[Rats] Which Asymmetric algorithms for Charra?

"Eric Voit (evoit)" <evoit@cisco.com> Tue, 11 August 2020 22:51 UTC

Return-Path: <evoit@cisco.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAD523A0D88 for <rats@ietfa.amsl.com>; Tue, 11 Aug 2020 15:51:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -9.598
X-Spam-Level:
X-Spam-Status: No, score=-9.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H4=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=fdio4K6g; dkim=fail (1024-bit key) reason="fail (body has been altered)" header.d=cisco.onmicrosoft.com header.b=d3o65Rzf
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SfK-umWjfg1w for <rats@ietfa.amsl.com>; Tue, 11 Aug 2020 15:51:51 -0700 (PDT)
Received: from alln-iport-8.cisco.com (alln-iport-8.cisco.com [173.37.142.95]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 476323A0D89 for <rats@ietf.org>; Tue, 11 Aug 2020 15:51:51 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15437; q=dns/txt; s=iport; t=1597186311; x=1598395911; h=from:to:subject:date:message-id:mime-version; bh=vb1qz5n06RkgJBMC9pkafxQQwW02gNuFOgkGph+AmNo=; b=fdio4K6gxS7yi2nm1P45lQ4QYZDCVHX8O+BBoCekc+eacHNi0cBZrEl6 bpeCbMQ8AS+hI6svIJNVMqQRtwUHwxY2YCfOpimt5HMtq3juznRVj1S7c yrrdVTO6KZBPUwDSKl5Zgoo46f3douRDE560sABBC6jJL4ausyUKQQcAJ o=;
X-Files: smime.p7s : 3975
IronPort-PHdr: =?us-ascii?q?9a23=3Awo1dNBc1FO0b6J2bE7td/DlRlGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwaQB9fa5u5Kze3MvPOoVW8B5MOHt3YPONxJWg?= =?us-ascii?q?QegMob1wonHIaeCEL9IfKrCk5yHMlLWFJ/uX3uN09TFZX/akHc5Hqo4m1aFh?= =?us-ascii?q?D2LwEgIOPzF8bbhNi20Obn/ZrVbk1IiTOxbKk0Ig+xqFDat9Idhs1pLaNixw?= =?us-ascii?q?=3D=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0B5CgADIDNf/4UNJK1XCYEJgm0vUQd?= =?us-ascii?q?vKy0vLAqHcgOLD4oijByCBoJnglMDVQQHAQEBCQMBASUIAgQBAYRMAoIzAiQ?= =?us-ascii?q?4EwIDAQELAQEFAQEBAgEGBG2FXAELhXYUGxMBATgRAVAwJgEEGwYUgwU4gUZ?= =?us-ascii?q?NAx8PAQ6nXAKBOYhhdIE0gwEBAQWBMwEDAgJKA4MNGIIHBwMGgTiBU4Eeih8?= =?us-ascii?q?agUE/gRFDhQRBIgIBgTIuK4Mdgi2bH5sNCoJihDiCXIFPkVeCfp0Xki+BbIh?= =?us-ascii?q?RlHcCBAIEBQIOAQEFgWojgVdwFTuCaVAXAg2OKxeDToUUhUJ0EgIjAgYIAQE?= =?us-ascii?q?DCXyPFgGBEAEB?=
X-IronPort-AV: E=Sophos;i="5.76,302,1592870400"; d="p7s'?scan'208,217";a="541123195"
Received: from alln-core-11.cisco.com ([173.36.13.133]) by alln-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Aug 2020 22:51:50 +0000
Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by alln-core-11.cisco.com (8.15.2/8.15.2) with ESMTPS id 07BMpo33001951 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for <rats@ietf.org>; Tue, 11 Aug 2020 22:51:50 GMT
Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 Aug 2020 17:51:49 -0500
Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 11 Aug 2020 18:51:49 -0400
Received: from NAM12-MW2-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 11 Aug 2020 17:51:49 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=WitpoXqCC64GxWMAoEpLv0dLc/Cw6azdn6+fb72qvBHeK6owb6esZMF6LKvQasMmppTZMU9Pf3jOPIIpbr0o/VQCa4vABHkJMkgDn0sH1GjNx4/eV0aR53B6F6l/7LPlY/tppMTBOkNxBZneaF216b8oZiVkdyQ8mQS3bV601KhUnkp7ubVch8x4ZYjK5lstF+Y29I/Wy9ndhPrAF/it41VQEcYZhfjaINaASpuNef200JOpJ5AcEylDDmFvAmQeF0msCkWJ3MyORAeaZFn9jXpAcweI1yWMi3pcjyJyZkbCJ78pS/9TFW9R0WV7iSR/fS3ok43C/wMZlA83Bh0Q9Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pEZTj7uGy43Gvlu4lQWCk1eN6DDDMa5qnpjLELLIdFI=; b=h6fCi7MNrC/dE2TjqLKY6H1qeSrcMo8udnl3hx1y6IfbJHfmFtos1ui3JTY3nNZRfNamRcL1zI8AK7pA5ayzcjcHDPOxNKoH5gnt2zHih+YgxCoadQ49AZCEOGjI43+des/M1/eIdMJWaiOfvMgvWijIkcyNmpequdUNq765t/khxjm2WXZG/W/5IVhchO6O/pEs1FfVKgMgGDWg2BN0f2VU8UHOYUzzQbOUmj/6yaDT09qVnxB7KcdW2Q3k+rKrAwGHAkFoVgQmtWt2ZjvGi7c0rwqOE3grURkj6XAlu2d0dNP6kqVKdYnV7IirEESKXxGP8TeI9qnOazyvOVTMTg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector2-cisco-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pEZTj7uGy43Gvlu4lQWCk1eN6DDDMa5qnpjLELLIdFI=; b=d3o65RzfhLyZ5yRhAD0Txqtoc/gnc6+fCz811LF6y7ShWr48QcPx2C1C55N6n8sAiY4lUaHcr246M5GSncX3JEZWv7NTmXU3ps1U+pf1LN+IglALy02g/aaejpYlHrI5FaEmIYgBfYOQGN4MHGklacqsLRhCpfmy5HjKZm2tuRc=
