Re: [pkcs11] RE: XMSS Support

pkcs11 message

Subject: Re: [pkcs11] RE: XMSS Support

From: Robert Relyea <rrelyea@redhat.com>

To: pkcs11@lists.oasis-open.org

Date: Thu, 4 May 2023 11:03:06 -0700

On 2/23/23 9:39 AM, JOHNSON Darren wrote:

Adding more comments to the list to be considered when we continue to work on this proposal.

The attribute CKA_XMSS_PARAMS is defined as a DER encoding, and a sample ASN.1 structure is provided.Â I donât know if this was taken from anywhere, but I assume the pattern (DER encoding of parameters) was borrowed from the ECDSA algorithms.Â The ANS.1 structure defined doesnât make any sense as it shows an OCTET STRING that contains CK_XMSSMT_OID, which in turn is a CK_ULONG.Â CK_ULONG is platform dependent and not suitable for inclusion in an ANS.1 structure unless we define how it is to be presented.

I suggest we clarify this, or we follow the model we use for HSS and SPHINCS+ and use a PKCS11 types to define the parameter sets.

Unless something is blatantly wrong in what I wrote, discussions can be postponed until this proposal is picked up again.

I think that started because XMSS was based on an early draft of the HSS spec. After some back and forth we changed the HSS spec to use CK_ULONG identifiers. XMSS actually only needs one identifier because it combines a bunch of separate parameters values in one identifier (HSS carries each separately). I've addressed this in my updates which I've posted for review today.

bob

Thanks

From: JOHNSON Darren
Sent: Friday, February 17, 2023 6:17 AM
To: markowitz@infoseccorp.com; pkcs11@lists.oasis-open.org
Subject: RE: XMSS Support

Hi,

Iâm adding one more comment against the current draft, just so it isnât lost/forgot.

It seems to be missing an attribute for âkeys remainingâ or âsignatures remainingâ that we have for HSS.

I assume this will be added when the spec is updated.

Thanks

From: Michael Markowitz <markowitz@infoseccorp.com>
Sent: Wednesday, February 15, 2023 2:54 PM
To: JOHNSON Darren <darren.johnson@thalesgroup.com>; pkcs11@lists.oasis-open.org
Subject: RE: XMSS Support

Meeting minutes from 10/14/20 seem to be the last mention of XMSS:

XMSS(MT)

Noted there are pending changes from NIST due in December 2020. This should work into the v3.2 time frame. Further discussion required prior to adoption into v3.2 document set.
Tony C to note in AIs for v3.2

Donât see it in the 3.2 AIs. Can only imagine it was dropped for lack of sponsorship.

-mjm

From: pkcs11@lists.oasis-open.org <pkcs11@lists.oasis-open.org> On Behalf Of JOHNSON Darren
Sent: Wednesday, February 15, 2023 11:08 AM
To: pkcs11@lists.oasis-open.org
Subject: [pkcs11] XMSS Support

Iâve stumbled across the XMSS/XMSS(MT) proposals in the email archives.Â

https://lists.oasis-open.org/archives/pkcs11/202010/msg00016/PKCS11_XMSS_SPEC_10-22-2020.docx

It looks like it was being driven by Philip Lafrance from ISARA.Â Was he a member of the committee at the time?Â What happened to this proposal? Was it dropped?

Thanks

Darren