IETF Logo Mail Archive

Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt

Jim Schaad <ietf@augustcellars.com> Tue, 05 March 2019 17:51 UTC

Return-Path: <ietf@augustcellars.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6A720131271 for <spasm@ietfa.amsl.com>; Tue, 5 Mar 2019 09:51:01 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7_0b7fcqEiNP for <spasm@ietfa.amsl.com>; Tue, 5 Mar 2019 09:50:57 -0800 (PST)
Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 360F8131174 for <spasm@ietf.org>; Tue, 5 Mar 2019 09:50:56 -0800 (PST)
Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 5 Mar 2019 09:50:48 -0800
From: Jim Schaad <ietf@augustcellars.com>
To: 'Daniel Van Geest' <Daniel.VanGeest@isara.com>, 'Russ Housley' <housley@vigilsec.com>
CC: 'SPASM' <spasm@ietf.org>
References: <155120649715.695.14410208917743275760@ietfa.amsl.com> <9B90A5E8-00BC-43FE-ACC1-E7DBB184ED8C@vigilsec.com> <01fa01d4ce3b$4c716840$e55438c0$@augustcellars.com> <782D8ACC-6B57-4067-BC14-9D11A7B02269@vigilsec.com> <0A9C77AE-0461-4270-A91D-82553D443179@isara.com>
In-Reply-To: <0A9C77AE-0461-4270-A91D-82553D443179@isara.com>
Date: Tue, 05 Mar 2019 09:50:45 -0800
Message-ID: <015401d4d37b$f7673000$e6359000$@augustcellars.com>
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="----=_NextPart_000_0155_01D4D338.E9474B60"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AQJP3EtmxFxA6hXc3uR6jg4mJmaNhgIcsAfkAisXL+UCqXow0QGbl/qspMLXJ1A=
Content-Language: en-us
X-Originating-IP: [73.180.8.170]
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/eRZ7PaL__wbkXWZC4K1TKChtxWA>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 05 Mar 2019 17:51:08 -0000

 

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Daniel Van Geest
Sent: Tuesday, March 5, 2019 8:38 AM
To: Russ Housley <housley@vigilsec.com>; Jim Schaad <ietf@augustcellars.com>
Cc: SPASM <spasm@ietf.org>
Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt

 

I’m working to align x509-hash-sigs draft and implementations with this one.  There’s something in cms-hash-sigs that I’d like clarification on to understand the implications.

 

The ASN.1 module defines:

 

      pk-HSS-LMS-HashSig PUBLIC-KEY ::= {

          IDENTIFIER id-alg-hss-lms-hashsig

          KEY HSS-LMS-HashSig-PublicKey

          PARAMS ARE absent

          CERT-KEY-USAGE

            { digitalSignature, nonRepudiation, keyCertSign, cRLSign } }

 

      HSS-LMS-HashSig-PublicKey ::= OCTET STRING

 

Specifically, the public key is an OCTET STRING. The actual public key is “u32str(L) || lms_public_key”, so essentially an opaque octet string.

 

What are the implications in x.509 of defining “HSS-LMS-HashSig-PublicKey ::= OCTET STRING”?  Does this mean that in the Subject Public Key Info attribute, the HSS public key would be encoded as an OCTET STRING which is then wrapped in a BIT STRING encoding? (as opposed to a BIT STRING encoding of the raw “u32str(L) || lms_public_key” octet string).

 

The closest I could find to this situation is Ed25519/Ed448 since those public keys are also just raw octet strings (32 octets in 25519).  But the ASN.1 module for RFC 8410 specifies “-- KEY no ASN.1 wrapping --” within PUBLIC-KEY:

 

    pk-Ed25519 PUBLIC-KEY ::= {
        IDENTIFIER id-Ed25519
        -- KEY no ASN.1 wrapping --
        PARAMS ARE absent
        CERT-KEY-USAGE {digitalSignature, nonRepudiation,
                        keyCertSign, cRLSign}
        PRIVATE-KEY CurvePrivateKey
    }

 

I’m not an ASN.1 expert, so could someone explain the difference? Is the “no wrapping” there because the public key is raw octets? And then whoever encodes the public only applies their own encoding (if any) of the octets.  Does it have to do with the fact that the public key can be easily derived from the private key?  Is my assumption correct that a SPKI encoding of an HSS key would be a BIT STRING encoding of an ASN.1 OCTET STRING encoding of the raw octets?

