[TLS] Updated EdDSA in TLS drafts

Simon Josefsson <simon@josefsson.org> Mon, 08 June 2015 09:52 UTC

Return-Path: <simon@josefsson.org>
X-Original-To: tls@ietfa.amsl.com
Delivered-To: tls@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9D36D1B2E2B for <tls@ietfa.amsl.com>; Mon, 8 Jun 2015 02:52:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.348
X-Spam-Level:
X-Spam-Status: No, score=0.348 tagged_above=-999 required=5 tests=[BAYES_20=-0.001, HELO_EQ_SE=0.35, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rmr7rTQxIJ_4 for <tls@ietfa.amsl.com>; Mon, 8 Jun 2015 02:52:38 -0700 (PDT)
Received: from duva.sjd.se (duva.sjd.se [IPv6:2001:9b0:1:1702::100]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E8821B2E27 for <tls@ietf.org>; Mon, 8 Jun 2015 02:52:38 -0700 (PDT)
Received: from latte.josefsson.org ([155.4.17.3]) (authenticated bits=0) by duva.sjd.se (8.14.4/8.14.4/Debian-4) with ESMTP id t589qOIW028512 (version=TLSv1/SSLv3 cipher=AES128-GCM-SHA256 bits=128 verify=NOT) for <tls@ietf.org>; Mon, 8 Jun 2015 11:52:26 +0200
X-Hashcash: 1:22:150608:tls@ietf.org::oxpY4bfVbJolOq6Z:0xYe
From: Simon Josefsson <simon@josefsson.org>
To: tls@ietf.org
OpenPGP: id=54265E8C; url=http://josefsson.org/54265e8c.txt
Date: Mon, 08 Jun 2015 11:52:23 +0200
Message-ID: <87zj4ah6i0.fsf@latte.josefsson.org>
User-Agent: Gnus/5.130014 (Ma Gnus v0.14) Emacs/24.4 (gnu/linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
X-Virus-Scanned: clamav-milter 0.98.7 at duva.sjd.se
X-Virus-Status: Clean
Archived-At: <http://mailarchive.ietf.org/arch/msg/tls/xoqHw00Sdn5zQNOjBUke-Y_igOY>
Subject: [TLS] Updated EdDSA in TLS drafts
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls/>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Jun 2015 09:52:39 -0000

Hello.

I've updated my EdDSA-in-TLS draft to clarify the choice of
HashAlgorithm that goes together with the EdDSA SignatureAlgorithm,
please see:

https://tools.ietf.org/html/draft-josefsson-tls-eddsa-01

The other feedback I have received is to reuse the existing ECDSA
ciphersuites.  I think this is a good idea, and believe it would likely
work, but it is a fundamentally different approach.  I created another
draft to describe that approach, now published as:

https://tools.ietf.org/html/draft-josefsson-tls-eddsa2-00

Having these two approaches described separately allows us to review
both and decide which is the better approach.

More feedback is appreciated!  Some issues that is not clear to me
includes:

* Is it a good idea to reuse the NamedCurve value for Curve25519 for
  Ed25519 too?

* Similar question for ECPointFormat.  Maybe EdDSA should use a
  different definition here.

For more context, related to the above is a draft describing OIDs for
EdDSA for use in PKIX certificates as public keys and a signature
algorithm:

https://tools.ietf.org/html/draft-josefsson-pkix-eddsa-00

Cheers,
/Simon