Skip to main content

Use of the Walnut Digital Signature Algorithm with CBOR Object Signing and Encryption (COSE)
draft-atkins-suit-cose-walnutdsa-07

Revision differences

Document history

Date Rev. By Action
2021-05-20
07 (System) RFC Editor state changed to AUTH48-DONE from AUTH48
2021-05-03
07 (System) RFC Editor state changed to AUTH48
2021-03-08
07 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2021-03-08
07 (System) RFC Editor state changed to RFC-EDITOR from IANA
2021-03-08
07 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2021-03-08
07 (System) IANA Action state changed to In Progress from Waiting on Authors
2021-03-04
07 (System) IANA Action state changed to Waiting on Authors from In Progress
2021-03-04
07 (System) IANA Action state changed to In Progress from On Hold
2021-03-03
07 (System) RFC Editor state changed to IANA from EDIT
2021-02-16
07 (System) IANA Action state changed to On Hold from In Progress
2021-02-16
07 (System) RFC Editor state changed to EDIT
2021-02-16
07 (System) IANA Action state changed to In Progress
2021-02-16
07 Adrian Farrel ISE state changed to Sent to the RFC Editor from In IESG Review
2021-02-16
07 Adrian Farrel Sent request for publication to the RFC Editor
2021-02-16
07 Adrian Farrel Tag IESG Review Completed set.
2021-01-26
07 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-07.txt
2021-01-26
07 (System) New version approved
2021-01-26
07 (System) Request for posting confirmation emailed to previous authors: Derek Atkins
2021-01-26
07 Derek Atkins Uploaded new revision
2020-11-17
06 (System) IANA Review state changed to Version Changed - Review Needed from IANA OK - Actions Needed
2020-11-17
06 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-06.txt
2020-11-17
06 (System) New version approved
2020-11-17
06 (System) Request for posting confirmation emailed to previous authors: Derek Atkins
2020-11-17
06 Derek Atkins Uploaded new revision
2020-08-31
05 Adrian Farrel Changed document external resources from:

['mailing_list_archive https://mailarchive.ietf.org/arch/msg/mpls/jGlcQAYdKaiW7xbmrN36bcqeqm0/ (IPR poll)']

to:

2020-08-31
05 Adrian Farrel Changed document external resources from:

[]

to:

mailing_list_archive https://mailarchive.ietf.org/arch/msg/mpls/jGlcQAYdKaiW7xbmrN36bcqeqm0/ (IPR poll)
2020-08-12
05 Amanda Baber IANA Experts State changed to Expert Reviews OK
2020-08-12
05 Amanda Baber IANA Review state changed to IANA OK - Actions Needed
2020-08-12
05 Amanda Baber
(Via drafts-eval@iana.org): IESG/Authors/ISE:

The IANA Functions Operator has completed its review of draft-atkins-suit-cose-walnutdsa-05. If any part of this review is inaccurate, please let us …
(Via drafts-eval@iana.org): IESG/Authors/ISE:

The IANA Functions Operator has completed its review of draft-atkins-suit-cose-walnutdsa-05. If any part of this review is inaccurate, please let us know.

We understand that when this document is sent to us for processing, we will perform three registry actions.

First, we'll add the following entry to the COSE Algorithms registry at https://www.iana.org/assignments/cose:

Name: WalnutDSA
Value: TBD1 (the first available number before ES2556K, -48, per the reviewer)
Description: WalnutDSA signature
Reference: This document (Number to be assigned by RFC Editor)
Recommended: No

Second, we'll add the following entry to the COSE Key Types registry at https://www.iana.org/assignments/cose:

Name: WalnutDSA
Value: TBD2 (next available value, per reviewer)
Description: WalnutDSA public key
Reference: This document (Number to be assigned by RFC Editor)

Third, we'll add the following entries to the COSE Algorithms registry at https://www.iana.org/assignments/cose:

Key Type: TBD2 (Value assigned by IANA above)
Name: N
Label: TBD (NOTE: because the key type is being registered by this document, it appears that this document could assign label values)
CBOR Type: uint
Description: Group and Matrix (NxN) size
Reference: This document (Number to be assigned by RFC Editor)

Key Type: TBD2 (Value assigned by IANA above)
Name: q
Label: TBD (Value to be assigned by IANA)
CBOR Type: uint
Description: Finite field F_q
Reference: This document (Number to be assigned by RFC Editor)

