Re: [Cfrg] RFC Draft for Secure Crypto Config (Submission support and feedback request)

Kai Mindermann <kai.mindermann@ic-consult.com> Sun, 18 October 2020 09:44 UTC

Return-Path: <kai.mindermann@ic-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 840D43A091F for <cfrg@ietfa.amsl.com>; Sun, 18 Oct 2020 02:44:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=icconsult.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v4fuKOFdeiQ4 for <cfrg@ietfa.amsl.com>; Sun, 18 Oct 2020 02:44:18 -0700 (PDT)
Received: from EUR04-HE1-obe.outbound.protection.outlook.com (mail-eopbgr70098.outbound.protection.outlook.com [40.107.7.98]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0D2333A091B for <cfrg@irtf.org>; Sun, 18 Oct 2020 02:44:17 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=dBngdo7QNEGBmbWC4KIe3aITLGMevWXuGMT9k4tWPLnbx4VV9OdwUGzoXmwNNSmFrV4Gwvj7kyLbTMGvlUTkJomz/0clFcOGJJ6dirWssEbVxR32qv42FFKSRtGnCvnkfwJs9RwEgjuVbr9nEW3dVlIBB0jG02Am8uApmPRrhBWXYeifBgJrvYOKOkfSNGezXQlhZweI9HRPx+xRJxR4UerP5L6gLK0SE7/bv7Zoh4wXCaCQl/HqbWd3nHOxQgBL0NDEH4njZWWs8ss5O/vKYV4g1Sqm33CENHsFt+fPQuQi+ESxqv03M2IAzOj0N97h9LCkVzSlGoWRzNj65ZHZ4w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tx5DI7WPnnwoDB9Upf5Jzla0LT5gwJNekDileDroZr8=; b=oULg3BYGGX4J+X7qYAcprs87TpaCTZSwrzTg5fH9ezQ5djF6xmuWP+hbtv1Z+sUxkY1FeNLuvTLBVk+C+ZMD9D+d39sSiiD5Pt0gcbASm0jE68CERYCXfQSmZ2Amec+GsYIBJ7800gwZc/wx1Zx0UgXveGuPCcUQYyHz6RkQ+wVz44BXABDYzEKL3HiFwNS4Db6Rf3y8P2HnQ0Ezxjng6glv7HKeTcGkP6msiC2CfkJ2E8KPxRcSQ+fTEXbNWb77GPjP4IOYRYJExFLwQyUsvGMe5kyFyd6/hCsSTGU0I2ERiINkLwkwpN6K/ayBf+uUelvttFs5DOZOQSW1Q3gnSQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ic-consult.com; dmarc=pass action=none header.from=ic-consult.com; dkim=pass header.d=ic-consult.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=icconsult.onmicrosoft.com; s=selector2-icconsult-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Tx5DI7WPnnwoDB9Upf5Jzla0LT5gwJNekDileDroZr8=; b=oN3OsubqqDcKpssulheNdxKKTfU7IpO7wnnUH69MtbgFeoq8WzT/Jl9S4xia8PaD4958/n+bmfY2z11/IFZws5w3c1PWmULWNjKi8D7XBh/cetmkrKhXQA5wBcnTXyNIBbA5KSfh7GgGeUk28avXkTeGNXWA/8pGvSFSA7665wc=
Received: from AM0P194MB0498.EURP194.PROD.OUTLOOK.COM (2603:10a6:20b:16a::8) by AM0P194MB0403.EURP194.PROD.OUTLOOK.COM (2603:10a6:208:58::11) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3477.21; Sun, 18 Oct 2020 09:44:10 +0000
Received: from AM0P194MB0498.EURP194.PROD.OUTLOOK.COM ([fe80::2070:4ce0:865f:4b56]) by AM0P194MB0498.EURP194.PROD.OUTLOOK.COM ([fe80::2070:4ce0:865f:4b56%8]) with mapi id 15.20.3477.028; Sun, 18 Oct 2020 09:44:10 +0000
From: Kai Mindermann <kai.mindermann@ic-consult.com>
To: "cfrg@irtf.org" <cfrg@irtf.org>
Thread-Topic: RFC Draft for Secure Crypto Config (Submission support and feedback request)
Thread-Index: AdaAS3oYQCD2sJIxS5WfUYrWcJ4WAQk5zjzg
Date: Sun, 18 Oct 2020 09:44:09 +0000
Message-ID: <AM0P194MB049890800412E9375D48FF0DB6010@AM0P194MB0498.EURP194.PROD.OUTLOOK.COM>
References: <AM0P194MB02899CD89A20C471339EC056B62E0@AM0P194MB0289.EURP194.PROD.OUTLOOK.COM>
In-Reply-To: <AM0P194MB02899CD89A20C471339EC056B62E0@AM0P194MB0289.EURP194.PROD.OUTLOOK.COM>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_ActionId=2800ddf2-d162-400d-9e9d-2830d8a6fbe2; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_ContentBits=0; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Enabled=true; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Method=Standard; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_Name=Public; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_SetDate=2020-09-01T10:34:04Z; MSIP_Label_8c03c5b4-cdb1-4af6-a3a7-6ba071b42a99_SiteId=3ac65224-61ae-43a3-b5af-f6da3cac486c;