 

[JLS] As I read this what you have deduced is correct.  For Ed25519 the public key is directly wrapped in the BIT STRING with no additional encoding.  For the hash sig public key the public key is wrapped in an OCTET STRING which is then wrapped in the BIT STRING.  

 

As a general rule, I prefer having the extra layer of ASN.1 encoding because a lot of decoders assume that there is going to be that layer when processing certificates.  However, I did not write the initial versions of the Edwards draft and thus I just used the encoding that was there rather than writing it as I would prefer.

 

Jim

 

 

Thanks,

Daniel

 

On 2019-02-27, 12:27 PM, "Spasm on behalf of Russ Housley" <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>  on behalf of housley@vigilsec.com <mailto:housley@vigilsec.com> > wrote:

 

Jim:

 

You are correct.  I missed this when I made the last update.  I will make the change now in my edit buffer.  I'll post it along with any other changes that result from IETF Last Call.

 

Russ

 

 

On Feb 26, 2019, at 8:25 PM, Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com> > wrote:

I have a small change to request.  I am happy if you deal with it at a later

date as long as it does not get lost.

In the ASN.1 module, the SIGNATURE-ALGORITHM definition should have an empty

or absent HASHES field.  There are no hash functions which are to be applied

prior to given the input to the signing function.  This would match what I

did for EdDSA.

Jim

-----Original Message-----

From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Russ Housley

Sent: Tuesday, February 26, 2019 10:44 AM

To: SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >

Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-hash-sig-06.txt

This removes the extraneous paragraph that was pointed out by Daniel.

I believe that all comments have been resolved, and the document is now

ready to go to the IESG.

Russ

On Feb 26, 2019, at 1:41 PM, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org>  wrote:

A New Internet-Draft is available from the on-line Internet-Drafts

directories.

This draft is a work item of the Limited Additional Mechanisms for PKIX

and

SMIME WG of the IETF.

       Title           : Use of the HSS/LMS Hash-based Signature

Algorithm in the

Cryptographic Message Syntax (CMS)

       Author          : Russ Housley

                Filename        : draft-ietf-lamps-cms-hash-sig-06.txt

                Pages           : 14

                Date            : 2019-02-26

Abstract:

  This document specifies the conventions for using the the HSS/LMS

  hash-based signature algorithm with the Cryptographic Message Syntax

  (CMS).  In addition, the algorithm identifier and public key syntax

  are provided.  The HSS/LMS algorithm is one form of hash-based

  digital signature; it is described in [HASHSIG].

The IETF datatracker status page for this draft is:

https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-hash-sig/

There are also htmlized versions available at:

https://tools.ietf.org/html/draft-ietf-lamps-cms-hash-sig-06

https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-hash-sig-06

A diff from the previous version is available at:

https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-hash-sig-06

Please note that it may take a couple of minutes from the time of

submission until the htmlized version and diff are available at

tools.ietf.org.

Internet-Drafts are also available by anonymous FTP at:

ftp://ftp.ietf.org/internet-drafts/

_______________________________________________

Spasm mailing list

Spasm@ietf.org <mailto:Spasm@ietf.org> 

https://www.ietf.org/mailman/listinfo/spasm

_______________________________________________

Spasm mailing list

Spasm@ietf.org <mailto:Spasm@ietf.org> 

https://www.ietf.org/mailman/listinfo/spasm

 

_______________________________________________

Spasm mailing list

Spasm@ietf.org <mailto:Spasm@ietf.org> 

https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email