Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt
Daniel Van Geest <Daniel.VanGeest@isara.com> Tue, 05 March 2019 16:38 UTC
Return-Path: <Daniel.VanGeest@isara.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F8C2131257 for <spasm@ietfa.amsl.com>; Tue, 5 Mar 2019 08:38:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3ElBdyhFNNm5 for <spasm@ietfa.amsl.com>; Tue, 5 Mar 2019 08:38:14 -0800 (PST)
Received: from esa1.isaracorp.com (esa1.isaracorp.com [207.107.152.166]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 852C812F1A6 for <spasm@ietf.org>; Tue, 5 Mar 2019 08:38:13 -0800 (PST)
Received: from unknown (HELO V0501WEXGPR01.isaracorp.com) ([10.5.8.20]) by ip1.isaracorp.com with ESMTP; 05 Mar 2019 16:38:12 +0000
Received: from V0501WEXGPR01.isaracorp.com (10.5.8.20) by V0501WEXGPR01.isaracorp.com (10.5.8.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.1.1466.3; Tue, 5 Mar 2019 11:38:08 -0500
Received: from V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba]) by V0501WEXGPR01.isaracorp.com ([fe80::d802:5aec:db34:beba%7]) with mapi id 15.01.1466.012; Tue, 5 Mar 2019 11:38:08 -0500
From: Daniel Van Geest <Daniel.VanGeest@isara.com>
To: Russ Housley <housley@vigilsec.com>, Jim Schaad <ietf@augustcellars.com>
CC: SPASM <spasm@ietf.org>
Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt
Thread-Index: AQHUzgL4B8nMv8e3gk6J29Pq8ccSVaXyvj+AgABwIYCAAQyKgIAJDLAA
Date: Tue, 05 Mar 2019 16:38:08 +0000
Message-ID: <0A9C77AE-0461-4270-A91D-82553D443179@isara.com>
References: <155120649715.695.14410208917743275760@ietfa.amsl.com> <9B90A5E8-00BC-43FE-ACC1-E7DBB184ED8C@vigilsec.com> <01fa01d4ce3b$4c716840$e55438c0$@augustcellars.com> <782D8ACC-6B57-4067-BC14-9D11A7B02269@vigilsec.com>
In-Reply-To: <782D8ACC-6B57-4067-BC14-9D11A7B02269@vigilsec.com>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.31.5.52]
Content-Type: multipart/alternative; boundary="_000_0A9C77AE04614270A91D82553D443179isaracom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/W_BftmSzPHe_tH_cykphxNXBFRg>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 16:38:26 -0000
I’m working to align x509-hash-sigs draft and implementations with this one. There’s something in cms-hash-sigs that I’d like clarification on to understand the implications.
The ASN.1 module defines:
pk-HSS-LMS-HashSig PUBLIC-KEY ::= {
IDENTIFIER id-alg-hss-lms-hashsig
KEY HSS-LMS-HashSig-PublicKey
PARAMS ARE absent
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign } }
HSS-LMS-HashSig-PublicKey ::= OCTET STRING
Specifically, the public key is an OCTET STRING. The actual public key is “u32str(L) || lms_public_key”, so essentially an opaque octet string.
What are the implications in x.509 of defining “HSS-LMS-HashSig-PublicKey ::= OCTET STRING”? Does this mean that in the Subject Public Key Info attribute, the HSS public key would be encoded as an OCTET STRING which is then wrapped in a BIT STRING encoding? (as opposed to a BIT STRING encoding of the raw “u32str(L) || lms_public_key” octet string).
The closest I could find to this situation is Ed25519/Ed448 since those public keys are also just raw octet strings (32 octets in 25519). But the ASN.1 module for RFC 8410 specifies “-- KEY no ASN.1 wrapping --” within PUBLIC-KEY:
pk-Ed25519 PUBLIC-KEY ::= {
IDENTIFIER id-Ed25519
-- KEY no ASN.1 wrapping --
PARAMS ARE absent
CERT-KEY-USAGE {digitalSignature, nonRepudiation,
keyCertSign, cRLSign}
PRIVATE-KEY CurvePrivateKey
}
I’m not an ASN.1 expert, so could someone explain the difference? Is the “no wrapping” there because the public key is raw octets? And then whoever encodes the public only applies their own encoding (if any) of the octets. Does it have to do with the fact that the public key can be easily derived from the private key? Is my assumption correct that a SPKI encoding of an HSS key would be a BIT STRING encoding of an ASN.1 OCTET STRING encoding of the raw octets?
Thanks,
Daniel
On 2019-02-27, 12:27 PM, "Spasm on behalf of Russ Housley" <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> on behalf of housley@vigilsec.com<mailto:housley@vigilsec.com>> wrote:
Jim:
You are correct. I missed this when I made the last update. I will make the change now in my edit buffer. I'll post it along with any other changes that result from IETF Last Call.
Russ
On Feb 26, 2019, at 8:25 PM, Jim Schaad <ietf@augustcellars.com<mailto:ietf@augustcellars.com>> wrote:
I have a small change to request. I am happy if you deal with it at a later
date as long as it does not get lost.
In the ASN.1 module, the SIGNATURE-ALGORITHM definition should have an empty
or absent HASHES field. There are no hash functions which are to be applied
prior to given the input to the signing function. This would match what I
did for EdDSA.
Jim
-----Original Message-----
From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Russ Housley
Sent: Tuesday, February 26, 2019 10:44 AM
To: SPASM <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt
This removes the extraneous paragraph that was pointed out by Daniel.
I believe that all comments have been resolved, and the document is now
ready to go to the IESG.
Russ
On Feb 26, 2019, at 1:41 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> wrote:
A New Internet-Draft is available from the on-line Internet-Drafts
directories.
This draft is a work item of the Limited Additional Mechanisms for PKIX
and
SMIME WG of the IETF.
Title : Use of the HSS/LMS Hash-based Signature
Algorithm in the
Cryptographic Message Syntax (CMS)
Author : Russ Housley
Filename : draft-ietf-lamps-cms-hash-sig-06.txt
Pages : 14
Date : 2019-02-26
Abstract:
This document specifies the conventions for using the the HSS/LMS
hash-based signature algorithm with the Cryptographic Message Syntax
(CMS). In addition, the algorithm identifier and public key syntax
are provided. The HSS/LMS algorithm is one form of hash-based
digital signature; it is described in [HASHSIG].
The IETF datatracker status page for this draft is:
https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-hash-sig/
There are also htmlized versions available at:
https://tools.ietf.org/html/draft-ietf-lamps-cms-hash-sig-06
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-hash-sig-06
A diff from the previous version is available at:
https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-hash-sig-06
Please note that it may take a couple of minutes from the time of
submission until the htmlized version and diff are available at
tools.ietf.org.
Internet-Drafts are also available by anonymous FTP at:
ftp://ftp.ietf.org/internet-drafts/
_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm
_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Tim Hollebeek
- [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig… internet-drafts
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Russ Housley
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Jim Schaad
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Russ Housley
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Daniel Van Geest
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Jim Schaad
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Daniel Van Geest
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Jim Schaad
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Daniel Van Geest
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Russ Housley
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Daniel Van Geest