Key Type: TBD2 (Value assigned by IANA above)
Name: t-values
Label: TBD (Value to be assigned by IANA)
CBOR Type: array (of uint)
Description: List of T-values, enties in F_q
Reference: This document (Number to be assigned by RFC Editor)

Key Type: TBD2 (Value assigned by IANA above)
Name: matrix 1
Label: TBD (Value to be assigned by IANA)
CBOR Type: array (of array of uint)
Description: NxN Matrix of enties in F_q
Reference: This document (Number to be assigned by RFC Editor)

Key Type: TBD2 (Value assigned by IANA above)
Name: permutation 1
Label: TBD (Value to be assigned by IANA)
CBOR Type: array (of uint)
Description: Permutation associated with matrix 1
Reference: This document (Number to be assigned by RFC Editor)

Key Type: TBD2 (Value assigned by IANA above)
Name: matrix 2
Label: TBD (Value to be assigned by IANA)
CBOR Type: array (of array of uint)
Description: NxN Matrix of enties in F_q
Reference: This document (Number to be assigned by RFC Editor)

The registrations have been approved by the IESG-designated expert and will be made when the document is sent to us for processing.

Thank you,

Amanda Baber
Lead IANA Services Specialist
2020-08-07
05 Adrian Farrel
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital …
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital Signature
Algorithm within the COSE syntax. The document makes it very clear that
Walnut has not been endorsed by the IETF, and contains (section 5.2) an
explanation of the security considerations specific to Walnut. Further,
the document observes that earlier cryptanalysis identified potential
issues that have the authors believe have been addressed in more recent
versions of Walnut (this is not to say that the algorithm would now pass
cryptanalysis review, but does say that issues found earlier have resulted
in improvements to the algorithm). The document also advises users to
make their own judgment about the risks involved.

There has been considerable discussion about this document. I solicited
comments from the Designated Experts for the COSE registries, from the
CFRG, and from targetted reviewers. Several commentators were fairly
hostile and pointed to security failings of Walnut and the fact that
NIST had declined to accept Walnut as suitable. The author observed that
these issues were in the past as changes had been made to Walnut. We
specifically strengthened the text in Section 5.2 to highlight the
concerns and indicate what had been done to resolve many of the issues.

Two main concerns were raised by reviewers:

1. "Publishing this will open the doors to many more similar
    publications." This is a possible outcome, but it seems unlikely that
    there will be "many" additional documents presented for publication.
    We certainly haven't seen any others come forward during the year
    that this document has been with the ISE. If this event does arise, the
    ISE will clearly have to deal with it.

2. "[publishing this sends] a very confusing signal to implementers if
    other RFCs describing crypto that aims to be quantum resistant (or
    protocols using such) are emitted ahead of those [NIST-approved
    algorithms]." This document (in the opinion of the ISE) makes it
    clear that WalnutDSA has not been endorsed by the IETF (but the
    ISE would be happy to receive suggestions for even more rigorous
    text). The document also includes caveats and a pointer to
    discussions of concerns with the algorithm (section 5.2) as well as
    mitigation for those concerns. However, if the IESG believes that
    publication should be held until after one or more specific drafts
    have made it to RFC, this is an acceptable response per RFC 5742.

Nevertheless, this document is not about Walnut, but about how Walnut
might be used. It is assumed that users will be aware of the security
analysis (that is referenced) and will take seriously the call for them
to exercise their own judgement. They will weigh their security concerns
against any perceived benefits to using Walnut.

It has also been noted that an RFC is not necessary for codepoint
assignment from the relevant COSE registries. Some are "Expert Review"
and others "Specification Required" and there is a belied in some
quarters that an Internet-Draft is adequate documentation for both
cases. Nevertheless, the author believes that a more stable and
permanent reference is provided by the publication of an RFC and that
that will be helpful to people trying to understand the use of the
codepoints.

In the end, and considering the specific caveats and pointers added to
the document, the ISE considers that publication would not be
detrimental. The document clearly fits within the criteria for
publication within Independent Stream.

The DEs have been consulted about this final version of the document
and have reported no concerns within the specific constraints of their
roll.

