On Thu, Apr 20, 2017 at 04:03:21PM +0100, Chris Thompson wrote: > On Apr 20 2017, Tony Finch wrote: > > > Mark Andrews <ma...@isc.org> wrote: > > > > > > DSA requires random values as part of the signing process. > > > > Traditionally, yes, but it isn't actually required - > > https://tools.ietf.org/html/rfc6979 > > There is a great deal to be said for using deterministic DSA even if > your random number source is both trustworthy and fast. > > The EdDSA standards (RFCs 8032 & 8080) mandate deterministic signatures > and this is certainly intentional. Of course, there are also many other > ways in which they are improvements on the earlier NIST-based ECDSA > standards, and we should all be looking forward to the time when BIND, > inter alia, supports them...
As there's some discussion on use of entropy during signing, allow me to talk about other draft RRSIG algorithms. When preparing support for SHA-3 algorithms, the RSASSA-PSS signature scheme was chosen for RSA RRSIGs as it is a more robust scheme than RSASSA-PKCS1-v1_5: https://tools.ietf.org/html/draft-muks-dnsop-dnssec-sha3-01 Unlike the existing RSA DNSKEY/RRSIG algorithms, RSASSA-PSS uses a "salt" input (per signature), but we made its randomness requirement a "SHOULD" in the draft. This allows signing in environments where an entropy source is not available, however, where one is available, a PRNG ought to be sufficient for signing purposes. The non-randomness of the salt is not crucial (see full domain hash vs. RSA PSS in "The Exact Security of Digital Signatures - How to Sign with RSA and Rabin", Bellare and Rogaway.) However, with a random salt, the scheme has exact security and a similar security guarantee is achieved with a smaller RSA modulus size. The draft also covers ECDSA(SHA-3()). Mukund
signature.asc
Description: PGP signature
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users