Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-01.txt

Russ Housley <housley@vigilsec.com> Tue, 16 October 2018 16:53 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BE4C130DFD for <spasm@ietfa.amsl.com>; Tue, 16 Oct 2018 09:53:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EoG6FZ7SKtc7 for <spasm@ietfa.amsl.com>; Tue, 16 Oct 2018 09:53:47 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3F254130DEE for <spasm@ietf.org>; Tue, 16 Oct 2018 09:53:47 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7AD6B300A98 for <spasm@ietf.org>; Tue, 16 Oct 2018 12:53:44 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id XG0-ziTCt4eu for <spasm@ietf.org>; Tue, 16 Oct 2018 12:53:40 -0400 (EDT)
Received: from a860b60074bd.home (pool-71-127-50-4.washdc.fios.verizon.net [71.127.50.4]) by mail.smeinc.net (Postfix) with ESMTPSA id 6F2D530056B; Tue, 16 Oct 2018 12:53:40 -0400 (EDT)
Content-Type: text/plain; charset=us-ascii
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <C8359920-D551-47D0-A518-F47B7CABE7CE@isara.com>
Date: Tue, 16 Oct 2018 12:53:41 -0400
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <F8B250EB-E071-498A-8ED4-AC2A6FCA9DC2@vigilsec.com>
References: <153773828944.29214.3317396448213914064@ietfa.amsl.com> <ADBDEDDC-E615-4FF9-AF7C-8623A1A84FBD@vigilsec.com> <C8359920-D551-47D0-A518-F47B7CABE7CE@isara.com>
To: Daniel Van Geest <Daniel.VanGeest@isara.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/cXkpVmAnfFwfp6MxgUHJWjSMHZw>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-01.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Oct 2018 16:53:50 -0000

Daniel:

Thank you for the very careful review.

I am working on an update to the document to assign these identifiers:

sa-HSS-LMS-HashSig-with-SHA256 SIGNATURE-ALGORITHM ::= {
     IDENTIFIER id-alg-hss-lms-hashsig-with-sha256
     PARAMS ARE absent
     HASHES { mda-sha256 }
     PUBLIC-KEYS { pk-HSS-LMS-HashSig }
     SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha256 } }

sa-HSS-LMS-HashSig-with-SHA384 SIGNATURE-ALGORITHM ::= {
     IDENTIFIER id-alg-hss-lms-hashsig-with-sha384
     PARAMS ARE absent
     HASHES { mda-sha384 }
     PUBLIC-KEYS { pk-HSS-LMS-HashSig }
     SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha384 } }

sa-HSS-LMS-HashSig SIGNATURE-ALGORITHM ::= {
     IDENTIFIER id-alg-hss-lms-hashsig-with-sha512
     PARAMS ARE absent
     HASHES { mda-sha512 }
     PUBLIC-KEYS { pk-HSS-LMS-HashSig }
     SMIME-CAPS { IDENTIFIED BY id-alg-hss-lms-hashsig-with-sha512 } }

pk-HSS-LMS-HashSig PUBLIC-KEY ::= {
    IDENTIFIER id-alg-hss-lms-hashsig
    KEY HSS-LMS-HashSig-PublicKey
    PARAMS ARE absent
    CERT-KEY-USAGE
        { digitalSignature, nonRepudiation, keyCertSign, cRLSign } }


> Comments on your recent changes:
> 
> 	   The public key value is an OCTET STRING.  Like the signature format,	
> 	   it is designed for easy parsing.  The value is a length, L, followed	
> 	   by the public key itself.
> 
> L is the number of levels (in the private key & thus the signature), not a length.

Good catch.  I suggest:

   The public key value is an OCTET STRING.  Like the signature format,
   it is designed for easy parsing.  The value is the number of levels
   in the public key, L, followed by the LMS public key.

> The signature format is still off:
> 
> 	   The elements of the HSS signature value for a tree with Nspk levels
> 	   can be summarized as:
> 
> In [HASHSIG], L is the number of levels.  Nspk is L - 1.  If you keep the updated indexing of the signed_public_key array in the signature, then the above sentence should be:
> 
> 	   The elements of the HSS signature value for a tree with Nspk + 1 levels
> 	   can be summarized as:

This seems to match exactly with this text from draft-mcgrew-hash-sigs-13:

      The value of the HSS signature is set as follows.  We let
      signed_pub_key denote an array of octet strings, where
      signed_pub_key[i] = sig[i] || pub[i+1], for i between 0 and Nspk-
      1, inclusive, where Nspk = L-1 denotes the number of signed public
      keys.  Then the HSS signature is u32str(Nspk) ||
      signed_pub_key[0] || ... || signed_pub_key[Nspk-1] || sig[Nspk].

Maybe a note at the ends will add clarity.  I suggest:

   Note that Nspk is the number of levels in the hierarchy of
   trees minus 1.

Let me know if that actually adds clarity for you.

Russ