Note that the document contains a Trade Mark statement. The author
and the holder of the Trade Marks is aware of the terms of the TLP wrt
use of the marks.
2020-08-03
05 Adrian Farrel ISE state changed to In IESG Review from In ISE Review
2020-08-03
05 Adrian Farrel IETF conflict review initiated - see conflict-review-atkins-suit-cose-walnutdsa
2020-08-03
05 Adrian Farrel
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital …
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital Signature
Algorithm within the COSE syntax. The document makes it very clear that
Walnut has not been endorsed by the IETF, and contains (section 5.2) an
explanation of the security considerations specific to Walnut. Further,
the document observes that earlier cryptanalysis identified potential
issues that have been addressed in more recent versions of Walnut. The
document also advises users to make their own judgment about the risks
involved.

There has been considerable discussion about this document. I solicited
comments from the Designated Experts for the COSE registries, from the
CFRG, and from targetted reviewers. Several commentators were fairly
hostile and pointed to security failings of Walnut and the fact that
NIST had declined to accept Walnut as suitable. The author observed that
these issues were in the past as changes had been made to Walnut. We
specifically strengthened the text in Section 5.2 to highlight the
concerns and indicate what had been done to resolve many of the issues.

Nevertheless, this document is not about Walnut, but about how Walnut
might be used. It is assumed that users will be aware of the security
analysis (that is referenced) and will take seriously the call for them
to exercise their own judgement. They will weigh their security concerns
against any perceived benefits to using Walnut.

It has also been noted that an RFC is not necessary for codepoint
assignment from the relevant COSE registries. Some are "Expert Review"
and others "Specification Required" and there is a belied in some
quarters that an Internet-Draft is adequate documentation for both
cases. Nevertheless, the author believes that a more stable and
permanent reference is provided by the publication of an RFC and that
that will be helpful to people trying to understand the use of the
codepoints.

In the end, and considering the specific caveats and pointers added to
the document, the ISE considers that, in the words of one of the
reviewers who sits on the IAB, "publication would not be detrimental".
The document clearly fits within the criteria for publication within
Independent Stream.

The DEs have been consulted about this final version of the document
and have reported no concerns within the specific constraints of their
roll.

Note that the document contains a Trade Mark statement. The author
and the holder of the Trade Marks is aware of the terms of the TLP wrt
use of the marks.
2020-07-27
05 (System) Revised ID Needed tag cleared
2020-07-27
05 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-05.txt
2020-07-27
05 (System) New version approved
2020-07-27
05 (System) Request for posting confirmation emailed to previous authors: Derek Atkins
2020-07-27
05 Derek Atkins Uploaded new revision
2020-07-20
04 Adrian Farrel Tag Revised I-D Needed set.
2020-07-14
04 Adrian Farrel
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital …
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital Signature
Algorithm within the COSE syntax. The document makes it very clear that
Walnut has not been endorsed by the IETF, and contains (section 5.2) an
explanation of the security considerations specific to Walnut. Further,
the document observes that earlier cryptanalysis identified potential
issues that have been addressed in more recent versions of Walnut. The
document also advises users to make their own judgment about the risks
involved.

There has been considerable discussion about this document. I solicited
comments from the Designated Experts for the COSE registries, from the
CFRG, and from targetted reviewers. Several commentators were fairly
hostile and pointed to security failings of Walnut and the fact that
NIST had declined to accept Walnut as suitable. The author observed that
these issues were in the past as changes had been made to Walnut. We
specifically strengthened the text in Section 5.2 to highlight the
concerns and indicate what had been done to resolve many of the issues.

Nevertheless, this document is not about Walnut, but about how Walnut
might be used. It is assumed that users will be aware of the security
analysis (that is referenced) and will take seriously the call for them
to exercise their own judgement. They will weigh their security concerns
against any perceived benefits to using Walnut.

It has also been noted that an RFC is not necessary for codepoint
assignment from the relevant COSE registries. Some are "Expert Review"
and others "Specification Required" and there is a belied in some
quarters that an Internet-Draft is adequate documentation for both
cases. Nevertheless, the author believes that a more stable and
permanent reference is provided by the publication of an RFC and that
that will be helpful to people trying to understand the use of the
codepoints.

In the end, and considering the specific caveats and pointers added to
the document, the ISE considers that, in the words of one of the
reviewers who sits on the IAB, "publication would not be detrimental".
The document clearly fits within the criteria for publication within
Independent Stream.

