IETF Logo Mail Archive

Re: [TLS] Merkle Tree Certificates

Bas Westerbaan <bas@cloudflare.com> Tue, 06 June 2023 11:28 UTC

Return-Path: <bas@cloudflare.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5321C16950B for <tls@ietfa.amsl.com>; Tue, 6 Jun 2023 04:28:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cloudflare.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tnIRohHTEysg for <tls@ietfa.amsl.com>; Tue, 6 Jun 2023 04:28:30 -0700 (PDT)
Received: from mail-yw1-x112f.google.com (mail-yw1-x112f.google.com [IPv6:2607:f8b0:4864:20::112f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 08288C15154C for <tls@ietf.org>; Tue, 6 Jun 2023 04:28:29 -0700 (PDT)
Received: by mail-yw1-x112f.google.com with SMTP id 00721157ae682-565f1145dc8so64979957b3.1 for <tls@ietf.org>; Tue, 06 Jun 2023 04:28:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudflare.com; s=google; t=1686050909; x=1688642909; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=H3/iA7CTm3klu5sS0EaQj0dsdYpYtv4LVh8lcd6VgqM=; b=xXXt0sH5yKil/P/uRJL2p4Im/bjevh/dVKdDm7GZcBvP2Coy0szx+uxQ+6JaUK0EUa yIcAa+TpPTPWsmxt+E2Hl/UBgCF0hcNYB3NEfTG6tuxG0HZ7zjCUuBYWHBDmX39OujIf ipdLJVHXPXvSZ8QnZsNeZfknPD+Emi/S2Tyn4=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1686050909; x=1688642909; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=H3/iA7CTm3klu5sS0EaQj0dsdYpYtv4LVh8lcd6VgqM=; b=S0PV+1WJFdImb8OyjQCr4fvdHW2MH4cuaalozH8+rh055AzPcGvhTOvSZILVua/0Fo JgWkakZSVg9cIe0k/z+9ER9rM0EPJPTA9mUaVimAvAD8YJ1OWgOKHO5cmYdRuPFh4uh5 ayEaKuyabZaTvwFiibPZ4UkBHQLpkHPqmdZl6QUdKxTEwQ6RHq/ybJ42teGq0FfhCPSe aCfh6FtI+0K6o31R3/EJ2Gi5e95PRfZpNhiNPNkonqzAMfoyHbXkcXbXbdSXGSESS5/J ZPvB4HqB/Mn0i5SkyjNIVPZ3j01psxbTl6AuXacFslYnqsAm3m0WscwWesrxLTnm1N9V qxqg==
X-Gm-Message-State: AC+VfDxCNU1/Zz19r6Njjm8thopkIRWCtvEuUBNaLxTpUJyVQzQuaNDj iwvHpqivmfSHbHucOt1F1mnrkOszutpYmmKraSaRcg==
X-Google-Smtp-Source: ACHHUZ61ydjQaSNu/mituV2op6kvuM0PwjtY14CwtmR1Vb850g2XAypWWXVcXIFTAcUxE8HcICsWtfvoZMrfSELlgL4=
X-Received: by 2002:a0d:ca81:0:b0:561:afdd:3830 with SMTP id m123-20020a0dca81000000b00561afdd3830mr1786161ywd.26.1686050909064; Tue, 06 Jun 2023 04:28:29 -0700 (PDT)
MIME-Version: 1.0
References: <167848430887.5487.1347334366320377305@ietfa.amsl.com> <CAF8qwaD9x5v1uU6mLtnUAGMnBW881ZE0ymK8rsQzrV2hfj7yHA@mail.gmail.com> <ZBsxgM/cv+vuBPEj@LK-Perkele-VII2.locald> <CAF8qwaDVmxAZXfCk8Q4n=PSpZn=FbZuBLJZx_zem64wOYNmwHg@mail.gmail.com> <ZH7mrdGzq/Za4Ypm@LK-Perkele-VII2.locald>
In-Reply-To: <ZH7mrdGzq/Za4Ypm@LK-Perkele-VII2.locald>
From: Bas Westerbaan <bas@cloudflare.com>
Date: Tue, 06 Jun 2023 13:28:17 +0200
Message-ID: <CAMjbhoXUyunZFh1u2WQvF-KQ31FnN01w9BxNW2KT5c62iEQdOg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000082b67b05fd7451ef"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/6uaUXElVbEOsLunrLWkbAgc5zqo>
Subject: Re: [TLS] Merkle Tree Certificates
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 06 Jun 2023 11:28:33 -0000

> > Thanks! That’s indeed inconsistent, we’ll fix it.
> > https://github.com/davidben/merkle-tree-certs/issues/32
>
> Hmm... Looking at that construct, why is the pad there?


We pad to the hash block size. When computing the full Merkle tree, or
verifying an authentication path, the values before the pad are the same,
and thus we can precompute the hash state after digesting those fixed
values.

(With the current inputs and sha256, it will only make a difference for
HashAssertion though.)


> And there does not seem to be any way to salt the hash. WebPKI requires
> what effectively amounts to salting the hash via serial number (even
> for SHA-256).
>

Please elaborate.

Best,

 Bas

v2.23.0 | Report a Bug | By Email