[lamps] Comments on draft-ounsworth-pq-composite-sigs -01
Jim Schaad <ietf@augustcellars.com> Sun, 14 July 2019 04:49 UTC
Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A86B1201B3; Sat, 13 Jul 2019 21:49:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FaZwbF9b3bal; Sat, 13 Jul 2019 21:49:41 -0700 (PDT)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4D27E120196; Sat, 13 Jul 2019 21:49:41 -0700 (PDT)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Sat, 13 Jul 2019 21:49:34 -0700
From: Jim Schaad <ietf@augustcellars.com>
To: draft-ounsworth-pq-composite-sigs@ietf.org
CC: spasm@ietf.org
Date: Sat, 13 Jul 2019 21:49:34 -0700
Message-ID: <00f701d539ff$89e94eb0$9dbbec10$@augustcellars.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft Outlook 16.0
Content-Language: en-us
Thread-Index: AdU5wyTeFdyONMS2QNy2nzy7ZDJyZA==
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/XhBNnOAgk-Q_wD7cGPoQRvjbtMA>
Subject: [lamps] Comments on draft-ounsworth-pq-composite-sigs -01
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 14 Jul 2019 04:49:43 -0000
1. In section 1 - The EDNOTE suggestion for how to do encryption seems to be totally wrong and probably unworkable. 2. In section 2.2 EDNOTE1 - I am completely in favor of the current usage with PARAMS absent. 3. In section 2.5 - It took me a bit to decide it was correct, but you should probably document why the algorithm identifiers are not next to the signature values. (... needs to be able to be signed ....) And this should probably be a recommended thing to do - i.e. for CMS that additional parameter is needed. 4. In section 2.6 - If you can tell me how to accept BER and not DER I would probably by a drink or two. A better way would be to say MUST accept DER and MAY (should?) accept BER. 5. In section 3.1 - Doing sub-set signing would worry me in general due to the fact than an attack could be made by removing elements from the signature and signature algorithm list. At the moment that is not possible because the public key would not have the right number of elements. However there are several situations where the signature algorithm is not included in the signed value thus permitting this attack. 6. Section 3.2 - I do not believe that you can get away with not specifying the partial evaluation of signature algorithm. One of the main arguments that you are giving for this is that not all of the signature algorithms may be known. Insert step 1.5 - Filter the list of signature algorithm to those implemented by the evaluation code. 7. Section 3.2 - The last paragraph in this section is not going to make me very happy. Specifically the text following "but" would appear to contradict the evaluation in the current step 2. 8. Section 4.1 - Yes it is obvious - having it does not really any downsides. 9. Section 4.2 - I don't understand the section header here. Was that just a mistake? 10. Section 4.2 - It seems that a lot of this might be done by referencing. For example the privateKey field is encoded as in Section X.Y 11. Section 6.1 - I would want to put in a note that the checkPolicy algorithm can very from a single algorithm is fine to a set of algorithms is required or as long as the algorithms are not all "known bad". Some description of different possibilities would be good. 12. In the ASN.1 module, a comment about adding pk-Composite to the class set PublicKeyAlgorithms (as defined in RFC 5280) is required. Jim
- [lamps] Comments on draft-ounsworth-pq-composite-… Jim Schaad
- Re: [lamps] [EXTERNAL]Comments on draft-ounsworth… Mike Ounsworth