IETF Logo Mail Archive

Re: [Acme] [EXTERNAL] Re: Internet-Draft: PQC Algorithm negotiation in ACME

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 10 August 2023 21:00 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: acme@ietfa.amsl.com
Delivered-To: acme@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B581BC17EB54 for <acme@ietfa.amsl.com>; Thu, 10 Aug 2023 14:00:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.704
X-Spam-Level:
X-Spam-Status: No, score=-2.704 tagged_above=-999 required=5 tests=[AC_DIV_BONANZA=0.001, BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id RCESVtY9vrYz for <acme@ietfa.amsl.com>; Thu, 10 Aug 2023 14:00:31 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ECFA4C17EB53 for <acme@ietf.org>; Thu, 10 Aug 2023 14:00:30 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 37AGnStR011419; Thu, 10 Aug 2023 16:00:16 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=zWQiNv50n0m2W7eAu6+fh9Mw czIH8ybWMmfobpdt3Ts=; b=Sf4sUtW94dIIbjC6AeHV1eCP1XCHtzrZp67ILt+l cSxmOJucRIDPmexHZfDkiT3ag49AuinOSJJIhKgmPGYJMWV2UC6BOGieAI8kcsDj 5YQG4hX8x/dIpdEQdyfUhJ7lRmP7m+LXus8HJOVd4wbs56h3tpbBn8PnXmhzq3s5 FRzrUS4ZEesTf8SVoeJNzj6ee4YBgUjGLPMTki0uN4CRDLMEOP+sNlAaQ4dHSMWO cWtxSbRZ44O4S9iH5Pzx5rDco5ZNumockqpMC9oBuEAgs4ZOpSxUcJuqdVZ+J5eH rneqJmjJfEbWUDLQT76oJ+KiSD1WoccFdzRro/i/oo/ulA==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2174.outbound.protection.outlook.com [104.47.59.174]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3s9k40jp9u-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 10 Aug 2023 16:00:15 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=OF46HPX6lbb5ohEDMgIyW6kdY8fYhEK0+8dfyKueKmDWZbIe3Dn06w7GCsfcsh0nT9lHtAe7RCeGFQkO7m1nXAhdsN9ZEDUG8WjlGfOEuN+mIAaPdUNZQyKqsQkX9C28DXTVO2Tz6FAe6w0Cm3Nt4X5qDZTAjFKg9RaieqiKrQ+7rFeH4n0RUklld94IT/rEc2SCaUOrqtvFPCYvLQpaCfstKf/U5ft3ci6r0z/fUPfygfFCp0Z7nHfFbO8kCk8Ck8ze+72JaFakJvedfoIRhjD4BrJgheoJD6cUXZiFX3c7qglUn53lnWaBUainhxTe9VN05SRkBbFMWByVedBkHw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=OTH8YhmNC9VqbL4hwSrblbNn7Pxhkal1MeWIKxQo3J4=; b=ihbJhtrDaSG3YxLp25qfmGH0ciHa/9XXYnX4VKOwfBEXjGrbc+48nfCWHtEMx5vNpwv+miPQLwJF3KT6vhcVv4EHRweUGeB0ZNZlFyw7Ju+FPaoAuJDKZm1Iaq0AWvrNHmF0JnSqKLqh75tQNHd9Jm+KRLTN7RmYPoLb0MaWrRNlHGd7+1bvkJOidSEuUVFMem3FI63q9NoNFKnvhRPxDWEMVpSEgtVz7+p8yjiYGXqkG6BIJZDUR5bt3RtUiiUXqf0sJdWWVAw87MQ8n6Jhv74HbFU0qFYLV7lMZpcnMagoz1x8pnSeaHtpuLZ5hJHzs6o9zfTMUhj3CBOJk+OSHw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CO1PR11MB5124.namprd11.prod.outlook.com (2603:10b6:303:92::12) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6652.30; Thu, 10 Aug 2023 21:00:10 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::902f:f92b:8d48:f4bf]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::902f:f92b:8d48:f4bf%4]) with mapi id 15.20.6652.029; Thu, 10 Aug 2023 21:00:08 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>
