IETF Logo Mail Archive

Re: [Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt

Yaron Sheffer <yaronf.ietf@gmail.com> Mon, 07 February 2022 14:25 UTC

Return-Path: <yaronf.ietf@gmail.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1AFF33A07FE for <uta@ietfa.amsl.com>; Mon, 7 Feb 2022 06:25:57 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ondYm6R_oyH2 for <uta@ietfa.amsl.com>; Mon, 7 Feb 2022 06:25:53 -0800 (PST)
Received: from mail-wm1-x32e.google.com (mail-wm1-x32e.google.com [IPv6:2a00:1450:4864:20::32e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7408D3A07DE for <uta@ietf.org>; Mon, 7 Feb 2022 06:25:53 -0800 (PST)
Received: by mail-wm1-x32e.google.com with SMTP id m126-20020a1ca384000000b0037bb8e379feso3335755wme.5 for <uta@ietf.org>; Mon, 07 Feb 2022 06:25:53 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=user-agent:date:subject:from:to:message-id:thread-topic:references :in-reply-to:mime-version:content-transfer-encoding; bh=aTRpB/Wi0U0UlPoE0tAv5UI/Xj53O697SwFJ44EIOV0=; b=CP7OXJ2d+8ords3lsMT5fsFzLIGj1u2BZk6J9RXiZdVt0QI11olMvbCXvCRFzUQrQZ gRYdkIUsSMW+m00zFIgotIOwIi5ENQ5HmCw/glk0cgDai52mxHEwNu8sZZ6kxTRvtwjN mOS8Ii/qFvfpyvZVH8JsO5a5OBY6q8Sq6L1pVwwnpH6Dnm/n8YPGjHO0YDmrX455N7X3 Liwog3hwycp0wao09hHA1nNCHGBBQwMo1I/lqWiu0iVPaA0+1Nh6doVfj5BS24izEibK CXVh67ruecWs5pOKLlXMwnPfgn5psfKX9KKiy31hq/wss9j7o0tbdhZChFitO1Kw8tb7 jFEA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:user-agent:date:subject:from:to:message-id :thread-topic:references:in-reply-to:mime-version :content-transfer-encoding; bh=aTRpB/Wi0U0UlPoE0tAv5UI/Xj53O697SwFJ44EIOV0=; b=BZb1dvwdOO4IYGgG5eCn0WBosY1mm8MGezJIqn3nggTJs9hRvz3TrU/gm0gpDKGdL3 /tnonNNfDbA1MHUZhl9DLv9+ekeL/JynsT2lpBIzK0Elf88bnMPkMR1wizAmpKO39T42 VDiedJsFuf5mGmC7unylwKuvC4ZBwmjfTBs35qAPTOo9TzHK5eLKm8P6feGE/0FHGuTf 8mWgEDr0FaWNL8yoHSjJy9jYbGeukIFxScXo1R6UyVXsN4o7VLxRmAQD6DOPIefWJPMw eFeYv3qz842TZyLFunqVTB2ME0vbl1xpZc3JmuJjwo2iWrWAIeH1JnmQR6jQaZgj+E9c wfuA==
X-Gm-Message-State: AOAM531LaoFncXJULtXAbZjySRz8wIweCCvlftEv9e02r4O4HtSJAOwO ln3Ir0Zh2p6rreWKTOPE8FM=
X-Google-Smtp-Source: ABdhPJxW0syIJwmbnaZZ+9eQRBoLRw7yCzP6wp3KZwf4taAOvO6G2SkleJnlOw/6WYOkVyLvGQ3eog==
X-Received: by 2002:a05:600c:1914:: with SMTP id j20mr14900567wmq.51.1644243949473; Mon, 07 Feb 2022 06:25:49 -0800 (PST)
Received: from [10.0.9.62] ([185.223.0.126]) by smtp.gmail.com with ESMTPSA id o10sm4383431wrq.63.2022.02.07.06.25.48 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 07 Feb 2022 06:25:49 -0800 (PST)
User-Agent: Microsoft-MacOutlook/16.57.22011101
Date: Mon, 07 Feb 2022 16:25:47 +0200
From: Yaron Sheffer <yaronf.ietf@gmail.com>
To: Valery Smyslov <smyslov.ietf@gmail.com>, "'Salz, Rich'" <rsalz@akamai.com>, uta@ietf.org
Message-ID: <DDFA304D-1A4E-4728-93B7-BC55A1A861AB@gmail.com>
Thread-Topic: [Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt
References: <C715D231-02EF-4062-AE7B-328B62532584@akamai.com> <899B58F3-FFD7-4C82-B45A-70E856113A8D@gmail.com> <167601d81bf8$22aca9d0$6805fd70$@gmail.com>
In-Reply-To: <167601d81bf8$22aca9d0$6805fd70$@gmail.com>
Mime-version: 1.0
Content-type: text/plain; charset="UTF-8"
Content-transfer-encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/JWAZd2NqDs4zix8Y1iYbH47_MDM>
Subject: Re: [Uta] FW: New Version Notification for draft-ietf-uta-rfc7525bis-05.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Feb 2022 14:25:57 -0000

    Hi Yaron,

    [snipped]

    >     Do you want to say anything about EdDSA and the kerfuffle going on in cfrg@ mailing list right now?  No is a
    > good, and probably sane, answer.
    > 
    > No. We discussed it briefly and although we added 25519 for the ECDH key exchange, we are not
    > recommending (or even discussing) the use of EdDSA for signatures or certs. So there's nowhere to even
    > include such a comment.

    The discussion in CFRG was not about EdDSA specifically, but about fault attacks on other deterministic signature
    schemes, including deterministic ECDSA. The draft currently recommends using deterministic ECDSA (as specified in RFC6979) 
    over the classic one, so we seem to explicitly recommend what cryptographers express concerns of.

    On the other hand, it seems to me that "fault attacks" are outside Dolev-Yao model, so I'm not sure
    how relevant their concerns are in the context of the draft.

    Regards,
    Valery.

Hi Valery,

You are right about det-ECDSA and this is a very good question. IMO some side-channel attacks are relevant to the generic Internet model and some are not (even if all of them are outside the Dolev-Yao model). Timing oracle attacks can be initiated remotely and therefore are addressed by mechanisms that we recommend in RFC 7525. OTOH fault attacks have much more limited applicability and so we don't discuss them.

Thanks,
	Yaron

v2.23.0 | Report a Bug | By Email