Re: [TLS] Drafts for batch signing and PKCS#1 v1.5
David Benjamin <davidben@chromium.org> Wed, 31 July 2019 17:17 UTC
Return-Path: <davidben@google.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA9661203D6 for <tls@ietfa.amsl.com>; Wed, 31 Jul 2019 10:17:21 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.251
X-Spam-Level:
X-Spam-Status: No, score=-9.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.249, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=chromium.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GTJy_4lQiBmm for <tls@ietfa.amsl.com>; Wed, 31 Jul 2019 10:17:20 -0700 (PDT)
Received: from mail-qt1-x82a.google.com (mail-qt1-x82a.google.com [IPv6:2607:f8b0:4864:20::82a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 52CBE12034D for <tls@ietf.org>; Wed, 31 Jul 2019 10:17:20 -0700 (PDT)
Received: by mail-qt1-x82a.google.com with SMTP id w17so23035496qto.10 for <tls@ietf.org>; Wed, 31 Jul 2019 10:17:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=chromium.org; s=google; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=9JZ5SSliMNoKR8O20HmcQGR3cCirrI9uUW4E6RY8KQc=; b=Viwwq5VLJz6kKGcDS/GI5iUz5OxP0un5vg21sgRs+an7kmceNpLCp9zldiSFesRuFQ kU1q//qM3oK9YRISRV7TEIzbfKiPDJkxt4k91jhmYRctsYgu8zkLMOdAxatYyDOwY0YC F54CZw9uXJNycNu2KNP5s220Em9SQq9WvLs1I=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=9JZ5SSliMNoKR8O20HmcQGR3cCirrI9uUW4E6RY8KQc=; b=Mj1cUzl2s1SzfpgnKWJn334caJx1zKfAWPMFDUPRx1N+2CgXBXg/a/WUvAEPz88yRR Pvj/35JGD2c+tMsDA8cOcrjhzWcpGfAbFLHRhgEMAm3ViKKqMVw7AFb+BvkXUEBlUfKE +fiOeM/3zuAyyybdLFZVg82qc66fLrvBjmOfsWbFi+RRLQDMOeQM3rVSj0WG8k0mL1Pm CmEcD7C5cIbbsInHqo0wBliZqC/91V/fAb4u3w2pXYNYHZIu0dlAWFBGjvb0zYISVS9K 9eKSFugCh8U+Rz94jXZxYTjWIl2OcugWzG6JEWtSXerVXDDO4eZgGVt9BwNbeMPT+owU UUdw==
X-Gm-Message-State: APjAAAWRaQ1sWxHiTEp5th+Cu4skmeock/XObxMbB7xtZxCwrscBfwmP /a3vefTBOd729FUNdM4nOogMu21oAjiS7wpgfV3x
X-Google-Smtp-Source: APXvYqze4Uh9JwKegOuCd8S4vFKQpYUP6J+/24Hk3PIj3efYagMhz60bWu7ztYLiHmMq1yHF7522kRsqgo4enzm4hZQ=
X-Received: by 2002:a0c:b786:: with SMTP id l6mr89112899qve.148.1564593439210; Wed, 31 Jul 2019 10:17:19 -0700 (PDT)
MIME-Version: 1.0
References: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com> <20190731073500.GA10363@LK-Perkele-VII>
In-Reply-To: <20190731073500.GA10363@LK-Perkele-VII>
From: David Benjamin <davidben@chromium.org>
Date: Wed, 31 Jul 2019 13:17:03 -0400
Message-ID: <CAF8qwaBkyDpA9dONzLD0uzFYo1DViO=f7hDf6paEDh6951aJsQ@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: "<tls@ietf.org>" <tls@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000029e3ad058efd4c2f"
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/ShhzJQH9ndsJ2MFZr-36l-lkmKM>
Subject: Re: [TLS] Drafts for batch signing and PKCS#1 v1.5
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 17:17:22 -0000
On Wed, Jul 31, 2019 at 3:35 AM Ilari Liusvaara <ilariliusvaara@welho.com> wrote: > On Mon, Jul 29, 2019 at 08:15:44PM -0400, David Benjamin wrote: > > Hi all, > > > > I’ve just uploaded a pair of drafts relating to signatures in TLS 1..3. > > https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00 > > https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00 > > > > The second describes a batch signing mechanism for TLS using Merkle > trees. > > It allows TLS clients and servers to better handle signing load. I think > it > > could be beneficial for a number of DoS and remote key scenarios. > > Why is the context string same for clients and servers? The base TLS > 1.3 signatures use different context strings for client and server. > I don't think it's necessary here. The existing separation between client and server in the base TLS 1.3 signatures is preserved here because the input messages include their respective context strings. And if we do TLS 1.4 with its own context string, that'll get picked up too. > What is the hash length of SHAKE256 in Ed448_batch? 512 bits (64 > octets) required to saturate the collision resistance? > Ah, right. Yeah, let's say 512 bits / 64 bytes. I'll incorporate that into the next version of the draft. > "to a random byte of string of" in section 3.1, should that be > "to a random byte string of"? > Oops, thanks! Fixed in local copy. David
- [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Ben Schwartz
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Martin Thomson
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Andrey Jivsov
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Ilari Liusvaara
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Thom Wiggers
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Ben Schwartz
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 Ben Schwartz
- Re: [TLS] Drafts for batch signing and PKCS#1 v1.5 David Benjamin