Re: [TLS] Require deterministic ECDSA
Michael StJohns <msj@nthpermutation.com> Sun, 24 January 2016 00:47 UTC
Return-Path: <msj@nthpermutation.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA97E1B2CDD for <tls@ietfa.amsl.com>; Sat, 23 Jan 2016 16:47:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id JnJec0n2rD0l for <tls@ietfa.amsl.com>; Sat, 23 Jan 2016 16:47:08 -0800 (PST)
Received: from mail-qg0-x231.google.com (mail-qg0-x231.google.com [IPv6:2607:f8b0:400d:c04::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 680E01B2CDC for <tls@ietf.org>; Sat, 23 Jan 2016 16:47:08 -0800 (PST)
Received: by mail-qg0-x231.google.com with SMTP id e32so85670549qgf.3 for <tls@ietf.org>; Sat, 23 Jan 2016 16:47:08 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=nthpermutation-com.20150623.gappssmtp.com; s=20150623; h=subject:to:references:from:message-id:date:user-agent:mime-version :in-reply-to:content-type:content-transfer-encoding; bh=b6nTPYB2J078vUBP0TiVxm//DsjAHA80HXuQBHEPkCo=; b=Wt17L1p6GY4D58ckSvDZSwlDPuupUgdoZHIpMsNdLZuwTSsKE5LNuf6G2iFclj3G78 lAqg/QbMInkntkh+//tqKWDg+Kc1uyatj/W7vrkkp4xrbvr1GoocjHho2X1mcmzHXsYI QEgHETqXJhYBVy1rfs9IaEDpHKaqxnwDVyKAfiG0bRTxn6MGYTPPiejJxBc9uhq+6IJc +J1UzbFzcHtkBM8pz6pi1ovzlgqoQKctPpbuYAJrYPC8OymG5UpdjRaw92jS8R/YaxWb yeJR+xbWcmRqEASDhRRmYk/VJGb5XraC+yw8SZTTQ9JMzb5TT0niphKxUgGWXFbvdBeF a2yA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:subject:to:references:from:message-id:date :user-agent:mime-version:in-reply-to:content-type :content-transfer-encoding; bh=b6nTPYB2J078vUBP0TiVxm//DsjAHA80HXuQBHEPkCo=; b=PlZ2o0kc1HW8qfoSfXHxhwP41ud5bXjU3j3Bv2ufw2BaXQwdPIngrUaCGafP+rPRL+ aiSIFszvYNLHCID34UBaSgqFVcccNaNtSBltqnbFOgoIwQ4kW9ry+RmYQ7eMiIiXaynv n2CcQjwxuRmmzFU+ubbxk5tQxqWmb6VAX81SmpAWfGrcN7oA+0nosnfvtEkUhY8ILnV6 YrFK29dIDYP0YqW1tfOTYiA/U0/xyYVJ1IKh3qXVOkZruQF7xfrejKvjmEWRk5Urx8Mc C9fwKC3BfSL3Mdu10k1fpTENqd/52rpW47aNPbQTCjr4kGd4ZLn2noj+/McBge4OYSJ/ sATg==
X-Gm-Message-State: AG10YOShYoKANouYUEY0SHXL30Mia2Nbfd+ikaok72FhUla5Uz+QNUr4QDpd826ORAhWWA==
X-Received: by 10.140.95.119 with SMTP id h110mr13023942qge.105.1453596427623; Sat, 23 Jan 2016 16:47:07 -0800 (PST)
Received: from ?IPv6:2601:148:c000:1bb4:8579:2304:499a:677a? ([2601:148:c000:1bb4:8579:2304:499a:677a]) by smtp.gmail.com with ESMTPSA id z138sm5897407qhb.7.2016.01.23.16.47.06 for <tls@ietf.org> (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 23 Jan 2016 16:47:06 -0800 (PST)
To: tls@ietf.org
References: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com>
From: Michael StJohns <msj@nthpermutation.com>
Message-ID: <56A41F0F.70609@nthpermutation.com>
Date: Sat, 23 Jan 2016 19:47:11 -0500
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1
MIME-Version: 1.0
In-Reply-To: <CACaGAp=-xJZN=L3av+DX_WQcki_k=L-_tc5dZnJNtM=M0W8MnQ@mail.gmail.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/7rgp4YcADI6D3BcbUhgID6f9yfQ>
Subject: Re: [TLS] Require deterministic ECDSA
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 24 Jan 2016 00:47:10 -0000
On 1/23/2016 2:13 PM, Joseph Birr-Pixton wrote: > Hi, > > I'd like to propose that TLS1.3 mandates RFC6979 deterministic ECDSA. > > For discussion, here's a pull request with possible language: > > https://github.com/tlswg/tls13-spec/pull/406 > > Cheers, > Joe > > _______________________________________________ > TLS mailing list > TLS@ietf.org > https://www.ietf.org/mailman/listinfo/tls > Correct me if I'm wrong but: 1) A receiver of an deterministic ECDSA signature verifies it EXACTLY like they would a non-deterministic signature. 2) A receiver of an ECDSA signature cannot determine whether or not the signer did a deterministic signature. 3) A TLS implementation has no way (absent repeating signatures over identical data) of telling whether or not a given signature using the client or server private key is deterministic. All that suggests that this is a completely unenforceable requirement with respect to TLS. The above is a long way of saying that this is a WG overreach on internal security module behavior that is not central, cognizable or identifiable to a TLS implementation. I'd instead recommend you approach the CFRG and offer a internet draft with a target of BCP on the general topic of ECDSA rather than specific guidance for TLS. Mike
- [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Geoffrey Keating
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Brian Smith
- Re: [TLS] Require deterministic ECDSA Dave Garrett
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Filippo Valsorda
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Michael StJohns
- [TLS] Fwd: Re: Require deterministic ECDSA Michael StJohns
- Re: [TLS] Require deterministic ECDSA Hubert Kario
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Adam Langley
- Re: [TLS] Require deterministic ECDSA Yoav Nir
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Daniel Kahn Gillmor
- Re: [TLS] Require deterministic ECDSA Joseph Birr-Pixton
- Re: [TLS] Require deterministic ECDSA Watson Ladd
- Re: [TLS] Require deterministic ECDSA Salz, Rich
- Re: [TLS] Require deterministic ECDSA Jacob Maskiewicz
- Re: [TLS] Require deterministic ECDSA Bill Cox
- Re: [TLS] Require deterministic ECDSA Michael StJohns