Re: [Cfrg] Keys for multiple cryptographic uses (was: Re: Outline -> was Re: normative references)
Paul Lambert <paul@marvell.com> Thu, 16 January 2014 22:37 UTC
Return-Path: <paul@marvell.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 256051A1F62 for <cfrg@ietfa.amsl.com>; Thu, 16 Jan 2014 14:37:46 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.567
X-Spam-Level:
X-Spam-Status: No, score=-1.567 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, IP_NOT_FRIENDLY=0.334, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rTE5RpqU3pPv for <cfrg@ietfa.amsl.com>; Thu, 16 Jan 2014 14:37:44 -0800 (PST)
Received: from mx0b-0016f401.pphosted.com (mx0b-0016f401.pphosted.com [67.231.156.173]) by ietfa.amsl.com (Postfix) with ESMTP id BC1921A1F7B for <cfrg@irtf.org>; Thu, 16 Jan 2014 14:37:44 -0800 (PST)
Received: from pps.filterd (m0045851.ppops.net [127.0.0.1]) by mx0b-0016f401.pphosted.com (8.14.5/8.14.5) with SMTP id s0GMbL4P016972; Thu, 16 Jan 2014 14:37:30 -0800
Received: from sc-owa02.marvell.com ([199.233.58.137]) by mx0b-0016f401.pphosted.com with ESMTP id 1hcwywuurm-1 (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NOT); Thu, 16 Jan 2014 14:37:29 -0800
Received: from SC-vEXCH2.marvell.com ([10.93.76.134]) by sc-owa02.marvell.com ([10.93.76.22]) with mapi; Thu, 16 Jan 2014 14:37:28 -0800
From: Paul Lambert <paul@marvell.com>
To: Rene Struik <rstruik.ext@gmail.com>, David McGrew <mcgrew@cisco.com>, "Igoe, Kevin M." <kmigoe@nsa.gov>, Watson Ladd <watsonbladd@gmail.com>
Date: Thu, 16 Jan 2014 14:37:27 -0800
Thread-Topic: Keys for multiple cryptographic uses (was: Re: [Cfrg] Outline -> was Re: normative references)
Thread-Index: Ac8TCrSOH001xgO2Srmoxqkso1h+iAAAB7rw
Message-ID: <7BAC95F5A7E67643AAFB2C31BEE662D018B7FB9E77@SC-VEXCH2.marvell.com>
References: <CEFC6B5C.2C6E8%paul@marvell.com> <CACsn0ckSMUbEJ4F3bQ5KVMbhdPQw1MTMCce6B8uhMfA_V0Nupw@mail.gmail.com> <CEFCBB2E.2C792%paul@marvell.com> <3C4AAD4B5304AB44A6BA85173B4675CABA9A493F@MSMR-GH1-UEA03.corp.nsa.gov> <52D8417B.9030908@cisco.com> <52D85DBB.1010505@gmail.com>
In-Reply-To: <52D85DBB.1010505@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10432:5.11.87, 1.0.14, 0.0.0000 definitions=2014-01-16_07:2014-01-16, 2014-01-16, 1970-01-01 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 suspectscore=0 phishscore=0 adultscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=7.0.1-1305240000 definitions=main-1401160156
Cc: Yaron Sheffer <yaronf.ietf@gmail.com>, "cfrg@irtf.org" <cfrg@irtf.org>
Subject: Re: [Cfrg] Keys for multiple cryptographic uses (was: Re: Outline -> was Re: normative references)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <http://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <http://www.irtf.org/mail-archive/web/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <http://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 16 Jan 2014 22:37:46 -0000