authentication-results: irtf.org; dkim=none (message not signed) header.d=none;irtf.org; dmarc=none action=none header.from=ic-consult.com;
x-originating-ip: [2a01:598:8990:1cf7:5026:12aa:d6d6:cd0e]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 907bf431-37cd-4386-92be-08d8734a5d21
x-ms-traffictypediagnostic: AM0P194MB0403:
x-microsoft-antispam-prvs: <AM0P194MB0403FC79760D00474829331CB6010@AM0P194MB0403.EURP194.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: QrCopTkHhoaMhDtgXnyyrzrk1naPeww+TTSh531TjYh93JUqOgB1Yyk+oNu+cx+k5n2yk7wouY6kuB7dyDTbQPDOpGBTtsZ5OL4Hd/tegutS58gGu3in0ORRN+lXFiJqsGmsfeLKKyUjEofvgcSEpIUZo7DblfQDbAElAOGq5sFwj9ld8AwEBP8PSox3jYQpTrWJLOcfm6Q/q3g0SCWcqKAT0G+OrWk2L9luSOmxN9PCGhfLiuf5Pn3GPehNTRjcRq6tyM3ktHesoWdubBAAhoPJLSV0SwYCfU/coY/B6t+Js41Fp3RmcBfDNGA1Iv7MEL3H1M9i/HHsOL+zEN9X68JlO6tfOyJkhmUYk9eTdHCpA7ijVjuvUtYf/Ci1SMZafCjbj9w167yJL7MIM5wJgg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0P194MB0498.EURP194.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(39830400003)(366004)(396003)(376002)(346002)(136003)(52536014)(66574015)(9686003)(8676002)(8936002)(478600001)(9326002)(6506007)(7696005)(186003)(76116006)(66556008)(64756008)(66446008)(66476007)(66946007)(19627235002)(71200400001)(33656002)(166002)(83380400001)(6916009)(966005)(21615005)(5660300002)(55016002)(86362001)(316002)(2906002)(44832011); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: gpm7Wnxnmqy34Q73U8XFJPrs6dOmGGTwUmztpL5Xgzfu5h+rtFN8BnXVEbmVi/WEs/s++BVgEE7648EI9LOyOfi6YcGp/8YFHARDgKcMMaOnBkW1WBTjHsty9Xm53NtIERASDv1TpEo+H4iTxxpmZxBvxmWRGYptFppsnfRva3R/3rMMZGaj65k5Ez/864SnaGEt2xlIWgdalcuXlupL6OOryZtla4jSqAacZlPv6B38pB/sjeWxML7b17FD/0IYsndtSAmoszgenLZPmp+55W2NsAC5d7Tu+kPwEDO+VZwLO2lEEI36soCQwS63zjIydQi5A6JrWgyEdYDG0/yulHvJoNsR3ol7cN+AutiOl/TS8JtFxzFH+vda2t29U6vQkkY0WF6HWZmb5JugSV9zVWTo+ZJdH8h4x6JrLXc+xXGiZslfS6E8wdGoRy81YOuJTuAoY3Dtu3MKM1nzEYB8p1WSr+Ky4wt25gWq1/8d19o3x7Z51H45zwdoABAprTak1zj6y2eikcnC++3bD9M50WYCLon2Uua0Q5uASfLYnyWIDtPWWjMgFWgjh6G4FmZkU8Tl0NHTUeWWLX+6bvFP8JSv2JUt3aBZrOUFVPxpYC3Xp731dnCRbMjJAq4Y2bvWcrKcQE+NdfmqeoVt/IPbP3bfT9nejK8dN9poiago9bEMTYOWqRMJfkhTZ+m8nu0ATnxbgpGJvQktmeJvFx34OA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_AM0P194MB049890800412E9375D48FF0DB6010AM0P194MB0498EURP_"
MIME-Version: 1.0
X-OriginatorOrg: ic-consult.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0P194MB0498.EURP194.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 907bf431-37cd-4386-92be-08d8734a5d21
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Oct 2020 09:44:09.8647 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 3ac65224-61ae-43a3-b5af-f6da3cac486c
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 4+JmmMesKUZ/o9p9+30f8BOcyZLSMt9ZJcg1mogBx58NwcTFj/pGDr8MvNzdQ50RbRiThiQgnynybNbFSSHnJ3rGm0zyRvAKTjQajGC9Zzk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0P194MB0403
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/FEdN0778jM73okiYctrlVIwXP1E>
Subject: Re: [Cfrg] RFC Draft for Secure Crypto Config (Submission support and feedback request)
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Sun, 18 Oct 2020 09:44:21 -0000

