Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-passport-10: (with DISCUSS)
"Peterson, Jon" <jon.peterson@neustar.biz> Thu, 03 November 2016 13:33 UTC
Return-Path: <prvs=41151910e3=jon.peterson@neustar.biz>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F6141294DC; Thu, 3 Nov 2016 06:33:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.701
X-Spam-Level:
X-Spam-Status: No, score=-102.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=neustar.biz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GDAkuyLdLbOF; Thu, 3 Nov 2016 06:33:26 -0700 (PDT)
Received: from mx0b-0018ba01.pphosted.com (mx0b-0018ba01.pphosted.com [67.231.157.90]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D9798129471; Thu, 3 Nov 2016 06:33:25 -0700 (PDT)
Received: from pps.filterd (m0049401.ppops.net [127.0.0.1]) by m0049401.ppops.net-0018ba01. (8.16.0.17/8.16.0.17) with SMTP id uA3DX74V015558; Thu, 3 Nov 2016 09:33:22 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=neustar.biz; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-id : content-transfer-encoding : mime-version; s=neustar-biz; bh=2+XR/02Q/JVU6iMk8eLZCYzYsQ5gB5DyBocDbbJ17kE=; b=PlvqH+7Ob0GCj91hpMD82FDPMGfgzYdLOABBVV+xp0bdhKwfjoaRIiDUlR5FHGPU878L q9Kj93JhSyNTs4oVsnnNfP31vMjHyEwXu70RptTLq5Oo+ryP/0hHQDEcYW7Y86BMkAvU 0VXUP7zPraYO/XFvl2HPKumgkpKv2LVisdD6wH5riIQQ0AxaSudL6OCV9FgllBbGzGZI dE+FAV9+Qb1Rw+1VuutRKf9YzL8eC7LunPSk+3Fu0o8SWHwyxW067ubzqRQFdmjhW31k 8ujrSts828zX63ZcOmS6ACA7+H3bPsnqscOxx4N0AylGriCZixAntH/F7TdrRfWPuzwv vQ==
Received: from stntexhc11.cis.neustar.com ([156.154.17.216]) by m0049401.ppops.net-0018ba01. with ESMTP id 26crj18snr-1 (version=TLSv1 cipher=ECDHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 03 Nov 2016 09:33:22 -0400
Received: from STNTEXMB10.cis.neustar.com ([169.254.5.94]) by stntexhc11.cis.neustar.com ([::1]) with mapi id 14.03.0279.002; Thu, 3 Nov 2016 09:33:21 -0400
From: "Peterson, Jon" <jon.peterson@neustar.biz>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>, The IESG <iesg@ietf.org>
Thread-Topic: Stephen Farrell's Discuss on draft-ietf-stir-passport-10: (with DISCUSS)
Thread-Index: AQHSNXclsTjBgKo0zEKDTbEMnaFzqKDHQr+A
Date: Thu, 03 Nov 2016 13:33:21 +0000
Message-ID: <D440B467.1C1FCB%jon.peterson@neustar.biz>
References: <147813889365.24118.12619854983152878871.idtracker@ietfa.amsl.com>
In-Reply-To: <147813889365.24118.12619854983152878871.idtracker@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/14.6.3.160329
x-originating-ip: [10.96.12.147]
Content-Type: text/plain; charset="us-ascii"
Content-ID: <13F5EBC2156D5E429572E6D415CD7FF8@neustar.biz>
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:, , definitions=2016-11-03_04:, , signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 impostorscore=0 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1609300000 definitions=main-1611030255
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/vvDPp23-cQ3MIv7Lna03QdrKqv0>
Cc: "stir@ietf.org" <stir@ietf.org>, Robert Sparks <rjsparks@nostrum.com>, "stir-chairs@ietf.org" <stir-chairs@ietf.org>, "draft-ietf-stir-passport@ietf.org" <draft-ietf-stir-passport@ietf.org>
Subject: Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-passport-10: (with DISCUSS)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Nov 2016 13:33:27 -0000
>Deterministic ECDSA (RFC6979) gets rid of a significant weakness >with ECDSA. IIRC when JOSE was done there was a feeling that adding a >MUST or SHOULD for that was tricky due to lack of support in >libraries. When we recently re-checked for COSE, the answer was >that today, it's ok to have that as a MUST or SHOULD. (If some >kind of FIPS-140 stuff precludes a MUST, then a "SHOULD unless >you're sad enough to be stuck having to pay lip lipservice to >FIPS-140" clause might be right. So the DISCUSS point here is: >given the real-world demonstrated weakness inherent in the need >for an RNG in ECDSA why didn't the WG choose to at least RECOMMEND >deterministic ECDSA? (Or better, make it a MUST.) I don't recall that we gave this any prior consideration. Would be fine with me, but I'll defer to some of our more security-focused folks. Jon Peterson Neustar, Inc. >If the answer is: "we thought about it [ref] and decided to not require >deterministic" then I'll clear. But even if the WG did consider it >a couple of years ago, the situation may have changed so a quick >re-think might be worthwhile.
- [stir] Stephen Farrell's Discuss on draft-ietf-st… Stephen Farrell
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Peterson, Jon
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Chris Wendt
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Chris Wendt
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Eric Burger
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Stephen Farrell
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Chris Wendt
- Re: [stir] Stephen Farrell's Discuss on draft-iet… Chris Wendt