Hi Rene, ⨳|-----Original Message----- ⨳|From: Rene Struik [mailto:rstruik.ext@gmail.com] ⨳|Sent: Thursday, January 16, 2014 2:31 PM ⨳|To: David McGrew; Igoe, Kevin M.; Paul Lambert; Watson Ladd ⨳|Cc: Yaron Sheffer; cfrg@irtf.org ⨳|Subject: Keys for multiple cryptographic uses (was: Re: [Cfrg] Outline ⨳|-> was Re: normative references) ⨳| ⨳|Hi Paul et al: ⨳| ⨳|A counter example in practice to the "received wisdom" not to reuse ⨳|public keys both for key agreement and non-repudiation is during ⨳|certification requests, when the key to be certified is to be used for ⨳|uses including key agreement and where the request is signed. ⨳| ⨳|[see also NIST SP 800-56a-2013, Section 5.6.3.2, item #5: ⨳|A static key pair may be used in more than one key-establishment ⨳|scheme. ⨳|However, one static public/private key pair shall not be used for ⨳|different purposes (for example, a digital signature key pair is not ⨳|to be used for key establishment or vice versa) with the following ⨳|possible ⨳|exception: when requesting the (initial) certificate for a public ⨳|static key-establishment key, the key-establishment private key ⨳|associated with the public key may be used to sign the certificate ⨳|request. See SP 800-57, Part 1 on Key Usage for further information. ⨳|] ⨳| ⨳|While key separation seems prudent, it is not entirely clear (to me) ⨳|whether the conditions under which this is required are precisely ⨳|known (even in the above-mentioned case of signed certificate ⨳|requests).[ ⨳] Yes - exactly! Caution is good ... but once this guidance was set down we have not bothered to investigate deeply which algorithm combinations are secure for mixed use. Additional wisdom on where specific Oracle exist would be very informative. Thanks, Paul ⨳| ⨳|Best regards, Rene ⨳| ⨳| ⨳|On 1/16/2014 3:30 PM, David McGrew wrote: ⨳|> Hi Kevin, Paul, and Watson, ⨳|> ⨳|> On 01/16/2014 02:42 PM, Igoe, Kevin M. wrote: ⨳|>> Paul Lambert ⨳|>> On Thursday, January 16, 2014 1:43 AM Paul Lambert wrote: ⨳|>> ⨳|>>> A truly ‘unified' public key system would support both signatures ⨳|>>> and key establishment with the same key. ⨳|>>> ⨳|>> Received wisdom is that using the same key for both key ⨳|establishment ⨳|>> and signatures is a bad idea. I believe the concern is that one ⨳|>> protocol might be used an Oracle to subvert the other. ⨳|> ⨳|> Agreed on that point, but there is a background issue here that I ⨳|want ⨳|> to ask about. ⨳|> ⨳|> [snip] ⨳| ⨳| ⨳|-- ⨳|email: rstruik.ext@gmail.com | Skype: rstruik ⨳|cell: +1 (647) 867-5658 | US: +1 (415) 690-7363
- [Cfrg] Outline -> was Re: normative references Paul Lambert
- Re: [Cfrg] Outline -> was Re: normative references Watson Ladd
- Re: [Cfrg] Outline -> was Re: normative references Paul Lambert
- Re: [Cfrg] Outline -> was Re: normative references Yoav Nir
- Re: [Cfrg] Outline -> was Re: normative references Watson Ladd
- Re: [Cfrg] Outline -> was Re: normative references Igoe, Kevin M.
- Re: [Cfrg] Outline -> was Re: normative references Paul Lambert
- Re: [Cfrg] Outline -> was Re: normative references David McGrew
- Re: [Cfrg] Outline -> was Re: normative references Michael Hamburg
- Re: [Cfrg] Outline -> was Re: normative references Watson Ladd
- Re: [Cfrg] Outline -> was Re: normative references Watson Ladd
- Re: [Cfrg] Outline -> was Re: normative references Paul Lambert
- [Cfrg] Keys for multiple cryptographic uses (was:… Rene Struik
- Re: [Cfrg] Keys for multiple cryptographic uses (… Paul Lambert
- Re: [Cfrg] Keys for multiple cryptographic uses (… Paterson, Kenny
- Re: [Cfrg] Keys for multiple cryptographic uses Rene Struik
- Re: [Cfrg] Keys for multiple cryptographic uses (… Greg Rose
- Re: [Cfrg] Keys for multiple cryptographic uses (… Paul Lambert
- Re: [Cfrg] Keys for multiple cryptographic uses (… Watson Ladd
- Re: [Cfrg] Keys for multiple cryptographic uses (… Paul Lambert
- Re: [Cfrg] Keys for multiple cryptographic uses (… Paul Lambert