The DEs have been consulted about this final version of the document
and have reported no concerns within the specific constraints of their
roll.
2020-07-14
04 Adrian Farrel
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital …
draft-atkins-suit-cose-walnutdsa has been presented for publication as
an Informational RFC on the Independent Submissions Stream.

The document presents a way to use the Walnut Digital Signature
Algorithm within the COSE syntax. The document makes it very clear that
Walnut has not been endorsed by the IETF, and contains (section 5.2) an
explanation of the security considerations specific to Walnut. Further,
the document observes that earlier cryptanalysis identified potential
issues that have been addressed in more recent versions of Walnut. The
document also advises users to make their own judgment about the risks
involved.

There has been considerable discussion about this document. I solicited
comments from the Designated Experts for the COSE registries, from the
CFRG, and from targetted reviewers. Several commentators were fairly
hostile and pointed to security failings of Walnut and the fact that
NIST had declined to accept Walnut as suitable. The author observed that
these issues were in the past as changes had been made to Walnut. We
specifically strengthened the text in Section 5.2 to highlight the
concerns and indicate what had been done to resolve many of the issues.

Nevertheless, this document is not about Walnut, but about how Walnut
might be used. It is assumed that users will be aware of the security
analysis (that is referenced) and will take seriously the call for them
to exercise their own judgement. They will weigh their security concerns
against any perceived benefits to using Walnut.

It has also been noted that an RFC is not necessary for codepoint
assignment from the relevant COSE registries. Some are "Expert Review"
and others "Specification Required" and there is a belied in some
quarters that an Internet-Draft is adequate documentation for both
cases. Nevertheless, the author believes that a more stable and
permanent reference is provided by the publication of an RFC and that
that will be helpful to people trying to understand the use of the
codepoints.

In the end, and considering the specific caveats and pointers added to
the document, the ISE considers that, in the words of one of the
reviewers who sits on the IAB, "publication would not be detremental".
The document clearly fits within the criteria for publication within
Independent Stream.

The DEs have been consulted about this final version of the document
and have reported no concerns within the specific constraints of their
roll.

2020-07-14
04 Adrian Farrel Pending shepherd write-up and final check with DEs
2020-07-14
04 Adrian Farrel ISE state changed to In ISE Review from Finding Reviewers
2020-07-10
04 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-04.txt
2020-07-10
04 (System) New version approved
2020-07-10
04 (System) Request for posting confirmation emailed to previous authors: Derek Atkins
2020-07-10
04 Derek Atkins Uploaded new revision
2020-06-15
03 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-03.txt
2020-06-15
03 (System) New version approved
2020-06-15
03 (System) Request for posting confirmation emailed to previous authors: Derek Atkins
2020-06-15
03 Derek Atkins Uploaded new revision
2020-01-19
02 Adrian Farrel ISE state changed to Finding Reviewers from Response to Review Needed
2019-12-20
02 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-02.txt
2019-12-20
02 (System) New version approved
2019-12-20
02 (System) Request for posting confirmation emailed to previous authors: Derek Atkins , rfc-ise@rfc-editor.org
2019-12-20
02 Derek Atkins Uploaded new revision
2019-11-20
01 (System) Revised ID Needed tag cleared
2019-11-20
01 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-01.txt
2019-11-20
01 (System) New version approved
2019-11-20
01 (System) Request for posting confirmation emailed to previous authors: rfc-ise@rfc-editor.org, Derek Atkins
2019-11-20
01 Derek Atkins Uploaded new revision
2019-11-18
00 (System) Document has expired
2019-11-16
00 Adrian Farrel Tag Revised I-D Needed set.
2019-11-16
00 Adrian Farrel ISE state changed to Response to Review Needed from Submission Received
2019-10-26
00 Adrian Farrel Intended Status changed to Informational from None
2019-10-25
00 Adrian Farrel Notification list changed to Adrian Farrel <rfc-ise@rfc-editor.org>
2019-10-25
00 Adrian Farrel Document shepherd changed to Adrian Farrel
2019-10-25
00 Adrian Farrel ISE state changed to Submission Received
2019-10-25
00 Adrian Farrel Stream changed to ISE from None
2019-05-13
00 Derek Atkins New version available: draft-atkins-suit-cose-walnutdsa-00.txt
2019-05-13
00 (System) New version approved
2019-05-13
00 Derek Atkins Request for posting confirmation emailed  to submitter and authors: Derek Atkins
2019-05-13
00 Derek Atkins Uploaded new revision