CC: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>, Aaron Gable <aaron=40letsencrypt.org@dmarc.ietf.org>, Seo Suchan <tjtncks@gmail.com>, Alexandre Augusto <alexandre.a.giron@gmail.com>, IETF ACME <acme@ietf.org>, Lucas Pandolfo Perin <lucas.perin@tii.ae>, Ricardo Custódio <ricardo.custodio@ufsc.br>, "victor.valle@grad.ufsc.br" <victor.valle@grad.ufsc.br>
Thread-Topic: [EXTERNAL] Re: [Acme] Internet-Draft: PQC Algorithm negotiation in ACME
Thread-Index: AQHZyinCxlvKbXJ9SE652w4kv4MxR6/g9+hQgAML2ICAAAK/YA==
Date: Thu, 10 Aug 2023 21:00:08 +0000
Message-ID: <CH0PR11MB5739AF51C3596725DC569E759F13A@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CABLzjm-8W4yFeJr1dOMc0Uk5sA_B0gZGduVioH0EAL5WpCiaZg@mail.gmail.com> <2dea03ee-6c91-4994-bf3f-84744ae9fcc3@gmail.com> <CAEmnErdykcSkPewOX2REGBKm8mukaShT9iVHU5e6uNLYvVNFKQ@mail.gmail.com> <SN7PR14MB649245601F438693DD090AF1830DA@SN7PR14MB6492.namprd14.prod.outlook.com> <CH0PR11MB5739C50BC8378A194955B5449F0DA@CH0PR11MB5739.namprd11.prod.outlook.com> <117513A1-8FFB-4C90-BFC4-D2194C6BC42C@vigilsec.com>
In-Reply-To: <117513A1-8FFB-4C90-BFC4-D2194C6BC42C@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|CO1PR11MB5124:EE_
x-ms-office365-filtering-correlation-id: f10cbde6-a542-4df9-3c63-08db99e4c798
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: pZPARdXWZYLACoprTp7neqrsqR2tFCJGulh9hUTPvl+tpFBOQpF+dyW6nYQZdijEwtNBR5ThK2fKFeG+lj094XQgQ9AhMfSqpNjNhmvbQhaX4FCVExmavuuADpXV+eoB1hIsOLX+sRVhtdDS8w3jQY6Y11S9Xgtk8fNGHbz1x/f9ftSzCwaqkKrdTnerm6TXa+zXbouBTvutlNyJO/13D+9AduGQKlmwPmkL1CTTu1yh6m1UbIAY2F9bOXeSb+hBesqSocr9jWxE65RmfI60m5OHqpyKEeqZprdPr7aRuzqzuFZYhy4M1z918aXFC1UvHB3/UBWmPRVNhr9V8D3coYud25W49dLALE2ePoFbLtkSj1di2zXmn9zxepZcijBgxikM87mtbIlZ+fMI6oEQY6A4aIeXEHtHDVJxwagKSuHASZVnZsg3heop6f3j7r/QmBAe5IPMv9W2WZhRzRMi9rP6WEqHG1Fd3R4R+FmFMsd6prSfGQ0R4YQSN8UncmFePci2eN3t5AbSrx0f6PBqTkDBH+cCj2x198CtotCZGAlGd8UhdZQEPaukRqUP43MhP496/LLjAP3g1my+kfH7wMW0Pkszgbfij6QnQaak4+E=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230028)(346002)(396003)(136003)(376002)(39860400002)(366004)(451199021)(186006)(1800799006)(8936002)(8676002)(64756008)(66446008)(316002)(76116006)(66946007)(4326008)(41300700001)(6916009)(55016003)(86362001)(33656002)(5660300002)(52536014)(38070700005)(66556008)(66476007)(2906002)(7696005)(71200400001)(966005)(53546011)(26005)(6506007)(122000001)(478600001)(9686003)(54906003)(66574015)(166002)(38100700002)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 