IETF Logo Mail Archive

Re: [lamps] draft-gazdag-x509-hash-sigs-00

"Kousidis, Stavros" <stavros.kousidis@bsi.bund.de> Sat, 24 December 2022 05:11 UTC

Return-Path: <stavros.kousidis@bsi.bund.de>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E405C151712; Fri, 23 Dec 2022 21:11:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.297
X-Spam-Level:
X-Spam-Status: No, score=-4.297 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, UNPARSEABLE_RELAY=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=bsi.bund.de header.b=bJhUdW4k; dkim=pass (2048-bit key) header.d=bsi.bund.de header.b=C5MycM1E
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NdOt4903D_sv; Fri, 23 Dec 2022 21:11:00 -0800 (PST)
Received: from m3-bn.bund.de (m3-bn.bund.de [77.87.228.75]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4491AC14CEE1; Fri, 23 Dec 2022 21:10:56 -0800 (PST)
Received: from m3-bn.bund.de (localhost [127.0.0.1]) by m3-bn.bund.de (Postfix) with ESMTP id D7551671617; Sat, 24 Dec 2022 06:10:53 +0100 (CET)
Received: (from localhost) by m3-bn.bund.de (MSCAN) id 4/m3-bn.bund.de/smtp-gw/mscan; Sat Dec 24 06:10:53 2022
X-NdB-Source: NdB
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-ed25519; t=1671858645; bh=TNzMbszP/S3sR9A0nw1wJYOuNwdQZ+WWWqkf1yOLgBA=; h=From:To:CC:Subject:Date:References:In-Reply-To:Content-Type: Content-Transfer-Encoding:MIME-Version:Autocrypt:Cc: Content-Transfer-Encoding:Content-Type:Date:From:In-Reply-To: Mime-Version:Openpgp:References:Reply-To:Resent-To:Sender:Subject: To; b=bJhUdW4k7d42Ucafl3W+roQgWMod3/DaT/fjK4Wl4kre00TG0CcCCfuxxQcCg0hwv 36TRUKPwLt+qodqiuK+BQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=bsi.bund.de; s=211014-e768-rsa; t=1671858645; bh=TNzMbszP/S3sR9A0nw1wJYOuNwdQZ+WWWqkf1yOLgBA=; h=From:To:CC:Subject:Date:References:In-Reply-To:Content-Type: Content-Transfer-Encoding:MIME-Version:Autocrypt:Cc: Content-Transfer-Encoding:Content-Type:Date:From:In-Reply-To: Mime-Version:Openpgp:References:Reply-To:Resent-To:Sender:Subject: To; b=C5MycM1ENOQdBNI01akWtriTJuVSFIZnTqHd0RAP5ijQnAv4KMUbHYvzmZGope4Mk JT6feuk1Nco43+O/MjQtig/uG1ygjREB5Zgc1puNPZ+dxUc1LgSQR6TO5Fxg9ns4cT 63ZQuh0p5XoDLyS4Uw6CJCGc751Kd8SYaiYsJCbzqr7j5v68XeriIWpZIvXDWouusc zoWQLSpNSuZc4mJnUr8CIxuLqNorEIaTM43Y4IqTdCwQLGvLqDuGFgiI/QWQLrkLaB oeB3hhNtM/g8jxnKV6tRBGRGiMKT/ytnZv/hX621PN6N5uDeJ4zcdy3LZvhhY6vSun vGY4rkTVHmG5A==
X-P350-Id: 1d344ea237101f74
X-Virus-Scanned: amavisd-new at bsi.bund.de
From: "Kousidis, Stavros" <stavros.kousidis@bsi.bund.de>
To: Russ Housley <housley@vigilsec.com>
CC: LAMPS <spasm@ietf.org>, "draft-gazdag-x509-hash-sigs.authors@ietf.org" <draft-gazdag-x509-hash-sigs.authors@ietf.org>
Thread-Topic: [lamps] draft-gazdag-x509-hash-sigs-00
Thread-Index: AQHZFwMZAY86abJjRk2uTqea+ZJ11q58e5Zw
Date: Sat, 24 Dec 2022 05:10:40 +0000
Message-ID: <3439f87bb3bb4a199f706b791cba6b6a@bsi.bund.de>
References: <08C331ED-453C-4812-955A-F2161B960329@vigilsec.com>
In-Reply-To: <08C331ED-453C-4812-955A-F2161B960329@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Old-x-esetresult: clean, is OK
Old-x-esetid: 37303A2963F0EA576C7062
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-EsetResult: clean, is OK
X-EsetId: 37303A295382EA576C7062
X-Rusd: domwl, Pass through domain bsi.bund.de
X-Rurd: query_ok, Pass through domain vigilsec.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/uEW1MHk4TkjEiHZb6miblCzvbS4>
Subject: Re: [lamps] draft-gazdag-x509-hash-sigs-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Dec 2022 05:11:06 -0000

Dear Russ,

thank you for the information.

In the next version we will adopt the "OCTET STRING" definition of RFC 8708 for HSS and apply this also to XMSS/XMSS^MT. The same applies to SPHINCS+ where we will adopt the definition of "draft-ietf-lamps-cms-sphincs-plus-01".

Best
Stavros

-----Ursprüngliche Nachricht-----
Von: Russ Housley <housley@vigilsec.com> 
Gesendet: Freitag, 23. Dezember 2022 18:12
An: draft-gazdag-x509-hash-sigs.authors@ietf.org
Cc: LAMPS <spasm@ietf.org>
Betreff: [lamps] draft-gazdag-x509-hash-sigs-00

Dear I-D Authors:

RFC 8708 has this definition:

     HSS-LMS-HashSig-PublicKey ::= OCTET STRING

This will carry the bytes as defined in RFC 8554.

draft-gazdag-x509-hash-sigs-00 says:

    HSS-HashSig-PublicKey ::= SEQUENCE {
       levels     OCTET STRING, -- number of levels L
       tree       OCTET STRING, -- typecode of top-level LMS tree
       ots        OCTET STRING, -- typecode of top-level LM-OTS
       identifier OCTET STRING, -- identifier I of top-level LMS key pair
       root       OCTET STRING  -- root T[1] of top-level tree
    }

This will produce a different byte string than RFC 8554.  I think this is a problem.  There should only be one way to encode the HSS/LMS public key.

Russ

v2.39.1 | Report a Bug | By Email | System Status