>; Mon, 26 Nov 2018 12:44:08 -0500 (EST)
Received: from [192.168.1.161] (pool-71-178-45-35.washdc.fios.verizon.net [71.178.45.35]) by mail.smeinc.net (Postfix) with ESMTPSA id 60CD7300258; Mon, 26 Nov 2018 12:44:08 -0500 (EST)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <273e44fc0d3840978a4dad7827d76f7b@XCH-ALN-010.cisco.com>
Date: Mon, 26 Nov 2018 12:44:09 -0500
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8FB5D8CF-9F6B-4119-9B27-D9E83EB18393@vigilsec.com>
References: <154320772946.24401.15655998843236777567.idtracker@ietfa.amsl.com> <273e44fc0d3840978a4dad7827d76f7b@XCH-ALN-010.cisco.com>
To: Panos Kampanakis <pkampana@cisco.com>, Quynh Dang <quynh.dang@nist.gov>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/WJxqDTXrd1JZBVMvqMZh3vXCrgw>
Subject: Re: [lamps] New Version Notification for draft-ietf-lamps-pkix-shake-04.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 26 Nov 2018 17:44:16 -0000

I have two comments and one suggestion.

1) Section 5.1.1: The third paragraph is describing a replacement for MGF1 defined in Section B.2.1 of RFC 8017. You are avoiding the use of RSASSA-PSS-params; it would be good to be explicit about that.

RFC 4055 specifies this structure:

      RSASSA-PSS-params  ::=  SEQUENCE  {
         hashAlgorithm      [0] HashAlgorithm DEFAULT
                                   sha1Identifier,
         maskGenAlgorithm   [1] MaskGenAlgorithm DEFAULT
                                   mgf1SHA1Identifier,
         saltLength         [2] INTEGER DEFAULT 20,
         trailerField       [3] INTEGER DEFAULT 1  }

This section is telling the implementer how to handle each of these parameters since they are now all bundled into the top-level OID.

2) I do not think that most of section 5.2 is needed.

I think you can simply point to RFC 4055 for RSASSA-PSS public keys, but keep this paragraph:

   Additionally, when the RSA private key owner wishes to limit the use
   of the public key exclusively to RSASSA-PSS, the AlgorithmIdentifiers
   for RSASSA-PSS defined in Section 4 can be used as the algorithm
   field in the SubjectPublicKeyInfo sequence [RFC5280].  The identifier
   parameters, as explained in section Section 4, MUST be absent. 

That said, I think the OIDs in Section 4 are used when the RSA private key owner wishes to limit the use to RSASSA-PSS with SHAKE.

I think you can simply point to RFC 5480 for ECDSA public keys.  I do not see any additional information that is specific to the use of SHAKE here.

3) I suggest that "joint-iso-ccitt" be replaced by "joint-iso-itu-t" throughout the document.  Right now, it is using both of these names.

Russ

P.S.  I have not tried to compile the ASN.1.


> From: internet-drafts@ietf.org <internet-drafts@ietf.org> 
> Sent: Sunday, November 25, 2018 11:49 PM
> To: Quynh Dang <quynh.dang@nist.gov>ov>; Panos Kampanakis (pkampana) <pkampana@cisco.com>
> Subject: New Version Notification for draft-ietf-lamps-pkix-shake-04.txt
> 
> 
> A new version of I-D, draft-ietf-lamps-pkix-shake-04.txt
> has been successfully submitted by Panos Kampanakis and posted to the IETF repository.
> 
> Name:		draft-ietf-lamps-pkix-shake
> Revision:	04
> Title:		Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs
> Document date:	2018-11-25
> Group:		lamps
> Pages:		15
> URL:            https://www.ietf.org/internet-drafts/draft-ietf-lamps-pkix-shake-04.txt
> Status:         https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/
> Htmlized:       https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-04
> Htmlized:       https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake
> Diff:           https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-04
> 
> Abstract:
>   Digital signatures are used to sign messages, X.509 certificates and
>   CRLs (Certificate Revocation Lists).  This document describes the
>   conventions for using the SHAKE function family in Internet X.509
>   certificates and CRLs as one-way hash functions with the RSA
>   Probabilistic signature and ECDSA signature algorithms.  The
>   conventions for the associated subject public keys are also
>   described.
> 
> Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org.
> 
> The IETF Secretariat
>