| < draft-ietf-cose-hash-sig-04.txt | draft-ietf-cose-hash-sig-05.txt > | |||
|---|---|---|---|---|
| Network Working Group R. Housley | Network Working Group R. Housley | |||
| Internet-Draft Vigil Security | Internet-Draft Vigil Security | |||
| Intended status: Standards Track October 10, 2019 | Intended status: Standards Track October 28, 2019 | |||
| Expires: April 12, 2020 | Expires: April 30, 2020 | |||
| Use of the HSS/LMS Hash-based Signature Algorithm with CBOR Object | Use of the HSS/LMS Hash-based Signature Algorithm with CBOR Object | |||
| Signing and Encryption (COSE) | Signing and Encryption (COSE) | |||
| draft-ietf-cose-hash-sig-04 | draft-ietf-cose-hash-sig-05 | |||
| Abstract | Abstract | |||
| This document specifies the conventions for using the Hierarchical | This document specifies the conventions for using the Hierarchical | |||
| Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based | Signature System (HSS) / Leighton-Micali Signature (LMS) hash-based | |||
| signature algorithm with the CBOR Object Signing and Encryption | signature algorithm with the CBOR Object Signing and Encryption | |||
| (COSE) syntax. The HSS/LMS algorithm is one form of hash-based | (COSE) syntax. The HSS/LMS algorithm is one form of hash-based | |||
| digital signature; it is described in RFC 8554. | digital signature; it is described in RFC 8554. | |||
| Status of This Memo | Status of This Memo | |||
| skipping to change at page 1, line 35 ¶ | skipping to change at page 1, line 35 ¶ | |||
| Internet-Drafts are working documents of the Internet Engineering | Internet-Drafts are working documents of the Internet Engineering | |||
| Task Force (IETF). Note that other groups may also distribute | Task Force (IETF). Note that other groups may also distribute | |||
| working documents as Internet-Drafts. The list of current Internet- | working documents as Internet-Drafts. The list of current Internet- | |||
| Drafts is at https://datatracker.ietf.org/drafts/current/. | Drafts is at https://datatracker.ietf.org/drafts/current/. | |||
| Internet-Drafts are draft documents valid for a maximum of six months | Internet-Drafts are draft documents valid for a maximum of six months | |||
| and may be updated, replaced, or obsoleted by other documents at any | and may be updated, replaced, or obsoleted by other documents at any | |||
| time. It is inappropriate to use Internet-Drafts as reference | time. It is inappropriate to use Internet-Drafts as reference | |||
| material or to cite them other than as "work in progress." | material or to cite them other than as "work in progress." | |||
| This Internet-Draft will expire on April 12, 2020. | This Internet-Draft will expire on April 30, 2020. | |||
| Copyright Notice | Copyright Notice | |||
| Copyright (c) 2019 IETF Trust and the persons identified as the | Copyright (c) 2019 IETF Trust and the persons identified as the | |||
| document authors. All rights reserved. | document authors. All rights reserved. | |||
| This document is subject to BCP 78 and the IETF Trust's Legal | This document is subject to BCP 78 and the IETF Trust's Legal | |||
| Provisions Relating to IETF Documents | Provisions Relating to IETF Documents | |||
| (https://trustee.ietf.org/license-info) in effect on the date of | (https://trustee.ietf.org/license-info) in effect on the date of | |||
| publication of this document. Please review these documents | publication of this document. Please review these documents | |||
| skipping to change at page 2, line 20 ¶ | skipping to change at page 2, line 20 ¶ | |||
| 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.1. Motivation . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | 1.2. Terminology . . . . . . . . . . . . . . . . . . . . . . . 3 | |||
| 2. LMS Digital Signature Algorithm Overview . . . . . . . . . . 3 | 2. LMS Digital Signature Algorithm Overview . . . . . . . . . . 3 | |||
