IETF Logo Mail Archive

Re: [Suit] Fwd: New Version Notification for draft-housley-suit-cose-hash-sig-03.txt

Tony Putman <Tony.Putman@dyson.com> Mon, 02 July 2018 09:53 UTC

Return-Path: <prvs=714a61a26=Tony.Putman@dyson.com>
X-Original-To: suit@ietfa.amsl.com
Delivered-To: suit@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3EEA130F6A for <suit@ietfa.amsl.com>; Mon, 2 Jul 2018 02:53:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.6
X-Spam-Level:
X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uLtHsPhTjkbR for <suit@ietfa.amsl.com>; Mon, 2 Jul 2018 02:53:47 -0700 (PDT)
Received: from esa1.dyson.c3s2.iphmx.com (esa1.dyson.c3s2.iphmx.com [68.232.133.31]) (using TLSv1.2 with cipher RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3CE16130FE1 for <suit@ietf.org>; Mon, 2 Jul 2018 02:53:47 -0700 (PDT)
X-IronPort-SPF: SKIP
X-IronPort-AV: E=McAfee;i="5900,7806,8941"; a="40736631"
X-IronPort-AV: E=Sophos; i="5.51,298,1526338800"; d="scan'208,217"; a="40736631"
Received: from unknown (HELO uk-dlp-smtp-02.dyson.global.corp) ([62.189.202.16]) by esa1.dyson.c3s2.iphmx.com with ESMTP; 02 Jul 2018 11:01:56 +0100
Received: from uk-dlp-smtp-02.dyson.global.corp (uk-dlp-smtp-02.dyson.global.corp [127.0.0.1]) by uk-dlp-smtp-02.dyson.global.corp (Service) with ESMTP id 71C7394711; Mon, 2 Jul 2018 08:31:34 +0000 (GMT)
Received: from UK-MAL-CAS-01.dyson.global.corp (unknown [10.1.108.2]) by uk-dlp-smtp-02.dyson.global.corp (Service) with ESMTP id 59BA094702; Mon, 2 Jul 2018 08:31:34 +0000 (GMT)
Received: from UK-MAL-OWA-02.dyson.global.corp (10.1.108.7) by UK-MAL-CAS-01.dyson.global.corp (10.1.108.2) with Microsoft SMTP Server (TLS) id 14.3.319.2; Mon, 2 Jul 2018 10:53:43 +0100
Received: from UK-MAL-MBOX-01.dyson.global.corp ([fe80::3975:cbc9:490b:523a]) by UK-MAL-OWA-02.dyson.global.corp ([fe80::f9b6:1719:a6d9:1eca%10]) with mapi id 14.03.0319.002; Mon, 2 Jul 2018 10:53:43 +0100
From: Tony Putman <Tony.Putman@dyson.com>
To: Russ Housley <housley@vigilsec.com>
CC: suit <suit@ietf.org>
Thread-Topic: [Suit] Fwd: New Version Notification for draft-housley-suit-cose-hash-sig-03.txt
Thread-Index: AQHUEWzL4YFl7eL2YE+FR60dtiJF9aR7p6wg
Date: Mon, 02 Jul 2018 09:53:42 +0000
Message-ID: <140080C241BAA1419B58F093108F9EDC1E3CD29B@UK-MAL-MBOX-01.dyson.global.corp>
References: <153046889224.27492.15820564704742618394.idtracker@ietfa.amsl.com> <BA07CDB6-CF77-4D68-9B00-601B69380085@vigilsec.com>
In-Reply-To: <BA07CDB6-CF77-4D68-9B00-601B69380085@vigilsec.com>
Accept-Language: en-GB, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.1.108.27]
Content-Type: multipart/alternative; boundary="_000_140080C241BAA1419B58F093108F9EDC1E3CD29BUKMALMBOX01dyso_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/suit/gIf8O-3iLE6OpxX7ZFpC0LQ83LA>
Subject: Re: [Suit] Fwd: New Version Notification for draft-housley-suit-cose-hash-sig-03.txt
X-BeenThere: suit@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: Software Updates for Internet of Things <suit.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/suit>, <mailto:suit-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/suit/>
List-Post: <mailto:suit@ietf.org>
List-Help: <mailto:suit-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/suit>, <mailto:suit-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 02 Jul 2018 09:53:58 -0000

Russ,

Thanks for the new version of the draft. It addresses all my comments fully except for the question of 'kid'. The point that I was trying to make there was the LMS public key (unlike other public keys) has a well-defined identity, called 'I' in [HASHSIG]. I agree that you can't be prescriptive about this, but I suggest strengthening your new bullet point at the end of section 4 to:
 "If the 'kid' field is present, then it MAY contain the identity of the public key (called 'I' in [HASHSIG])."

The situation that I'm thinking of here is one where the IoT device has more than one HSS/LMS public key as trust anchor. Because public key parameters 'I' and 'q' are integral parts of the verification steps, the device may have to attempt verification multiple times and anything which can improve the chances of picking the right public key first time saves computation (energy).

Tony


Dyson Technology Limited, company number 01959090, Tetbury Hill, Malmesbury, SN16 0RP, UK.
This message is intended solely for the addressee and may contain confidential information. If you have received this message in error, please immediately and permanently delete it, and do not use, copy or disclose the information contained in this message or in any attachment.
Dyson may monitor email traffic data and content for security & training.

v2.45.0 | Report a Bug | By Email | System Status