Hi,

I have now submitted the proposal as individual draft here: https://datatracker.ietf.org/doc/draft-kaimindermann-securecryptoconfig/

A lot of things are still open, but I think it's still good to show the current state and concepts to the experts already.

Would be interesting to see what you think about the general concept of having something like this standardized in the future.

Mit freundlichen Grüßen / Best regards
Kai Mindermann

--
Kai Mindermann
Senior Consultant
M +49 1512 1054730

kai.mindermann@ic-consult.com<mailto:kai.mindermann@ic-consult.com>
www.ic-consult.com<https://www.ic-consult.com/>

iC Consult Gesellschaft für Systemintegration und Kommunikation mbH
Standort: Zettachring 8a | 70567 Stuttgart | Germany
Verwaltung: Huyssenallee 99-103 | 45128 Essen | Germany
Geschäftsführer: Dr. Andreas Neumann
HRB 116170 Amtsgericht München

Von: Cfrg <cfrg-bounces@irtf.org> Im Auftrag von Kai Mindermann
Gesendet: Dienstag, 1. September 2020 12:36
An: cfrg@irtf.org
Betreff: [Cfrg] RFC Draft for Secure Crypto Config (Submission support and feedback request)

Hi,

me and a master's student (Lisa Teis) are working on a proposed standard to solve some problems around cryptography usage.


I'll cite the Secure Crypto Config draft abstract for you:

Choosing secure cryptography algorithms and their corresponding parameters is difficult. Also, current cryptography APIs cannot change their default configuration which renders them inherently insecure. The Secure Crypto Config provides a method that allows cryptography libraries to change the default cryptography algorithms over time and at the same time stay compatible with previous cryptography operations. This is achieved by combining three things standardized by the Secure Crypto Config: (1) A process that is repeated every two years, where a new set of default configurations for standardized cryptography primitives is published in a specific format. (2) A Secure Crypto Config Interface that describes a common API to use cryptography primitives in software (3) using COSE to derive the parameters from output of cryptography primitives, otherwise future changes of the default configuration would change existing applications behavior.

Our current draft can be found here: https://securecryptoconfig.github.io/secureCryptoConfig/draft-kaimindermann-securecryptoconfig.html and accordingly the repository (including the issue tracker to track feedback) can be found also on GitHub: https://github.com/secureCryptoConfig/secureCryptoConfig

We'd like to submit a version "-01" to the IETF datatracker to work with you on this standard, yet I'm unsure which process to follow (is it a independent submission or not, etc). I tried to use the automatic submission with Travis based on the template project (https://github.com/martinthomson/i-d-template) yet it did not work.

Please give us your feedback and how you would suggest to move forward to get this into the right standardization process. It's still early work and a lot of things are not decided or open, but that's why we want to involve more people to contribute.

Mit freundlichen Grüßen / Best regards
Kai Mindermann

--
Kai Mindermann
Senior Consultant
M +49 1512 1054730

kai.mindermann@ic-consult.com<mailto:kai.mindermann@ic-consult.com>
www.ic-consult.com<https://www.ic-consult.com/>

iC Consult Gesellschaft für Systemintegration und Kommunikation mbH
Standort: Zettachring 8a | 70567 Stuttgart | Germany
Verwaltung: Huyssenallee 99-103 | 45128 Essen | Germany
Geschäftsführer: Dr. Andreas Neumann
HRB 116170 Amtsgericht München