| 2.1. Hierarchical Signature System (HSS) . . . . . . . . . . . 4 | 2.1. Hierarchical Signature System (HSS) . . . . . . . . . . . 4 | |||
| 2.2. Leighton-Micali Signature (LMS) . . . . . . . . . . . . . 5 | 2.2. Leighton-Micali Signature (LMS) . . . . . . . . . . . . . 5 | |||
| 2.3. Leighton-Micali One-time Signature Algorithm (LM-OTS) . . 6 | 2.3. Leighton-Micali One-time Signature Algorithm (LM-OTS) . . 6 | |||
| 3. Hash-based Signature Algorithm Identifiers . . . . . . . . . 7 | 3. Hash-based Signature Algorithm Identifiers . . . . . . . . . 7 | |||
| 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | 4. Security Considerations . . . . . . . . . . . . . . . . . . . 7 | |||
| 4.1. Implementation Security Considerations . . . . . . . . . 7 | 4.1. Implementation Security Considerations . . . . . . . . . 7 | |||
| 5. Operational Considerations . . . . . . . . . . . . . . . . . 8 | 5. Operational Considerations . . . . . . . . . . . . . . . . . 8 | |||
| 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 8 | 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 6.1. COSE Algorithms Registry Entry . . . . . . . . . . . . . 9 | 6.1. COSE Algorithms Registry Entry . . . . . . . . . . . . . 9 | |||
| 6.2. COSE Key Types Registry Entry . . . . . . . . . . . . . . 9 | 6.2. COSE Key Types Registry Entry . . . . . . . . . . . . . . 9 | |||
| 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | 7. References . . . . . . . . . . . . . . . . . . . . . . . . . 9 | |||
| 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 | 7.1. Normative References . . . . . . . . . . . . . . . . . . 9 | |||
| 7.2. Informative References . . . . . . . . . . . . . . . . . 10 | 7.2. Informative References . . . . . . . . . . . . . . . . . 10 | |||
| Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 11 | Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 11 | |||
| A.1. Example COSE Full Message Signature . . . . . . . . . . . 11 | A.1. Example COSE Full Message Signature . . . . . . . . . . . 11 | |||
| A.2. Example COSE_Sign0 Message . . . . . . . . . . . . . . . 16 | A.2. Example COSE_Sign0 Message . . . . . . . . . . . . . . . 16 | |||
| Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 21 | Appendix B. Acknowledgements . . . . . . . . . . . . . . . . . . 21 | |||
| Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21 | Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 21 | |||
| skipping to change at page 5, line 31 ¶ | skipping to change at page 5, line 31 ¶ | |||
| LMS_SHA256_M32_H5; | LMS_SHA256_M32_H5; | |||
| LMS_SHA256_M32_H10; | LMS_SHA256_M32_H10; | |||
| LMS_SHA256_M32_H15; | LMS_SHA256_M32_H15; | |||
| LMS_SHA256_M32_H20; and | LMS_SHA256_M32_H20; and | |||
| LMS_SHA256_M32_H25. | LMS_SHA256_M32_H25. | |||
| The [HASHSIG] specification establishes an IANA registry to permit | The [HASHSIG] specification establishes an IANA registry to permit | |||
| the registration of additional hash functions and additional tree | the registration of additional hash functions and additional tree | |||
| sizes in the future. | sizes in the future. | |||
| The [HASHSIG] specification defines the value I as the private key | ||||
| identifier, and the same I value is used for all computations with | ||||
| the same LMS tree. In addition, the [HASHSIG] specification defines | ||||
| the value T[i] as the m-byte string associated with the ith node in | ||||
| the LMS tree, where and the nodes are indexed from 1 to 2^(h+1)-1. | ||||
| Thus, T[1] is the m-byte string associated with the root of the LMS | ||||
| tree. | ||||
| The LMS public key can be summarized as: | The LMS public key can be summarized as: | |||
| u32str(lms_algorithm_type) || u32str(otstype) || I || T[1] | u32str(lms_algorithm_type) || u32str(otstype) || I || T[1] | |||
| As specified in [HASHSIG], the LMS signature consists of four | As specified in [HASHSIG], the LMS signature consists of four | |||
| elements: the number of the leaf associated with the LM-OTS | elements: the number of the leaf associated with the LM-OTS | |||
