Re: [CFRG] Please review draft-ietf-drip-rid

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 17 September 2021 15:56 UTC

Return-Path: <prvs=5894ae5b75=uri@ll.mit.edu>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 95B433A201C; Fri, 17 Sep 2021 08:56:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yOdoGZG22MMi; Fri, 17 Sep 2021 08:56:07 -0700 (PDT)
Received: from MX2.LL.MIT.EDU (mx2.ll.mit.edu [129.55.12.51]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C67F03A201B; Fri, 17 Sep 2021 08:56:06 -0700 (PDT)
Received: from LLE2K16-HYBRD02.mitll.ad.local (lle2k16-hybrd02.llan.ll.mit.edu [172.25.5.146]) by MX2.LL.MIT.EDU (8.16.1.2/8.16.1.2) with ESMTPS id 18HFu32x314547 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 17 Sep 2021 11:56:03 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=Z1E+M7OOoapTKi0bK6EZNZ1WieuoHi60UulK+hU2Yy8FecK4QLPOFpg4Ju2DM5tiJH/1nX/WMBpd58lOh8iKs91bQneaHKkK27NKs/8gCqBVCVUem4MrV3ngX7vx9oPo5jj+6LmlLPYkRddYCRyOXbcGU8r/Ud+pK4HRsHuHHVCPY9DBQCK7LtGDvxObX7LH087PqRh0pgvYUOAiwfoWxbw9iS+wdiDHdaW2z0mZv5VfYUUYl9TAcwYmDvzDcoSLjLpR0SRYJJwc9+8gLAFFtTocIQLHm3bkvpzL70hEaCmvpzzDx+vV+KrPQ6IcsB2rgv8gx6HZQgMoxXrPkWEugg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=eV2UPEzOvRs7q07TN/aCSL+CHe976YNPHDTf/vpjwOk=; b=gMol/AS6eUCM2rdTavMQ6bjr7cb0H4V2D4vSwTiaqbsA01efpa2viUKUbaJFT8ygsSJqDBmpjyvM3yn8IM/QzVhYDwdZxkT4mWu1yC4dEHF+zvTwk+oWepzFlNAlk4GsRei8pyk6P/8DtWAHoG8afusOacRzfzi9N2JUBkBC1LudfeVYKG+fh8yPnShvtxJW8lG9RLgiuoPOpGyFkmzJpHGLiyACHHeBp39TDndsXm5uOwCJyw1h5FwL2A5urmak3ueV6JOdbQhBqQwYceIQauxZlkV9w07ecwh/MLI2UJspVlcL3gqZFPPg2ObeyOFlCr6vkZjxf2r5sY8wf2evjA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Michael Scott <mike.scott=40miracl.com@dmarc.ietf.org>, "<cfrg@ietf.org>" <cfrg@ietf.org>
Thread-Topic: [CFRG] Please review draft-ietf-drip-rid
Thread-Index: AQHXqabNt36YLY7DJUewIlymAShOI6uoROUA///DNACAAFe/gP//wtEA
Date: Fri, 17 Sep 2021 15:56:01 +0000
Message-ID: <00DA2E69-D80A-4CA7-B744-97B30F237501@ll.mit.edu>
References: <03b5ea0e-cf1a-8edf-d642-2fb4b2e458fd@htt-consult.com> <CACsn0ckZbA4=Xe+Lc1w5bc5os8Ekeh9q7AAxknknwrrBZ0R-KQ@mail.gmail.com> <E0D027B0-089E-4402-BD65-38ADEABC3351@ll.mit.edu> <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com>
In-Reply-To: <CAEseHRoH941WndaQmL8F=4w6BLkfjCaxa8mKP14bjNUEz2MRfw@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.52.21080801
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none;dmarc.ietf.org; dmarc=none action=none header.from=ll.mit.edu;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 77214a6b-0a82-4df6-d9c3-08d979f3a606
x-ms-traffictypediagnostic: BN1P110MB0098:
x-microsoft-antispam-prvs: <BN1P110MB00982F6CDA12446A5370A7D490DD9@BN1P110MB0098.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: DXyRTQDD4cWDFAVnBmiZVASsIsM3dfjnFSaxLMDSRuA5ljNAXY9eNFTLcRc+M7NwncYPZXd06hwq3tof7EuwlaYFdv8MLjt95XweRnfZ37Kqx4a4RY1LBGe7cUcntstLPcB+dxP5dnCnT4zpV4y4O4fRBq3lvtqgEqgN4i5vsa4sd3htVzEFs2sZPgQsNFIF3QzpSSGTc/LDUyAzKtU3RF+y1rd3DFKuCHs8Hcsr5rP6PXTu6q2VNWtvhtcdXkJkxNWo8vn43E/BBN0H3IOW0RVy/Rg8WnoWXhCmaM+CDhB8bDk4tLjTX58K7DL3GdkHvkN3od6eAtB8LHd5B7iJAKKro330WntGusA0HRezWZyS1psDXvZ7HboKmB8wJtLslCnAb7GlYV67AExtSVz7LKgeIP6v33ETnTxPtD/X+njKnOIam7jJqcNmgnf4VBkk/bUaSWNOfnfcjkufelRWgC9IMzX2H/lTM01KOnspK2EWPK/MnNI3i1tF2P3bvpUpT9t8vc8qmtSYFEpDxKHcMt2IvR03XGI9DQBt+ffUM9SPimGE0N4+bbGrSaAA12fQDxGF3uiY/vhhNkJBL95dQ1fBNhrq17ODq1kwbSD+JA1ZW3HJBaQJ5ayULTJogvttUk483QRmLy9t09P/gn3rFedaZJa4sGQxe5i+DUi7MyaprzzG+UxAQMLaom98pKFyg0HiL5n6JLhTWKXrMPXkFEXezOIKJHk3nFUKa+B7WSNb7e75AVkF3NI+e2L6IORI
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(396003)(346002)(39850400004)(136003)(366004)(376002)(6506007)(99936003)(5660300002)(33656002)(966005)(66616009)(2616005)(478600001)(186003)(110136005)(8676002)(75432002)(53546011)(38100700002)(38070700005)(166002)(122000001)(71200400001)(86362001)(6512007)(8936002)(83380400001)(66556008)(2906002)(66476007)(6486002)(66446008)(64756008)(26005)(76116006)(66946007)(316002)(45980500001)(491001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: AvvEOQ38G3pDmF53thtc6jtFbgnYmrjjIxZV6RBzh7WQJo2Kh8WuB/t/41jztKLX2I63l90TZA19k22xxwjWc6dTMWF2fZR5g3OFFSweF815P7U5ImKT9MSjSjYrbuQIHcA7pShhdo93WYQVYcKEhA5RhgAG+bD8IQmoi7w4S1QqBFvgT1Zky8Bd+5B2zO1HuMmdLjSxWCFYNXwfHU8UHPKgeHqmEAX5AFh4MMRUDge5lXQbGyHbGPSs8r1ifPd4jSNBUW3uYIyJglZXjyVwK6CbRqmVM5zrw/kq+PMQCfe1qtmd+GP4OJQaaSfyVlknPbkZRTvuK3UhimR6yaNc5ATOGF7xI7qU+edWEazLK3r0y8Q0my6w1FHuYOgmHbqqvafAjazPhBpGWSqojcQKYoJl3vI2/sPS1Bu+t2PnmEAQvh8bCHnG56IAao70fM4My1RX2R4rJ5TToZ/OzLzj0W5P39O+CcXTwr5rmFEnf0SMCO/9cnAuldtGhCrhvlr9mhwiqJ9AE642p7VpUDLWFxABoMOymHpiBdfkWuDmzbgsmH6Y6zfiWaGvvF25JBL5rDnWxbAK75O4OqXT7F4JoGSItU15sJ1gLg2b9V/SQFFtY3qbBtJaYLDnGTiv3yk8CsCm6dru+lce7IpaulAR8sYd+TjS95Ih4nT1F3e2xso8rqEJbN85Xx1IKRAJLTSSDtcHblW8o2SW/L9QlqzATg==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3714724561_426538489"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0706.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 77214a6b-0a82-4df6-d9c3-08d979f3a606
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Sep 2021 15:56:01.7607 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0098
X-OriginatorOrg: ll.mit.edu
X-Proofpoint-GUID: NaOTBODox3JKrlN-heSp83kTmAAts6R_
X-Proofpoint-ORIG-GUID: NaOTBODox3JKrlN-heSp83kTmAAts6R_
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.391, 18.0.790 definitions=2021-09-17_06:2021-09-17, 2021-09-17 signatures=0
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 phishscore=0 mlxlogscore=999 bulkscore=0 mlxscore=0 spamscore=0 adultscore=0 suspectscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2109030001 definitions=main-2109170097
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/fh-mVi92Mw-yTJJC5hINMARJ-lc>
Subject: Re: [CFRG] Please review draft-ietf-drip-rid
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Sep 2021 15:56:12 -0000