Received: from BL0PR11MB3122.namprd11.prod.outlook.com (2603:10b6:208:75::32) by MN2PR11MB4079.namprd11.prod.outlook.com (2603:10b6:208:153::33) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3261.18; Tue, 11 Aug 2020 22:51:47 +0000
Received: from BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2]) by BL0PR11MB3122.namprd11.prod.outlook.com ([fe80::3496:c7b1:6ba3:ace2%5]) with mapi id 15.20.3261.025; Tue, 11 Aug 2020 22:51:47 +0000
From: "Eric Voit (evoit)" <evoit@cisco.com>
To: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Which Asymmetric algorithms for Charra?
Thread-Index: AdZwFfR0sMtRnzzORw2twimiOLxijg==
Date: Tue, 11 Aug 2020 22:51:47 +0000
Message-ID: <BL0PR11MB3122651915512C2D122B35A7A1450@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cisco.com;
x-originating-ip: [173.38.117.78]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 483b6e3a-ff11-4353-32e7-08d83e49209a
x-ms-traffictypediagnostic: MN2PR11MB4079:
x-microsoft-antispam-prvs: <MN2PR11MB4079D0F9BF767E6547972C78A1450@MN2PR11MB4079.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: ce5TcTsXFjzQ8N9q56NVmqPa3hHGjmgxMKUTrL/4//qUDJOCaSrmhtML9IHHaNh9B/hhqoPMg0vgktJVo4QJy36YKuPmL33KqicAG7UPV/iRd/Itnav/7srJc7Fg+hKOkdIeMaf0sVSWY8idgXWjWUIizEGeZgePzjZFUkPAhM4LU+SJ2xKG+PtTvtMre+c+VemhMWqdauhQV1xMjiXr8OzQLWtgR+A7Cfn/F8O/JBfqpRs0ClgooX3NsTsMGvxi1xf0uE4T2Du1JxMPpvGE5NUk93X5ghhRDeKM8WC0iqWTBkfqtRwjhhz4WMJ4jQvSesbfNcZBMInsN9KwSsDFFxjlUr/0J07PoW6MZd4uLSFSc4+H75TRRCIj9224u+nQ4kb1deIxITE9+MTj8889pPeuGnd1pi+t4FRX0bT8Ot7WqeLu7Raur7cjB9vgPbWiIY4hxAfbKv4au3wnpqlZLA==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BL0PR11MB3122.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFTY:; SFS:(4636009)(396003)(39860400002)(376002)(136003)(346002)(366004)(2906002)(52536014)(33656002)(83380400001)(86362001)(6916009)(8676002)(8936002)(316002)(5660300002)(166002)(66476007)(66556008)(966005)(99936003)(71200400001)(478600001)(6506007)(66616009)(186003)(55016002)(9686003)(76116006)(66446008)(26005)(66946007)(7696005)(64756008)(15398625002); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: 2bQNg9ivjXoLu9HRynf5qdL+254IRWHq9drdK/jfJNpOnETMR7xCIOhBLwuE2t3XMKFwn4MWI7EZf3SRMEI47A52CyMiZMJoxm7j64vqWKWLeMy1YN8GCHGvWYpFm95LGtQQO16b2dADgH3lOxLP0bwQVA83XqwSUSUeoBZfvSco06k5iEc03FzPCdykw+QFmlvHaCFRzq5xjXurVDTPa2Is/qD6sgGhh4+Bhj0d6TukN7brg1bglkYqspvyLjb4f4ipuQKsah6f8EFhcSFGvnGF9iPQBq936Pynp+w4/laV04xhFIRijpH41lUmw8T3jQJT/zVUWKtAv5cM2ahi9/y+W3XRGDt+i3UebEKBzwAs92oalcYlyRGpUDNEnLENjjxgQfQ23ICpEyVfZBJkb5yivbVXLtjeP43UFsTHV3XoNVAAhhy7RdhxK29UzAPW2k67wezaLfTDU2zwOn+jq5zANy96rFx0uLp446B2OdCJ1ddewsl38hYdwxPaBHI8PZ/KWLXZ6hnbNi20Xo8LAmngcqXOwO0NtIZdtajlMl2vj88fmysUqBkD5DseQm8Ng38B5zR3VNncxyYAtnkuuv17MrwyYECVZ2q30ZTA76Cf7bn741Hd0Gz7HKY5iVNJAUMh+FRaCIgID4uvxhHpEA==
x-ms-exchange-transport-forked: True
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=SHA1; boundary="----=_NextPart_000_006C_01D67010.729F79D0"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BL0PR11MB3122.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 483b6e3a-ff11-4353-32e7-08d83e49209a
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Aug 2020 22:51:47.1467 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: mtq5rOtImmgr/Bb+L6Md/mUwEGBep860Lw3GOXrpVT+H0PjvbWRy6uP+8Lx4xwxr
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB4079
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com
X-Outbound-Node: alln-core-11.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/03ymT7636AUtpofao3EVknXEmUk>
Subject: [Rats] Which Asymmetric algorithms for Charra?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Aug 2020 22:51:54 -0000

