IETF Logo Mail Archive

Re: [lamps] Double signatures

Ryan Sleevi <ryan-ietf@sleevi.com> Mon, 10 September 2018 15:53 UTC

Return-Path: <ryan-ietf@sleevi.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E9B3124BE5 for <spasm@ietfa.amsl.com>; Mon, 10 Sep 2018 08:53:09 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.997
X-Spam-Level:
X-Spam-Status: No, score=-1.997 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_BL=0.001, RCVD_IN_MSPIKE_L5=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sleevi.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rf2PujrPurn8 for <spasm@ietfa.amsl.com>; Mon, 10 Sep 2018 08:53:06 -0700 (PDT)
Received: from pdx1-sub0-mail-a20.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C3CC2128B14 for <spasm@ietf.org>; Mon, 10 Sep 2018 08:53:06 -0700 (PDT)
Received: from pdx1-sub0-mail-a20.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTP id 1AEFA7EAEC for <spasm@ietf.org>; Mon, 10 Sep 2018 08:53:05 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sleevi.com; h=mime-version :references:in-reply-to:from:date:message-id:subject:to:cc :content-type; s=sleevi.com; bh=WEeb144oOYmGlBULyLNRGu3FgKM=; b= sRiScfnEX2fdVytMP4eGVyp5sXtY4PNWyQqpqFxuwydENM7aLrTvM3YorsO3imSi vwjnsKzfmi2wrP/bMiGaJ8x0KXzfroer5hdFx2vcnPTRV5UwIccQOW7olHJA4Ry3 ybAWvdhSFru5STR89jNV0oQz4HhNsIa80OKDEh/2cPU=
Received: from mail-it0-f54.google.com (mail-it0-f54.google.com [209.85.214.54]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: ryan@sleevi.com) by pdx1-sub0-mail-a20.g.dreamhost.com (Postfix) with ESMTPSA id 0342181034 for <spasm@ietf.org>; Mon, 10 Sep 2018 08:53:05 -0700 (PDT)
Received: by mail-it0-f54.google.com with SMTP id e14-v6so30162185itf.1 for <spasm@ietf.org>; Mon, 10 Sep 2018 08:53:04 -0700 (PDT)
X-Gm-Message-State: APzg51BIVR407lIaKddp4kUCrwEBUEnwrrxh6t72tdishEYYsTu7VO0s 79i8NXsK3nJHlY8wnQDAPC2DFmtSHdheB+dDF0c=
X-Google-Smtp-Source: ANB0VdYs2BSdp1DuJDkOetpKLwuId3q5yfhi9Jg/SXNbrdg1zzKlbGquKxAVelHT6azqN598f7SVBPXSeHlH0A36RPo=
X-Received: by 2002:a02:89fc:: with SMTP id e57-v6mr19305932jak.44.1536594784398; Mon, 10 Sep 2018 08:53:04 -0700 (PDT)
MIME-Version: 1.0
References: <005a01d44916$7c9cb560$75d62020$@x500.eu>
In-Reply-To: <005a01d44916$7c9cb560$75d62020$@x500.eu>
From: Ryan Sleevi <ryan-ietf@sleevi.com>
Date: Mon, 10 Sep 2018 11:52:53 -0400
X-Gmail-Original-Message-ID: <CAErg=HHhU9H-Ng8sUtXu2S+F0fr2tLOX6=8UR77gz0YLqtGyaA@mail.gmail.com>
Message-ID: <CAErg=HHhU9H-Ng8sUtXu2S+F0fr2tLOX6=8UR77gz0YLqtGyaA@mail.gmail.com>
To: era@x500.eu
Cc: x500standard@freelists.org, SPASM <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000049b5940575865a02"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/f-tEBI8qIhgCKK_t0q85uCR02AA>
Subject: Re: [lamps] Double signatures
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Sep 2018 15:53:09 -0000

On Mon, Sep 10, 2018 at 10:56 AM Erik Andersen <era@x500.eu> wrote:

> Hi Folk,
>
>
>
> In ITU-T we have plans to allow for double signatures using the SIGNED
> parametrized data type defined in X.509 to cope with situation as described
> in the internet draft: “Multiple Public-Key Algorithm X.509 Certificates
> (draft-truskovsky-lamps-pq-hybrid-x509-01)”
>
>
>
> We suggest to enhance the SIGNED data type as shown below:
>
>
>
> *SIGNED{ToBeSigned} ::= SEQUENCE {*
>
> *  COMPONENTS OF SIGNATURE,*
>
> *  ...,*
>
> *  altAlgorithmIdentifier  AlgorithmIdentifier{{SupportedAlgorithms}}
> OPTIONAL,*
>
> *  altSignature            BIT STRING OPTIONAL  *
>
>   *} (WITH COMPONENTS {..., altAlgorithmIdentifier PRESENT, altSignature
> PRESENT } |*
>
> *     WITH COMPONENTS {..., altAlgorithmIdentifier ABSENT,  altSignature
> ABSENT } )*
>
>
>
> We are open to comments. We know that IETF is not a heavy user of this
> data type.
>
>
>
> We have no intention to use this extended data type for certificates and
> CRLs.
>
>
>
> For your information, SIGNATURE is defined as:
>
>
>
> *SIGNATURE ::= SEQUENCE {*
>
> *  algorithmIdentifier  AlgorithmIdentifier{{SupportedAlgorithms}},*
>
> *  signature            BIT STRING,*
>
> *  ... }*
>

>From the discussions in London (101), there were a number of challenges
identified during the discussion -
https://datatracker.ietf.org/meeting/101/materials/minutes-101-lamps-01.txt
- that fundamentally questioned that approach.

Has the ITU-T addressed or resolved those concerns? Are they not applicable
for some reason specific to ITU-T?

>

v2.23.0 | Report a Bug | By Email