On Fri, Sep 17, 2021 at 3:21 PM Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> wrote:

I have not read the draft, but my answer to Watson is - because there is not enough room for Post-Quantum certificates, and Ed25519 is not an acceptable alternative for some of us.

 

I for one would be interested in just how extensive this "some of us" group is. In the interests of transparency I think they should step forward and identify themselves. It is a view I respect, but personally disagree with.

 

While we both understand that I am not a spokesman for such a group, as nobody appointed or authorized me to do so – IMHO, this group would include all the US Government, all the vendors who sell to US Government, and probably same contingent for other countries.

 

If people in good faith are willing to make major efforts to put forward proposals to this forum, it would only be fair for them to be aware of the extent of that grouping who would reject such proposals out-of-hand. 

 

Sure. Though be aware that only a tiny fraction of the above appears present here, and I can’t speak even for them.

 

Also, please consider that from the common-sense point of view, if the security concern I expressed is valid – the number of people or organizations who share it is irrelevant. So far, there has been no way to either prove or disprove convincingly this concern. And we’ve been erring on the side of caution pretty much everywhere else – so, why not here?

 

 

 

 

On 9/17/21, 09:59, "CFRG on behalf of Watson Ladd" <cfrg-bounces@irtf.org on behalf of watsonbladd@gmail.com> wrote:

    I've read your email and have only one response.

    Why?

    There is enough room for an entire certificate chain using Ed25519 and
    compact encodings. That would be a lot simpler.

    Sincerely,
    Watson Ladd

    --
    Astra mortemque praestare gradatim

    _______________________________________________
    CFRG mailing list
    CFRG@irtf.org
    https://www.irtf.org/mailman/listinfo/cfrg
_______________________________________________
CFRG mailing list
CFRG@irtf.org
https://www.irtf.org/mailman/listinfo/cfrg