During the charra presentation at IETF 108, we said we were going to ask the
following question to the list: "Should the algorithm set defined in YANG be
reduced to just those asymmetric algorithms currently exposed in the current
TPM 1.2 and 2 specifications?"

 

This is reflected seen in
https://www.ietf.org/proceedings/108/slides/slides-108-rats-sessb-charra-upd
ate-00, Slide 7.

 

The proposal I would like to make is as follows:

*	The TCG tracked algorithms supportable by a TPM should be the only
ones included in a charra maintained list of YANG identities.   

*	This identity set needs to be extendable to new algorithms for any
YANG models which augment charra.

*	TCG Algorithm Registry Revision 01.32, Table 3 at
https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry
_r1p32_pub.pdf contains the algorithms we should encode.

*	There are other types of information within this table, and we might
as well encode the full table within a YANG model.   That way we can
explicitly make the scope of a "ietf-tcg-algs.yang" model the contents this
TCG table encoded in YANG.

*	The YANG model will indicate what TCG algorithms are deprecated by
the IETF.  However identities for these deprecated algorithms from the TCG
table will be assigned.  (e.g., SHA-1)

 

Are there any objections/questions/comments on this proposal?    I have a
strawman YANG file posted at:

https://github.com/ietf-rats-wg/basic-yang-module/compare/master...ericvoit:
patch-4

 

Henk also is thinking of encoding this same Table information within CDDL.
That could be inserted as an additional informational element of the
document for where people prefer CDDL.

 

Eric

 

Eric Voit 

Principal Engineer

.:|:.:|:. Cisco Systems, Inc.