3/Sir1ue51qb7wYE0cqqLpo5RMTD+gGXoMoF7ViUph4F4kYc1fqMj+5y/hZkk8Ek5kKaTbKy0n3gZG1gpFLW3p/DQ7eV0H1rw1pKjoLaA99iJQHlDgdjQK9Hb+675SorWKC27QmVeArtt1wN1Bxzj22fhBhdas2fLFMYDJLpmtHQccvYkYTyIqOKT0tmJQyxa7AWXy27wsSnhfvXiPhlmH5bOWvTssM0uxoYUfWiaXOS/vuYFhlr+VTCn9+rYOzZ3qTSwU9Nu484WxRjt3FRV/CzQKq1s3OFw782fm8AHrrlYO1XKjS1p/C33iXe3USx7KDHvqvxBwTPrvMR8ELglbXc5DgPCGSZeRW9622ZynfKiWMzdACW0WDSMuvxDoR7znw2F4V93J93B1n5Zwj3FGZFWKfQZZKO4fTISdj27OnKmrsNKT1XFwsq26KXy2Mb8coO32wi7c67AHfXq/Z2x3nFeEJfFMzAC4aoL6U4uceLeYufW59jzxeGqDv2mUOBmcEOkzhE9O1ANHUIqHzRlcIcAUClWSJfVeHm2BIE9/N6wudGnatpYU05wBiGaAEfGQILRjRebtm4tDGz4XBI+YVS9m/pou2drQNLevwSkN0kVTCjsp2pjP0aHrAqZe6nEclvYl0sdILkcvhY8kdiRwDjhvGF7C3bf8TKuGUaMKhfq+4Rr6ABEzFJIRr9vqeerGBukkwoL/O8aHoDcaoLNim3egrNFZbHMOD4x3Z9eAovjB1xSEysppeUj6yT+smfUYmlqb4Llrjqd5uKLURZq5MgbpnGuCNK6AXLb5ua7LVAmSUzKz2uv6xYm+FmknsnlCJDaKcgU90cUwl+vBPM+AQ/OKKaZha8JDJSOcFFeQj5J3O0RPMcq+vSGAOX3tEQOW88CgzUKyFI/N090jpuTRNAuaEAQ7fDqd5DZl6dKJWTdEA2ipY/q4TuU2ihWCfzB8l+qUnSDCI82yX2G/2cIa636AYQmZJM3rbSrxWGq6u7MoJU5puVY2zBHKspJxFoRgIR51viU++eumtQ2KGGoRMGnOvlH5FwR4ofZHuUa/TFDP92011pOAbjLtVC2zg0sK79GYQzJ6XMZaQEkJSHxtqDslKESHBc7kfdyjBpDm1JGfvM9h4WS9EzPCjHgfvC7QQH2oHkgkNaEY06Q/uWwFYwpA3OyCb6Lr2oO8V/WyA83ufvuMVXkEm/+ypp1CBTPpSd2awYfoPe6djR+1qpP0NZS9riLD5n6RAjqVyDHYCT0VzpFteWXBdLM4G1kB2YyWmuNdsJxdVfz6zBFza6oedVM4PAlqtyQUJfqR3LhMteUNNoJKppx3QJxaiFwht/TmWcHKDhV1hs5FGGGWGo0jwfE9whnS1GDCbSfEFk0kDON/YIuPE9BZQtnzko+0DdYncI8wvkbUr1IFc7/e30/PPdGBjrUhU7OXk7Xbjc25w6hTDk/sFd48p+TjrfHIncuw0Bh2RIZ9CZJDckesF6qefnh5jjwIOAvRmGNku1s2jY0debnzKGDXuoK+lBXa/JChSSZl3Fx+nLGDfrIFizftslnzTtyxRPCS1XS1re6FCTK84GaPjTdUR64Opajowf
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739AF51C3596725DC569E759F13ACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f10cbde6-a542-4df9-3c63-08db99e4c798
X-MS-Exchange-CrossTenant-originalarrivaltime: 10 Aug 2023 21:00:08.3208 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NMeyVtykBtnfIDjOjDZ8JnCWESpNvBr+14UzJ9jcVxm4cEjPC1eMcOSPeoqsUSxhObqM0wSafFHIAZ5MT37jEgh0zp0DeWPUL+ItXf1I2iE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB5124
X-Proofpoint-GUID: _tC70pHDU0PYwYsP6-yR09jwlpDdqlwx
X-Proofpoint-ORIG-GUID: _tC70pHDU0PYwYsP6-yR09jwlpDdqlwx
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.254,Aquarius:18.0.957,Hydra:6.0.591,FMLib:17.11.176.26 definitions=2023-08-10_16,2023-08-10_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 priorityscore=1501 lowpriorityscore=0 mlxscore=0 suspectscore=0 adultscore=0 clxscore=1015 impostorscore=0 phishscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2306200000 definitions=main-2308100180
Archived-At: <https://mailarchive.ietf.org/arch/msg/acme/lUTZyFVjF5ykkI3PkhoGHetAzfo>
Subject: Re: [Acme] [EXTERNAL] Re: Internet-Draft: PQC Algorithm negotiation in ACME
X-BeenThere: acme@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Automated Certificate Management Environment <acme.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/acme>, <mailto:acme-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/acme/>
List-Post: <mailto:acme@ietf.org>
List-Help: <mailto:acme-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/acme>, <mailto:acme-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Aug 2023 21:00:35 -0000

