Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

XMSS RFC 8391 Update #1858

Open
wants to merge 5 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@mgierlings
Copy link
Contributor

mgierlings commented Mar 15, 2019

Updates XMSS (draft status) to conform to RFC 8391

mgierlings added some commits Mar 3, 2019

Updates XMSS parameters corresponding to RFC 8391
Changes XMSS and XMSS WOTS algorithm names and OIDs to correspond
to RFC 8391.
Adds new test cases
- Replaces XMSS test vectors with new vectors that were
  generated using Bouncy Castle's XMSS implementation.
- Adjusts the XMSS test bench to recognize the new XMSS
  algorithm naming scheme.
XMSS_SHAKE256_W16_H16 = 0x0b00000b,
XMSS_SHAKE256_W16_H20 = 0x0c00000c
XMSS_SHA2_10_256 = 0x00000001,
XMSS_SHA2_16_256 = 0x00000002,

This comment has been minimized.

Copy link
@randombit

randombit Mar 15, 2019

Owner

So the format changed between draft-06 and RFC? :/

Is there any reasonable way we can continue supporting older keys/sigs? It seems this change would invalidate all existing uses.

At the very least we'll also want to use a different OID for keys so it is not possible to mix them.

This comment has been minimized.

Copy link
@mgierlings

mgierlings Mar 15, 2019

Author Contributor

Yes, unfortunately the OID format did change. There exists another, new draft status document of interest regarding XMSS Algorithm Identifiers for HSS and XMSS for Use in the Internet X.509 Public Key Infrastructure. Also somewhere down the road XMSS will likely be assigned an "official" OID. So this may not be the last incompatible change to XMSS we see. There is also a disclaimer in RFC 8391:

This document is not an Internet Standards Track specification; it is
published for informational purposes.

This document is a product of the Internet Research Task Force
(IRTF). The IRTF publishes the results of Internet-related research
and development activities. These results might not be suitable for
deployment. This RFC represents the consensus of the Crypto Forum
Research Group of the Internet Research Task Force (IRTF). Documents
approved for publication by the IRSG are not candidates for any level
of Internet Standard; see Section 2 of RFC 7841.

Information about the current status of this document, any errata,
and how to provide feedback on it may be obtained at
https://www.rfc-editor.org/info/rfc8391.

A possibility to support older formats would be to integrate a key conversion utility into the botan cli.

randombit added a commit that referenced this pull request Mar 15, 2019

@randombit

This comment has been minimized.

Copy link
Owner

randombit commented Mar 15, 2019

I sent out a warning letting anyone who is actively using current draft-06 support to let us know https://lists.randombit.net/pipermail/botan-devel/2019-March/002278.html and added a warning to the 2.10 release notes. If we don't hear from anyone by say May 1st, I say go ahead and merge this.

In the mean time we should still work to minimize disturbance:

  • Increase XMSS datestamp in info.txt
  • Change to a new OID arc (update also doc/oids.txt)
  • Maybe even change BOTAN_HAS_XMSS to BOTAN_HAS_XMSS_RFC8391?

@securitykernel securitykernel referenced this pull request Mar 25, 2019

Open

Update XMSS OIDs #482

@randombit

This comment has been minimized.

Copy link
Owner

randombit commented Apr 7, 2019

Haven't heard from anyone about this so likely this is good to merge, but lets wait until end of the month just to be sure.

@randombit randombit referenced this pull request Apr 7, 2019

Open

2.11.0 Release #1882

2 of 10 tasks complete
@randombit

This comment has been minimized.

Copy link
Owner

randombit commented Apr 19, 2019

@mgierlings Can you rebase to address the merge conflict?

@mgierlings

This comment has been minimized.

Copy link
Contributor Author

mgierlings commented Apr 19, 2019

@randombit Will do. I also have another update to this PR in the pipeline, which I'll push soon.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.