Re: [COSE] COSE Support for AES-CTR and AES-CBC
Sophie Schmieg <sschmieg@google.com> Tue, 08 November 2022 17:22 UTC
Return-Path: <sschmieg@google.com>
X-Original-To: cose@ietfa.amsl.com
Delivered-To: cose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABCB3C152703 for <cose@ietfa.amsl.com>; Tue, 8 Nov 2022 09:22:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.607
X-Spam-Level:
X-Spam-Status: No, score=-17.607 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, ENV_AND_HDR_SPF_MATCH=-0.5, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5, USER_IN_DEF_SPF_WL=-7.5] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=google.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cLR-UN1Eqqb9 for <cose@ietfa.amsl.com>; Tue, 8 Nov 2022 09:22:43 -0800 (PST)
Received: from mail-yb1-xb29.google.com (mail-yb1-xb29.google.com [IPv6:2607:f8b0:4864:20::b29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 070E6C1526E9 for <cose@ietf.org>; Tue, 8 Nov 2022 09:22:33 -0800 (PST)
Received: by mail-yb1-xb29.google.com with SMTP id k13so14336742ybk.2 for <cose@ietf.org>; Tue, 08 Nov 2022 09:22:33 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=h5lpHJUglQmmL4AYwB7rvNHfdgM2mO9tESl8xiRBfu0=; b=GOed+hgrDpi09Xq/AMQVt1CRYAvZu7RSdak2drrVCdaLU1uJVa9u6L0Ajso5AL/DDy NW+pej2z8uFLO6baMQZb9HMuqbihbLerY24kDFgYE1j7+aoGOnHT40mnlt+HM5ZE137P iA4j/L30pD5E/JM0ahLS2YoYEMqQT1ws4RBi4vTf/2OxIqXPwtMiy0ClRABxfyAAWTXl OEFt2TBpGJpWggmtr4WreTOHcuIznmYnHLPfxvM+bTiHQOsdeY1VItYUm/5E8RukLxCQ kUajCXwQO4cEvnMNDn/HrsiwewxYQTcG2F5xpuLclzWqk2NSPHOFGqAqkmfNF7G7O5mA Jv6Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=h5lpHJUglQmmL4AYwB7rvNHfdgM2mO9tESl8xiRBfu0=; b=MPEt0tXqD89aXSF5YxrKg8/InvVRqw6Zqf1piCgvKDzSWOMdsKivkurp4Oz/IeyxK/ P4NtJCMwz663cky1H5oBeBJCdr7iohzzqXwCX8yBNr8hpO7IUDce9ZvergCaSc9X901F TiVMNy+VHwRbZ9I+EsrzcYDqyXquGgfZ8bEmAaMFWdJOn2IYS8sDukFfggbp8Jl/kSVS iwEzh1b9k1enLdFLnEdCKRGi7DCw6592w4H0G8zXhl7BBLQY254dDGqaVmy1HIYJNcrI Uf2399bGyQ2mKUir9XOIOtgqY5dhXMQ3RjU5WhmjzY4goV+HyMb/awMw/izWrpyxu6na 4+eg==
X-Gm-Message-State: ANoB5pnNJ/LHhUujxbJd1jE4kGtiFh7RCg3SUX/OME5EBcMOBejG093m pZplTqzyoamexnkPlDfH8H5f+uKId5duD8nieXkiZ1BkYcw9Dg==
X-Google-Smtp-Source: AA0mqf78T42IfAiacXPN9ckb6rxEBFLzlPZ6GaK1uLevnlhf9+ZwkMBG2J7gxRRNmxErtCtk6oW1a/Vwuj4T/wM964k=
X-Received: by 2002:a05:6902:246:b0:6d8:d0f7:19b0 with SMTP id k6-20020a056902024600b006d8d0f719b0mr7518238ybs.112.1667928152641; Tue, 08 Nov 2022 09:22:32 -0800 (PST)
MIME-Version: 1.0
References: <CAGi82uNOmJJdO2HKcE8M491Vv_PLgk8J8vvfsEE88CMZkmALmw@mail.gmail.com> <a69db82e96374a36b1f7164da3c5556e@amazon.com> <CAEEbLAZXLmvQbXkdqJcO2erQLVBic3gfuGPv8XRTSxZRiAaAvQ@mail.gmail.com> <6791A073-9A6D-4B9F-BE35-6C577C3D5CCC@tzi.org> <CAEEbLAab3jckpU1+9_tOZFsnPKt7G=cCpbLGK=QKHejem2VzGQ@mail.gmail.com> <DBBPR08MB591506256FED669E6FC23ED5FA369@DBBPR08MB5915.eurprd08.prod.outlook.com> <93D7CFD8-8526-4D99-896E-5FECF2ECF1B9@tzi.org> <62258369-1D53-4996-8868-FA77723E5CE1@vigilsec.com> <308A3B89-2B00-47AE-885D-41C3D530651E@tzi.org> <F92F8239-F16F-454A-BD6C-92DBDCFD6FFF@vigilsec.com>
In-Reply-To: <F92F8239-F16F-454A-BD6C-92DBDCFD6FFF@vigilsec.com>
From: Sophie Schmieg <sschmieg@google.com>
Date: Tue, 08 Nov 2022 09:22:20 -0800
Message-ID: <CAEEbLAZ=_4d5zyMrUYhNEx-+_A6rDAyFTPEVu6tQavBtB6FqbA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: Carsten Bormann <cabo@tzi.org>, Hannes Tschofenig <Hannes.Tschofenig@arm.com>, Sophie Schmieg <sschmieg=40google.com@dmarc.ietf.org>, "Arciszewski, Scott" <scottarc@amazon.com>, "Zundel, Brent" <brent.zundel@avast.com>, "cose@ietf.org" <cose@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000000cde4d05ecf8c9f2"