| signature, an LM-OTS signature as described in Section 2.3, a | signature, an LM-OTS signature as described in Section 2.3, a | |||
| typecode indicating the particular LMS algorithm, and an array of | typecode indicating the particular LMS algorithm, and an array of | |||
| values that is associated with the path through the tree from the | values that is associated with the path through the tree from the | |||
| leaf associated with the LM-OTS signature to the root. The array of | leaf associated with the LM-OTS signature to the root. The array of | |||
| skipping to change at page 9, line 12 ¶ | skipping to change at page 9, line 18 ¶ | |||
| "COSE Algorithms" registry and hash-based public keys in the "COSE | "COSE Algorithms" registry and hash-based public keys in the "COSE | |||
| Key Types" registry. | Key Types" registry. | |||
| 6.1. COSE Algorithms Registry Entry | 6.1. COSE Algorithms Registry Entry | |||
| The new entry in the "COSE Algorithms" registry has the following | The new entry in the "COSE Algorithms" registry has the following | |||
| columns: | columns: | |||
| Name: HSS-LMS | Name: HSS-LMS | |||
| Value: TBD (Value to be assigned by IANA) | Value: TBD (Value between -256 and 255 to be assigned by IANA) | |||
| Description: HSS/LMS hash-based digital signature | Description: HSS/LMS hash-based digital signature | |||
| Reference: This document (Number to be assigned by RFC Editor) | Reference: This document (Number to be assigned by RFC Editor) | |||
| Recommended: Yes | Recommended: Yes | |||
| 6.2. COSE Key Types Registry Entry | 6.2. COSE Key Types Registry Entry | |||
| The new entry in the "COSE Key Types" registry has the following | The new entry in the "COSE Key Types" registry has the following | |||
| skipping to change at page 11, line 7 ¶ | skipping to change at page 11, line 18 ¶ | |||
| <https://www.rfc-editor.org/info/rfc4086>. | <https://www.rfc-editor.org/info/rfc4086>. | |||
| [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | [RFC5280] Cooper, D., Santesson, S., Farrell, S., Boeyen, S., | |||
| Housley, R., and W. Polk, "Internet X.509 Public Key | Housley, R., and W. Polk, "Internet X.509 Public Key | |||
| Infrastructure Certificate and Certificate Revocation List | Infrastructure Certificate and Certificate Revocation List | |||
| (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | (CRL) Profile", RFC 5280, DOI 10.17487/RFC5280, May 2008, | |||
| <https://www.rfc-editor.org/info/rfc5280>. | <https://www.rfc-editor.org/info/rfc5280>. | |||
| Appendix A. Examples | Appendix A. Examples | |||
| This appendix provides an example of a COSE full message signature | This appendix provides a non-normative example of a COSE full message | |||
| and an example of a COSE_Sign0 message. The display format includes | signature and an example of a COSE_Sign0 message. The display format | |||
| "\" to indicate that the same field continues on the next line, and | includes "\" to indicate that the same field continues on the next | |||
| it includes "|" to separate items within a field. | line, and it includes "|" to separate items within a field. | |||
| The programs that were used to generate the examples can be found at | The programs that were used to generate the examples can be found at | |||
| https://github.com/cose-wg/Examples. | https://github.com/cose-wg/Examples. | |||
| A.1. Example COSE Full Message Signature | A.1. Example COSE Full Message Signature | |||
| This section provides an example of a COSE full message signature. | This section provides an example of a COSE full message signature. | |||
| { | { | |||
| "title":"HSS LMS Hash based signature - hsssig-01", | "title":"HSS LMS Hash based signature - hsssig-01", | |||
| End of changes. 7 change blocks. | ||||
| 10 lines changed or deleted | 18 lines changed or added | |||
This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/ | ||||