IETF Logo Mail Archive

Re: [lamps] prehash PQ Sig OIDs (was Re: pre-hashing the OID in draft-ounsworth-pq-composite-sigs-10)

Phillip Hallam-Baker <phill@hallambaker.com> Tue, 28 November 2023 00:29 UTC

Return-Path: <hallam@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id F2370C151535 for <spasm@ietfa.amsl.com>; Mon, 27 Nov 2023 16:29:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.406
X-Spam-Level:
X-Spam-Status: No, score=-1.406 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cQxJ4vixCLeW for <spasm@ietfa.amsl.com>; Mon, 27 Nov 2023 16:29:03 -0800 (PST)
Received: from mail-oo1-f51.google.com (mail-oo1-f51.google.com [209.85.161.51]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 72FF0C15108F for <spasm@ietf.org>; Mon, 27 Nov 2023 16:29:03 -0800 (PST)
Received: by mail-oo1-f51.google.com with SMTP id 006d021491bc7-58d06bfadf8so2976048eaf.1 for <spasm@ietf.org>; Mon, 27 Nov 2023 16:29:03 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1701131342; x=1701736142; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=oMw/umI1rE1GwrRuDf7qfdzJXIdqs1IstX++kRw5sGE=; b=OJe10lyzSJgk/UpPp7vpbwjYTaqQhrLoIJjXVCA9BB2pEBla78nKNviIBJzo5R1OKH Qpp1rIP0ckENHYfT3n1Z4zefYFqEqQoIZa+B64jaPJYWxaE0NlC+mwFYowPtPWpos7OC a3LT6r3yaYmTYZwch1Ltq9LJM3gXkvWDdQcVtqlsCNc8aBCr+rKzUJqQIVzmymhV0uNd yciNmaByf6Z78ny7f5K0pNCTKCq3HAUKJy15U0hporlmCv0KxeD+xuwj9M13rYU0EyVe blBrhvdYsOB4li09uy2Z9ctwqj+6FDc2kcwS4w7lP/6CfAD7YZ6pl/vU9aFozFM5DNIe RFJg==
X-Gm-Message-State: AOJu0YyqiL4S6jZEaIrzd6YTm7zRPJqkghITTzUoMDeKklBv0nB7Vcfl MbHTNtdyhrTyhN12XIPtcvDk8UeAfS9oP1kVqdfhC4Nxcrc=
X-Google-Smtp-Source: AGHT+IGvwoXvbpEBUJY2qIZ8XleyW+xjx2HzdBIgHOQsRk/1NvwkbS3sJ7lRUCL4VFGfpZLp9OvT6onaQJ6Gs0tIksI=
X-Received: by 2002:a05:6820:1606:b0:58d:9776:2313 with SMTP id bb6-20020a056820160600b0058d97762313mr3787437oob.7.1701131342544; Mon, 27 Nov 2023 16:29:02 -0800 (PST)
MIME-Version: 1.0
References: <bb644dc2ac034bf9a48ac3206f66d783@amazon.com> <CAMm+LwgX6t7y8XkvQG9OviA5uDAfsPu87F7i-HXCPs2DLWD1ug@mail.gmail.com> <512611.1701117846@dyas>
In-Reply-To: <512611.1701117846@dyas>
From: Phillip Hallam-Baker <phill@hallambaker.com>
Date: Mon, 27 Nov 2023 19:28:51 -0500
Message-ID: <CAMm+Lwjb9P=-5Td+fS6kyHdU7eE5iAJ3i4Zf-5SqZPTZmcu4vA@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: "spasm@ietf.org" <spasm@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000006385a5060b2b8164"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/rxzvb4aJBItdyUVPfWBccp5zCQc>
Subject: Re: [lamps] prehash PQ Sig OIDs (was Re: pre-hashing the OID in draft-ounsworth-pq-composite-sigs-10)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 28 Nov 2023 00:29:08 -0000

On Mon, Nov 27, 2023 at 3:44 PM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Phillip Hallam-Baker <phill@hallambaker.com> wrote:
>     > I think we need a reset here to look at the reason prehashing is an
>     > issue.
>
> Thanks, this was a useful read.
>
> ...
>     > And that is all entirely OK and not subject to some sort of
>     > substitution attack provided that the signature is bound to some
>     > attribute saying what is being signed.
>
>     > That approach does not fit into the PKCS#7 model because it is over
> 30
>     > years old and we weren't thinking in those terms then. But we should
> be
>     > thinking about that now.
>
> I think you are saying, the fact that you can break some things that use
> PKCS#7, doesn't mean that we should never pre-hash.
>

Not quite. I am saying that in CMS, we have a chunk of data that is signed
and that is it. And that really isn't sufficient for using signatures in a
transaction system.

Alice sends Bob an email signed with her public key. Does that mean
anything beyond Alice sent the email?

If the email contains a contract offer or acceptance, a human can fairly
interpret that as being a contract or acceptance but we can't really make
use of that in an automated system.

What I am saying is that if we want to get beyond the limited applications
of the 1990s, we have to be thinking of binding semantic identifiers into
the signature. There are hooks in XML Signature and Jose that can be used
for this sort of tagging. I am not seeing that in CMS.

v2.23.0 | Report a Bug | By Email