Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-01.txt
Russ Housley <housley@vigilsec.com> Tue, 16 October 2018 16:53 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BE4C130DFD for <spasm@ietfa.amsl.com>; Tue, 16 Oct 2018 09:53:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoG6FZ7SKtc7 for <spasm@ietfa.amsl.com>; Tue, 16 Oct 2018 09:53:47 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F254130DEE for <spasm@ietf.org>; Tue, 16 Oct 2018 09:53:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7AD6B300A98 for <spasm@ietf.org>; Tue, 16 Oct 2018 12:53:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XG0-ziTCt4eu for <spasm@ietf.org>; Tue, 16 Oct 2018 12:53:40 -0400 (EDT)
Received: from a860b60074bd.home (pool-71-127-50-4.washdc.fios.verizon.net [71.127.50.4]) by mail.smeinc.net (Postfix) with ESMTPSA id 6F2D530056B; Tue, 16 Oct 2018 12:53:40 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <C8359920-D551-47D0-A518-F47B7CABE7CE@isara.com>
Date: Tue, 16 Oct 2018 12:53:41 -0400
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8B250EB-E071-498A-8ED4-AC2A6FCA9DC2@vigilsec.com>
References: <153773828944.29214.3317396448213914064@ietfa.amsl.com> <ADBDEDDC-E615-4FF9-AF7C-8623A1A84FBD@vigilsec.com> <C8359920-D551-47D0-A518-F47B7CABE7CE@isara.com>
To: Daniel Van Geest <Daniel.VanGeest@isara.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cXkpVmAnfFwfp6MxgUHJWjSMHZw>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-01.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 16:53:50 -0000
Daniel:
Thank you for the very careful review.
I am working on an update to the document to assign these identifiers:
sa-HSS-LMS-HashSig-with-SHA256 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-hss-lms-hashsig-with-sha256
PARAMS ARE absent
HASHES { mda-sha256 }
PUBLIC-KEYS { pk-HSS-LMS-HashSig }
SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha256 } }
sa-HSS-LMS-HashSig-with-SHA384 SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-hss-lms-hashsig-with-sha384
PARAMS ARE absent
HASHES { mda-sha384 }
PUBLIC-KEYS { pk-HSS-LMS-HashSig }
SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha384 } }
sa-HSS-LMS-HashSig SIGNATURE-ALGORITHM ::= {
IDENTIFIER id-alg-hss-lms-hashsig-with-sha512
PARAMS ARE absent
HASHES { mda-sha512 }
PUBLIC-KEYS { pk-HSS-LMS-HashSig }
SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha512 } }
pk-HSS-LMS-HashSig PUBLIC-KEY ::= {
IDENTIFIER id-alg-hss-lms-hashsig
KEY HSS-LMS-HashSig-PublicKey
PARAMS ARE absent
CERT-KEY-USAGE
{ digitalSignature, nonRepudiation, keyCertSign, cRLSign } }
> Comments on your recent changes:
>
> The public key value is an OCTET STRING. Like the signature format,
> it is designed for easy parsing. The value is a length, L, followed
> by the public key itself.
>
> L is the number of levels (in the private key & thus the signature), not a length.
Good catch. I suggest:
The public key value is an OCTET STRING. Like the signature format,
it is designed for easy parsing. The value is the number of levels
in the public key, L, followed by the LMS public key.
> The signature format is still off:
>
> The elements of the HSS signature value for a tree with Nspk levels
> can be summarized as:
>
> In [HASHSIG], L is the number of levels. Nspk is L - 1. If you keep the updated indexing of the signed_public_key array in the signature, then the above sentence should be:
>
> The elements of the HSS signature value for a tree with Nspk + 1 levels
> can be summarized as:
This seems to match exactly with this text from draft-mcgrew-hash-sigs-13:
The value of the HSS signature is set as follows. We let
signed_pub_key denote an array of octet strings, where
signed_pub_key[i] = sig[i] || pub[i+1], for i between 0 and Nspk-
1, inclusive, where Nspk = L-1 denotes the number of signed public
keys. Then the HSS signature is u32str(Nspk) ||
signed_pub_key[0] || ... || signed_pub_key[Nspk-1] || sig[Nspk].
Maybe a note at the ends will add clarity. I suggest:
Note that Nspk is the number of levels in the hierarchy of
trees minus 1.
Let me know if that actually adds clarity for you.
Russ
- [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig… internet-drafts
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Russ Housley
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Daniel Van Geest
- Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash… Russ Housley