draft-ietf-lamps-cms-hash-sig-02.txt   draft-ietf-lamps-cms-hash-sig-03.txt 
INTERNET-DRAFT R. Housley INTERNET-DRAFT R. Housley
Internet Engineering Task Force (IETF) Vigil Security Internet Engineering Task Force (IETF) Vigil Security
Intended Status: Proposed Standard Intended Status: Proposed Standard
Expires: 17 April 2019 17 October 2018 Expires: 20 June 2019 20 December 2018
Use of the HSS/LMS Hash-based Signature Algorithm Use of the HSS/LMS Hash-based Signature Algorithm
in the Cryptographic Message Syntax (CMS) in the Cryptographic Message Syntax (CMS)
<draft-ietf-lamps-cms-hash-sig-02> <draft-ietf-lamps-cms-hash-sig-03>
Abstract Abstract
This document specifies the conventions for using the the HSS/LMS This document specifies the conventions for using the the HSS/LMS
hash-based signature algorithm with the Cryptographic Message Syntax hash-based signature algorithm with the Cryptographic Message Syntax
(CMS). The HSS/LMS algorithm is one form of hash-based digital (CMS). The HSS/LMS algorithm is one form of hash-based digital
signature; it is described in [HASHSIG]. signature; it is described in [HASHSIG].
Status of this Memo Status of this Memo
skipping to change at page 9, line 18 skipping to change at page 9, line 18
Implementations must protect the private keys. Compromise of the Implementations must protect the private keys. Compromise of the
private keys may result in the ability to forge signatures. Along private keys may result in the ability to forge signatures. Along
with the private key, the implementation must keep track of which with the private key, the implementation must keep track of which
leaf nodes in the tree have been used. Loss of integrity of this leaf nodes in the tree have been used. Loss of integrity of this
tracking data can cause an one-time key to be used more than once. tracking data can cause an one-time key to be used more than once.
As a result, when a private key and the tracking data are stored on As a result, when a private key and the tracking data are stored on
non-volatile media or stored in a virtual machine environment, care non-volatile media or stored in a virtual machine environment, care
must be taken to preserve confidentiality and integrity. must be taken to preserve confidentiality and integrity.
When a LMS key pair is generating a LMS key pair, an implementation
must must generate the key pair and the corresponding identifier
independently of all other key pairs in the HSS tree.
An implementation must ensure that a LM-OTS private key is used to An implementation must ensure that a LM-OTS private key is used to
generate a signature only one time, and ensure that it cannot be used generate a signature only one time, and ensure that it cannot be used
for any other purpose. for any other purpose.
The generation of private keys relies on random numbers. The use of The generation of private keys relies on random numbers. The use of
inadequate pseudo-random number generators (PRNGs) to generate these inadequate pseudo-random number generators (PRNGs) to generate these
values can result in little or no security. An attacker may find it values can result in little or no security. An attacker may find it
much easier to reproduce the PRNG environment that produced the keys, much easier to reproduce the PRNG environment that produced the keys,
searching the resulting small set of possibilities, rather than brute searching the resulting small set of possibilities, rather than brute
force searching the whole key space. The generation of quality force searching the whole key space. The generation of quality
 End of changes. 3 change blocks. 
2 lines changed or deleted 6 lines changed or added

This html diff was produced by rfcdiff 1.47. The latest version is available from http://tools.ietf.org/tools/rfcdiff/