IETF Logo Mail Archive

Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-passport-10: (with DISCUSS)

Chris Wendt <chris-ietf@chriswendt.net> Thu, 09 February 2017 22:29 UTC

Return-Path: <chris-ietf@chriswendt.net>
X-Original-To: stir@ietfa.amsl.com
Delivered-To: stir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6FEE51295D5 for <stir@ietfa.amsl.com>; Thu, 9 Feb 2017 14:29:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=chriswendt-net.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Rmv46sh_2ZIe for <stir@ietfa.amsl.com>; Thu, 9 Feb 2017 14:29:57 -0800 (PST)
Received: from mail-qk0-x22a.google.com (mail-qk0-x22a.google.com [IPv6:2607:f8b0:400d:c09::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ADD69129417 for <stir@ietf.org>; Thu, 9 Feb 2017 14:29:56 -0800 (PST)
Received: by mail-qk0-x22a.google.com with SMTP id 11so20579520qkl.3 for <stir@ietf.org>; Thu, 09 Feb 2017 14:29:56 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chriswendt-net.20150623.gappssmtp.com; s=20150623; h=from:message-id:mime-version:subject:date:in-reply-to:cc:to :references; bh=r9Lohx9hV9JrAGpYN1OYnGxBjDPDjDUaMbCtMM+vaeI=; b=bCZ1+peCqWT6U8qEhzSYaybYNQt4/OL+zC0LxbDK084Vaja5qrPHpQPIu8FZziJ5PV W8XuN8BOrO4i/pBx5YUsqy+FTXdPgbEnzkwZsi2tcTp0O5DFsVc4kZXWrfDME2ZixNRo lWIN4ok4/grPkdgJEGx2l+ziLiuyks2TZ4b2KjSXlEkuUjsmihIMTxvNTp5Y2PR2JDXI zBorwK53BhWSl1v3jGwUk2+yz/SS6K4dJi3Q1NpHqPtVisIloNx+fpw8uwqNg1do3Eio pyL0QGh1G3NZHEmCZc30HLejXo7gksb00WRZHj2vSIirzxlvyl397P1Ti4S9RVFPiWw2 NC1g==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:message-id:mime-version:subject:date :in-reply-to:cc:to:references; bh=r9Lohx9hV9JrAGpYN1OYnGxBjDPDjDUaMbCtMM+vaeI=; b=kNGgi4B5R8Kfobr2lMgEIyOzYib8UQGgBL+H9xaK45yfK88LesuYZ5bLARF+eKSKIZ JMWxyryFHbJiIL3JdOGngnW1uePPeM+XiT76TnHC1kLgHUaDIhItPv3Ct6uWkVvxC2PR wooXwtnGYyuxdXT2OtEfzsMIW2dd+HT/d3pyQUDG+1Ctu7rl2jmY4FlRej/uqoEl2RAW wYUnz0rmuYXwwTdHxJMskqidwNEwCsyc90paHdjH0yt9yizjowsQzSWacVwH1n/4iODT c+tgez4Wgdkq4rftvwhDhDFrZVrEwFcEHq4sGGpPYMpMSymgqau+dFkefnzUMVtERemP ApXg==
X-Gm-Message-State: AMke39mnMPYZ1XC/pDcaHUP/xaAGjfAF2wMQY1NGQKKQZtzhD5PwamO9LEsfRwoR4Izcxw==
X-Received: by 10.55.175.196 with SMTP id y187mr6161992qke.126.1486679395812; Thu, 09 Feb 2017 14:29:55 -0800 (PST)
Received: from ?IPv6:2601:41:c102:3d1e:7810:7e70:5f74:5b2b? ([2601:41:c102:3d1e:7810:7e70:5f74:5b2b]) by smtp.gmail.com with ESMTPSA id g32sm10411016qtd.28.2017.02.09.14.29.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Thu, 09 Feb 2017 14:29:55 -0800 (PST)
From: Chris Wendt <chris-ietf@chriswendt.net>
Message-Id: <790651E3-0BA3-4D4E-A474-D93B6E08B2F8@chriswendt.net>
Content-Type: multipart/alternative; boundary="Apple-Mail=_FDE621CF-FCFF-478F-83BF-50AF12CAD495"
Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\))
Date: Thu, 09 Feb 2017 17:29:54 -0500
In-Reply-To: <EB54D313-AFA9-4A0A-ABED-21B60913D55A@chriswendt.net>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
References: <147813889365.24118.12619854983152878871.idtracker@ietfa.amsl.com> <CEF5F03E-023A-4A52-B64E-E336FC2E2977@chriswendt.net> <1E70EB66-4F9A-45FD-BFFE-086435939AC6@standardstrack.com> <78D6C6D9-9782-47FA-8E82-6C6A38C131A2@chriswendt.net> <d5d49cc0-5399-f113-e11b-0662b5d81f23@cs.tcd.ie> <EB54D313-AFA9-4A0A-ABED-21B60913D55A@chriswendt.net>
X-Mailer: Apple Mail (2.3259)
Archived-At: <https://mailarchive.ietf.org/arch/msg/stir/y5eQppCevg9qvvBjodBwdy9leY4>
Cc: IETF STIR Mail List <stir@ietf.org>, The IESG <iesg@ietf.org>
Subject: Re: [stir] Stephen Farrell's Discuss on draft-ietf-stir-passport-10: (with DISCUSS)
X-BeenThere: stir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Secure Telephone Identity Revisited <stir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/stir>, <mailto:stir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/stir/>
List-Post: <mailto:stir@ietf.org>
List-Help: <mailto:stir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/stir>, <mailto:stir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 09 Feb 2017 22:29:58 -0000

Hi Stephen,

I just submitted passport-11 which includes:

“Implementations of PASSporT digital signatures using ES256 as defined above SHOULD use deterministic ECDSA if/when supported for the reasons stated in [RFC6979]."

Inline with what we concluded.  Hopefully this should resolve your concern.

Thanks!

-Chris


> On Nov 7, 2016, at 9:34 AM, Chris Wendt <chris-ietf@chriswendt.net> wrote:
> 
> I’m good with that.
> 
> -Chris
> 
>> On Nov 4, 2016, at 6:45 PM, Stephen Farrell <stephen.farrell@cs.tcd.ie <mailto:stephen.farrell@cs.tcd.ie>> wrote:
>> 
>> 
>> Hiya,
>> 
>> On 04/11/16 19:18, Chris Wendt wrote:
>>> “hobble” is a hugely inappropriate term.
>> 
>> Well, arguably so is "hugely inappropriate" :-)
>> 
>> I'd agree though that hobble is a teeny bit overstated.
>> 
>> I think Eric does have a point though that STIR involves a chunk of
>> new code so the problems aren't as bad as in other situations. I'd
>> also encourage the WG to maybe look some more - as I said in the
>> case of COSE, recent findings were that deterministic ECDSA was
>> available in most crypto libraries now. That might not yet have
>> percolated up to higher level libraries I guess (though last I
>> looked neither had ECDSA, but it's been a while).
>> 
>> Nonetheless that doesn't stop you saying something like:
>> 
>> "Signers SHOULD use deterministic ECDSA if/when supported in their
>> development environment for the reasons stated in [RFC6979]."
>> 
>> As you said, verifiers don't need to care and I think the above
>> is also painless for those writing signing code, but does give
>> better guidance.
>> 
>> Sound reasonable?
>> 
>> Cheers,
>> S.

v2.23.0 | Report a Bug | By Email