Skip to main content

Use of the HSS/LMS Hash-Based Signature Algorithm in the Cryptographic Message Syntax (CMS)
draft-ietf-lamps-cms-hash-sig-10

Yes

Roman Danyliw

No Objection

Alvaro Retana
Éric Vyncke
(Adam Roach)
(Alexey Melnikov)
(Alissa Cooper)
(Deborah Brungard)
(Ignas Bagdonas)
(Magnus Westerlund)
(Mirja Kühlewind)
(Suresh Krishnan)

Note: This ballot was opened for revision 09 and is now closed.

Roman Danyliw Yes

Alvaro Retana No Objection

Warren Kumari No Objection

Comment (2019-09-18 for -09)
Thank you for writing this, and thanks to Joe for the OpsDir review -- it has some useful comments to address.

Éric Vyncke No Objection

(Adam Roach; former steering group member) No Objection

No Objection ()

                            

(Alexey Melnikov; former steering group member) No Objection

No Objection (for -09)

                            

(Alissa Cooper; former steering group member) No Objection

No Objection (for -09)

                            

(Barry Leiba; former steering group member) No Objection

No Objection (2019-09-11 for -09)
Thanks, Russ, as always, for a clear and well-written document.
Some editorial nits:


— Section 1.3 —

   Each of these advances pose a
   threat to widely deployed digital signature algorithms.



“poses”, to match the singular “each”.


   Recent advances in cryptoanalysis [BH2013]

“cryptanalysis”, no “o”.

   The HSS/LMS signature algorithm does not depend on the difficulty of
   discrete logarithm or factoring, as a result these algorithms are

Comma splice.  Make it a semicolon.

— Section 2.2 —

   The second parameter is
   the number of bytes output by the hash function, m, which is the
   amount of data associated with each node in the tree.


It’s a small thing, but I think the “m” is misplaced where it is, and suggest “…the number of bytes, m, output by the hash function….”

— Section 3 —

   Each format includes a counter and type
   codes that indirectly providing all of the information that is needed

“provide”

— Section 5 —

   When signed attributes are absent, the HSS/LMS signature is computed
   over the content.  When signed attributes are present, a hash is
   computed over the content using the same hash function that is used
   in the HSS/LMS tree, and then a message-digest attribute is
   constructed to contain the resulting hash value, and then the result
   of DER encoding the set of signed attributes (which MUST include a
   content-type attribute and a message-digest attribute, and then the
   HSS/LMS signature is computed over the DER-encoded output.

You’re missing a “)” there, which makes it a bit odd.  I think it should be “(which MUST include a content-type attribute and a message-digest attribute), and then….”

         digestAlgorithm MUST contain the one-way hash function used to in
         the HSS/LMS tree.

Remove “to”.

— Section 6 —

   While the consequences of an inadequate pseudo-random
   number generator (PRNGs) to generate these values is much less severe
   than the generation of private keys


“than in the generation”

— Appendix —
Just a note that I did not review the ASN.1 module.

(Benjamin Kaduk; former steering group member) (was Discuss) No Objection

No Objection (2019-09-15 for -09)
Thanks for the discussion around my Discuss points, and the updates
in response to my comments!

(Deborah Brungard; former steering group member) No Objection

No Objection (for -09)

                            

(Ignas Bagdonas; former steering group member) No Objection

No Objection ()

                            

(Magnus Westerlund; former steering group member) No Objection

No Objection (for -09)

                            

(Martin Vigoureux; former steering group member) No Objection

No Objection (2019-09-17 for -09)
Hi

thank you for this document.

   There have been recent advances in cryptanalysis and advances in the
   development of quantum computers.  Each of these advances pose a
   threat to widely deployed digital signature algorithms.

   Recent advances in cryptoanalysis [BH2013] and progress in the
   development of quantum computers [NAS2019] pose a threat to widely
   deployed digital signature algorithms.  

looks redundant.

-m

(Mirja Kühlewind; former steering group member) No Objection

No Objection (for -09)

                            

(Suresh Krishnan; former steering group member) No Objection

No Objection ()