Well that’s true, but public CAs do sell S/MIME certs to the public; consider for example the whole thing about issuing S/MIME certs over ACME.

---
Mike Ounsworth

From: Russ Housley <housley@vigilsec.com>
Sent: Thursday, August 10, 2023 3:49 PM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: Tim Hollebeek <tim.hollebeek=40digicert.com@dmarc.ietf.org>; Aaron Gable <aaron=40letsencrypt.org@dmarc.ietf.org>; Seo Suchan <tjtncks@gmail.com>; Alexandre Augusto <alexandre.a.giron@gmail.com>; IETF ACME <acme@ietf.org>; Lucas Pandolfo Perin <lucas.perin@tii.ae>; Ricardo Custódio <ricardo.custodio@ufsc.br>; victor.valle@grad.ufsc.br
Subject: [EXTERNAL] Re: [Acme] Internet-Draft: PQC Algorithm negotiation in ACME

Mike: Enterprises that do face-to-face enrollment and issue a token that contains a signature certificate and a key management certificate do not need a PoP protocol for the key management private key. Russ On Aug 8, 2023, at 6: 38 PM, Mike

Mike:

Enterprises that do face-to-face enrollment and issue a token that contains a signature certificate and a key management certificate do not need a PoP protocol for the key management private key.

Russ



On Aug 8, 2023, at 6:38 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>> wrote:

This draft raises an interesting side-question: do we actually need ACME for KEM certs? If so, for which use-cases? The flippant answer is “We never needed to support ECDH PoP, so why do we need to support KEM PoP?”.

I think for TLS certs, ACME needs to support KEM certs if-and-only-if draft-celi-wiggers-tls-authkem gets adopted by the TLS WG.

For S/MIME we clearly need to support KEM certs, which I assume would fall under RFC8823 which says “just do a CSR for your encryption-only key” – although I notice that 8823 does not tell me how I’m supposed to sign my “encryption-only CSR”. I would bet $50, or a beverage of your choice in Prague, that there exist almost no S/MIME clients or CAs that support ECDH certs, so in practice we just cheat and sign the CSR with the RSA encryption key. If that’s true that S/MIME just entirely skipped over ECDH as a technology, then we may actually have a novel problem to solve here in the form of “How do you do a CSR for a key that can’t sign?”.

---
Mike Ounsworth
Software Security Architect, Entrust

From: Acme <acme-bounces@ietf.org<mailto:acme-bounces@ietf.org>> On Behalf Of Tim Hollebeek
Sent: Tuesday, August 8, 2023 1:54 PM
To: Aaron Gable <aaron=40letsencrypt.org@dmarc.ietf.org<mailto:aaron=40letsencrypt.org@dmarc.ietf.org>>; Seo Suchan <tjtncks@gmail.com<mailto:tjtncks@gmail.com>>
Cc: Alexandre Augusto <alexandre.a.giron@gmail.com<mailto:alexandre.a.giron@gmail.com>>; acme@ietf.org<mailto:acme@ietf.org>; Lucas Pandolfo Perin <lucas.perin@tii.ae<mailto:lucas.perin@tii.ae>>; Ricardo Custódio <ricardo.custodio@ufsc.br<mailto:ricardo.custodio@ufsc.br>>; victor.valle@grad.ufsc.br<mailto:victor.valle@grad.ufsc.br>
Subject: [EXTERNAL] Re: [Acme] Internet-Draft: PQC Algorithm negotiation in ACME

I agree that generic support for profile selection and migration between protocols is superior. PQC isn’t actually particularly special or relevant to ACME, and we should avoid putting PQC-specific stuff into protocols that don’t need it, because
I agree that generic support for profile selection and migration between protocols is superior.  PQC isn’t actually particularly special or relevant to ACME, and we should avoid putting PQC-specific stuff into protocols that don’t need it, because we’ll be maintaining some of these protocols far into the future, when we might be more worried about the transition to Imperial Galactic Standard Certificates instead of PQC.

-Tim

From: Acme <acme-bounces@ietf.org<mailto:acme-bounces@ietf.org>> On Behalf Of Aaron Gable
Sent: Tuesday, August 8, 2023 12:44 PM
To: Seo Suchan <tjtncks@gmail.com<mailto:tjtncks@gmail.com>>
Cc: Alexandre Augusto <alexandre.a.giron@gmail.com<mailto:alexandre.a.giron@gmail.com>>; acme@ietf.org<mailto:acme@ietf.org>; Lucas Pandolfo Perin <lucas.perin@tii.ae<mailto:lucas.perin@tii.ae>>; Ricardo Custódio <ricardo.custodio@ufsc.br<mailto:ricardo.custodio@ufsc.br>>; victor.valle@grad.ufsc.br<mailto:victor.valle@grad.ufsc.br>
Subject: Re: [Acme] Internet-Draft: PQC Algorithm negotiation in ACME

I concur with what the others have said here. My overarching concern is that this draft seems too PQC-specific: the general capabilities it describes are useful outside the context of PQC, and the general ideas herein should be standardized in a more flexible manner.

