Re: [TLS] Drafts for batch signing and PKCS#1 v1.5

Ilari Liusvaara <ilariliusvaara@welho.com> Wed, 31 July 2019 07:35 UTC

Return-Path: <ilariliusvaara@welho.com>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D5341200C5 for <tls@ietfa.amsl.com>; Wed, 31 Jul 2019 00:35:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hl8TCXdj28Ad for <tls@ietfa.amsl.com>; Wed, 31 Jul 2019 00:35:05 -0700 (PDT)
Received: from welho-filter3.welho.com (welho-filter3.welho.com [83.102.41.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E85D31200C1 for <tls@ietf.org>; Wed, 31 Jul 2019 00:35:04 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by welho-filter3.welho.com (Postfix) with ESMTP id 5FF5E1489 for <tls@ietf.org>; Wed, 31 Jul 2019 10:35:02 +0300 (EEST)
X-Virus-Scanned: Debian amavisd-new at pp.htv.fi
Received: from welho-smtp1.welho.com ([IPv6:::ffff:83.102.41.84]) by localhost (welho-filter3.welho.com [::ffff:83.102.41.25]) (amavisd-new, port 10024) with ESMTP id IejIV6b-5jeM for <tls@ietf.org>; Wed, 31 Jul 2019 10:35:01 +0300 (EEST)
Received: from LK-Perkele-VII (87-100-246-37.bb.dnainternet.fi [87.100.246.37]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by welho-smtp1.welho.com (Postfix) with ESMTPSA id B60157A for <tls@ietf.org>; Wed, 31 Jul 2019 10:35:00 +0300 (EEST)
Date: Wed, 31 Jul 2019 10:35:00 +0300
From: Ilari Liusvaara <ilariliusvaara@welho.com>
To: "<tls@ietf.org>" <tls@ietf.org>
Message-ID: <20190731073500.GA10363@LK-Perkele-VII>
References: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <CAF8qwaDxRhGXc522Rf4C-8OcGM4Mm08Xca4KNNpHcT=4Va89aA@mail.gmail.com>
User-Agent: Mutt/1.10.1 (2018-07-13)
Sender: ilariliusvaara@welho.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/tls/_INcDQCy9y-g8oVLkoP5BehrcUI>
Subject: Re: [TLS] Drafts for batch signing and PKCS#1 v1.5
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 31 Jul 2019 07:35:07 -0000

On Mon, Jul 29, 2019 at 08:15:44PM -0400, David Benjamin wrote:
> Hi all,
> 
> I’ve just uploaded a pair of drafts relating to signatures in TLS 1..3.
> https://tools.ietf.org/html/draft-davidben-tls13-pkcs1-00
> https://tools.ietf.org/html/draft-davidben-tls-batch-signing-00
>
> The second describes a batch signing mechanism for TLS using Merkle trees.
> It allows TLS clients and servers to better handle signing load. I think it
> could be beneficial for a number of DoS and remote key scenarios.

Why is the context string same for clients and servers? The base TLS
1.3 signatures use different context strings for client and server.


What is the hash length of SHAKE256 in Ed448_batch? 512 bits (64
octets) required to saturate the collision resistance?


"to a random byte of string of" in section 3.1, should that be
"to a random byte string of"?



-Ilari