Archived-At: <https://mailarchive.ietf.org/arch/msg/cose/QWzMV33ho62WSmwjuaxaVWaiq28>
Subject: Re: [COSE] COSE Support for AES-CTR and AES-CBC
X-BeenThere: cose@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: CBOR Object Signing and Encryption <cose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/cose>, <mailto:cose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cose/>
List-Post: <mailto:cose@ietf.org>
List-Help: <mailto:cose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/cose>, <mailto:cose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 08 Nov 2022 17:22:47 -0000
On Sat, Nov 5, 2022 at 9:29 AM Russ Housley <housley@vigilsec.com> wrote: > The Security Considerations is already longer than the rest of the > document. And, the specification already says that AES-CTR MUST be used > with some other integrity mechanism. In the SUIT environment, the > integrity mechanism a digital signature. > But using AES-CTR with another integrity mechanism alone does not help, since signature stripping would still work. For an example of a signature stripping attack with AES-CTR, see [1]. All of these issues are in the end avoidable by a good implementation (i.e. one that annotates keys with their algorithm, and does not use the alg field in order to make algorithm decisions), but experience shows that implementers are not always careful reading advisory sections of a spec. A clear distinction on the standard level, making sure that these two things are different and should use different methods does help a lot with this issue, as it acts as a somewhat self-enforcing advisory, and seems to get you exactly what you want in terms of functionality. I'm slightly confused why you would use COSE at all if you are worried about overhead, instead of using the output format of the cryptographic standard directly, that seems to be a preferable choice for this use case? [1] https://blog.cryptographyengineering.com/2016/03/21/attack-of-week-apple-imessage/ -- Sophie Schmieg | Information Security Engineer | ISE Crypto | sschmieg@google.com
- [COSE] Call for adoption of CBOR Object Signing a… Mike Jones
- Re: [COSE] Call for adoption of CBOR Object Signi… Hannes Tschofenig
- Re: [COSE] Call for adoption of CBOR Object Signi… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Ken Takayama
- Re: [COSE] Call for adoption of CBOR Object Signi… Brendan Moran
- Re: [COSE] Call for adoption of CBOR Object Signi… Emmanuel Baccelli
- [COSE] Call for adoption of CBOR Object Signing a… David Brown
- [COSE] Call for adoption of CBOR Object Signing a… Russ Housley
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Prorock
- Re: [COSE] Call for adoption of CBOR Object Signi… Orie Steele
- Re: [COSE] Call for adoption of CBOR Object Signi… Blumenthal, Uri - 0553 - MITLL
- Re: [COSE] Call for adoption of CBOR Object Signi… Mike Jones
- [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Zundel, Brent
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Arciszewski, Scott
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Stephen Farrell
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Hannes Tschofenig
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Ilari Liusvaara
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Scott Fluhrer (sfluhrer)
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Carsten Bormann
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Sophie Schmieg
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Russ Housley
- Re: [COSE] COSE Support for AES-CTR and AES-CBC David Brown
- Re: [COSE] COSE Support for AES-CTR and AES-CBC Brendan Moran