The issue of confirmation of control of the private key is a non-issue that does not need to be addressed by this document. The ACME protocol as it stands (not to mention most other non-standardized issuance protocols) does not prove that the Applicant controls the private key corresponding to the public key they request to have in their certificate. Presentation of a signed CSR does not prove control of the corresponding private key, as CSRs are public information and anyone can present any CSR they find lying around the web. I think it's a good idea for the ACME protocol to have a mechanism to prove control of the cert private key, probably by having the CSR contain an additional high-entropy field which is provided by the CA in the new-order response. But this is generalizable to all certs, not just KEM certs.

Similarly, this idea of algorithm negotiation feels far too specific. What ACME needs is not PQC algorithm selection, but generic profile selection. A CA should be able to advertise various profiles (e.g. signature algorithms, EKUs, validity periods, etc) in the Directory object, and the client should be able to select a profile via one or more fields in the new-order request. Again, I think an approach like this covers the use-cases supposed by this draft, but generalizes much wider than just PQC algorithm selection.

Aaron

On Sun, Aug 6, 2023 at 6:39 AM Seo Suchan <tjtncks@gmail.com<mailto:tjtncks@gmail.com>> wrote:

thoughs in no particular order:

1. I don't think section 3's 1RTT mode works. CA already signed the certificate if it can give out encrypted version of it, then client can get certificate from CT log.

2. is there a reason to include just PQC algos on list of supported algorithm endpoint? I think there is no reason to not include classical algorithms there, as those have parameters CA may refuse (rsa keysize, ecdsa curves)

3. LE doesn't consider CSR as proof of possession of private key (so you need sign revoke request with certs privkey to use reason key compromise), and TLS CA/B BR doesn't actually require to check it.
2023-08-06 오후 8:00에 Alexandre Augusto 이(가) 쓴 글:
Dear chairs and WG,

I would like to share our proposal for improving ACME with algorithm negotiation support. The main features are:
- Flexibility: allows clients to know (in advance) if their desired algorithm is supported by the server;
- Automated Issuance of KEM certificates: currently not supported in ACME, our proposal specifies two ways to allow clients asking for such a certificate.

Link: https://datatracker.ietf.org/doc/draft-giron-acme-pqcnegotiation/<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-giron-acme-pqcnegotiation/__;!!FJ-Y8qCqXTj2!Z6yUOEWR0uj5__zd5h6OuV32KbMZsdOIo1LG1S1Ytwjtw92vDUNfPkoeaEhD09QA-ENn_uKx9ENTEsoOS1E0XM3xbIpbcdW1wzH5$>

If there is any interest, doubts, please let me know. I'll be happy to discuss it with you.

Best regards,
--
Alexandre Augusto Giron
Federal University of Technology - Parana (UTFPR<https://urldefense.com/v3/__https:/coenc.td.utfpr.edu.br/*7Egiron/__;JQ!!FJ-Y8qCqXTj2!Z6yUOEWR0uj5__zd5h6OuV32KbMZsdOIo1LG1S1Ytwjtw92vDUNfPkoeaEhD09QA-ENn_uKx9ENTEsoOS1E0XM3xbIpbcYZ7IpX9$>)
PhD Student at Federal University of Santa Catarina (UFSC)




_______________________________________________

Acme mailing list

Acme@ietf.org<mailto:Acme@ietf.org>

https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!Z6yUOEWR0uj5__zd5h6OuV32KbMZsdOIo1LG1S1Ytwjtw92vDUNfPkoeaEhD09QA-ENn_uKx9ENTEsoOS1E0XM3xbIpbcbbjojgv$>
_______________________________________________
Acme mailing list
Acme@ietf.org<mailto:Acme@ietf.org>
https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!Z6yUOEWR0uj5__zd5h6OuV32KbMZsdOIo1LG1S1Ytwjtw92vDUNfPkoeaEhD09QA-ENn_uKx9ENTEsoOS1E0XM3xbIpbcbbjojgv$>
Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________
Acme mailing list
Acme@ietf.org<mailto:Acme@ietf.org>
https://www.ietf.org/mailman/listinfo/acme<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/acme__;!!FJ-Y8qCqXTj2!chHR2tWYlcHYeLl28KY0wnUalZrpVztePokKfBqWcZxd2pbaDtuYcu_6UInhwTyhlIiQ270MQP_PmLZigye-5Q$>

v2.23.0 | Report a Bug | By Email