Skip to main content

Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax (CMS)
draft-ietf-lamps-cms-hash-sig-10

Yes

Roman Danyliw

No Objection

Éric Vyncke
(Adam Roach)
(Alexey Melnikov)
(Alissa Cooper)
(Alvaro Retana)
(Deborah Brungard)
(Ignas Bagdonas)
(Magnus Westerlund)
(Mirja Kühlewind)
(Suresh Krishnan)

Note: This ballot was opened for revision 09 and is now closed.

Roman Danyliw
Yes
Warren Kumari
No Objection
Comment (2019-09-18 for -09) Sent
Thank you for writing this, and thanks to Joe for the OpsDir review -- it has some useful comments to address.
Éric Vyncke
No Objection
Adam Roach Former IESG member
No Objection
No Objection () Not sent

                            
Alexey Melnikov Former IESG member
No Objection
No Objection (for -09) Not sent

                            
Alissa Cooper Former IESG member
No Objection
No Objection (for -09) Not sent

                            
Alvaro Retana Former IESG member
No Objection
No Objection () Not sent

                            
Barry Leiba Former IESG member
No Objection
No Objection (2019-09-11 for -09) Sent
Thanks, Russ, as always, for a clear and well-written document.
Some editorial nits:


— Section 1.3 —

   Each of these advances pose a
   threat to widely deployed digital signature algorithms.



“poses”, to match the singular “each”.


   Recent advances in cryptoanalysis [BH2013]

“cryptanalysis”, no “o”.

   The HSS/LMS signature algorithm does not depend on the difficulty of
   discrete logarithm or factoring, as a result these algorithms are

Comma splice.  Make it a semicolon.

— Section 2.2 —

   The second parameter is
   the number of bytes output by the hash function, m, which is the
   amount of data associated with each node in the tree.


It’s a small thing, but I think the “m” is misplaced where it is, and suggest “…the number of bytes, m, output by the hash function….”

— Section 3 —

   Each format includes a counter and type
   codes that indirectly providing all of the information that is needed

“provide”

— Section 5 —

   When signed attributes are absent, the HSS/LMS signature is computed
   over the content.  When signed attributes are present, a hash is
   computed over the content using the same hash function that is used
   in the HSS/LMS tree, and then a message-digest attribute is
   constructed to contain the resulting hash value, and then the result
   of DER encoding the set of signed attributes (which MUST include a
   content-type attribute and a message-digest attribute, and then the
   HSS/LMS signature is computed over the DER-encoded output.

You’re missing a “)” there, which makes it a bit odd.  I think it should be “(which MUST include a content-type attribute and a message-digest attribute), and then….”

         digestAlgorithm MUST contain the one-way hash function used to in
         the HSS/LMS tree.

Remove “to”.

— Section 6 —

   While the consequences of an inadequate pseudo-random
   number generator (PRNGs) to generate these values is much less severe
   than the generation of private keys


“than in the generation”

— Appendix —
Just a note that I did not review the ASN.1 module.
Benjamin Kaduk Former IESG member
(was Discuss) No Objection
No Objection (2019-09-15 for -09) Sent
Thanks for the discussion around my Discuss points, and the updates
in response to my comments!
Deborah Brungard Former IESG member
No Objection
No Objection (for -09) Not sent

                            
Ignas Bagdonas Former IESG member
No Objection
No Objection () Not sent

                            
Magnus Westerlund Former IESG member
No Objection
No Objection (for -09) Not sent

                            
Martin Vigoureux Former IESG member
No Objection
No Objection (2019-09-17 for -09) Sent
Hi

thank you for this document.

   There have been recent advances in cryptanalysis and advances in the
   development of quantum computers.  Each of these advances pose a
   threat to widely deployed digital signature algorithms.

   Recent advances in cryptoanalysis [BH2013] and progress in the
   development of quantum computers [NAS2019] pose a threat to widely
   deployed digital signature algorithms.  

looks redundant.

-m
Mirja Kühlewind Former IESG member
No Objection
No Objection (for -09) Not sent

                            
Suresh Krishnan Former IESG member
No Objection
No Objection () Not sent