Re: [TLS] Ecdsa-sig-value in TLS 1.3 – need for erratum?

[Eric Rescorla <ekr@rtfm.com>]

On Tue, Oct 1, 2019 at 5:27 AM John Mattsson <john.mattsson=
40ericsson.com@dmarc.ietf.org> wrote:

> Dan Brown <danibrown@blackberry.com> wrote:
>
> > ANSI X9.62-2005 was withdrawn in 2015
>
> Ok, that TLS 1.3 is relying on a withdrawn publication that used to be
> behind a paywall is even worse.
>

Ugh.



> > Also, I expect FIPS 186-5 is nearly ready, and will specify much of
> ECDSA
>
> That NIST FIPS 186-5 will include all the details needed to implement
> ECDSA is great.
>
> >IETF has specs for sigs and their formats already, no?
>
> At the time when RFC 8446 was published, there was probably no quick and
> easy solution to the problem. But the fact that IETF has historically been
> fine with relying on specifications behind paywalls is part of the problem.
> If IETF had implemented a strong open-access policy a long-time ago, there
> would probably be an open-access version of ECDSA (NIST or IETF) a long
> time ago..
>

I agree with you about the policy here. To be honest, I just didn't notice
this; and it would probably need some github spelunking to figure out the
history of these references.

If someone wanted to propose an erratum that would fix this, I would be
very appreciative.

-Ekr


> Cheers,
> John
>
> -----Original Message-----
> From: Dan Brown <danibrown@blackberry.com>
> Date: Tuesday, 1 October 2019 at 12:47
> To: John Mattsson <john.mattsson@ericsson.com>, Peter Gutmann <
> pgut001@cs.auckland.ac.nz>, Hubert Kario <hkario@redhat.com>, "
> TLS@ietf.org" <TLS@ietf.org>
> Subject: Re: [TLS]  Ecdsa-sig-value in TLS 1.3 – need for erratum?
>
>     Re ECDSA specs and paywells:
>     ANSI X9.62-2005 was withdrawn in 2015, expiring automatically after 10
> years, despite my weak effort.
>     A revival, ANSI X9.142, with almost the same content is under way,
> though even its fate is unsure.
>     Also, I expect FIPS 186-5 is nearly ready, and will specify much of
> ECDSA and EdDSA (not ASN.1?), which many may like (even better than ANSI).
>     Meanwhile, SEC1, versions 1.0 and 2.0, are available, fortunately or
> not, despite my weak effort.
>     IETF has specs for sigs and their formats already, no?
>     Then there's ISO, IEEE, ...
>
>
>       Original Message
>     From: John Mattsson
>     Sent: Tuesday, October 1, 2019 5:25 AM
>     To: Peter Gutmann; Hubert Kario; TLS@ietf.org
>     Subject: Re: [TLS] Ecdsa-sig-value in TLS 1.3 – need for erratum?
>
>     Hubert Kario <hkario@redhat.com> wrote:
>
>     > Now, I don't have access to X9.62-2005, but there's a possibility of
> confusion.
>
>     I think references to specifications behind paywalls and other types
> of limited access is a major problem. Not only for the standardization
> process, but also for researchers and implementors. In general, I think
> people should be able to implement and analyze IETF standards without
> having to pay for access.
>
>     Open-access is even more important for security specifications. ANSI
> X.62 is hopefully quite well-studied, but for other references, the lack of
> analysis often leads to mistakes and unknown weaknesses.
>
>     I would like the IETF to take a much stronger stance against normative
> references to paywalls.
>
>     Cheers,
>     John
>
>     _______________________________________________
>     TLS mailing list
>     TLS@ietf.org
>
> https://protect2.fireeye.com/url?k=749c6dba-280e60e6-749c2d21-0cc47ad93d46-3da924ab2cfe57e8&q=1&u=https%3A%2F%2Furldefense.proofpoint.com%2Fv2%2Furl%3Fu%3Dhttps-3A__www.ietf.org_mailman_listinfo_tls%26d%3DDwICAg%26c%3DyzoHOc_ZK-sxl-kfGNSEvlJYanssXN3q-lhj0sp26wE%26r%3DqkpbVDRj7zlSRVql-UonsW647lYqnsrbXizKI6MgkEw%26m%3DA-9JTBh7dU_hCbOrrx-iACEmGPbjipnEohllYGLju6I%26s%3Dp2p9Y_hh-jb_qBNaNqTbSTYE2tAuJo-BaKDbemFVLxU%26e%3D
>
>
> _______________________________________________
> TLS mailing list
> TLS@ietf.org
> https://www.ietf.org/mailman/listinfo/tls
>