Re: [saag] post-X509 cryptographic identities
Eric Rescorla <ekr@rtfm.com> Wed, 12 February 2020 01:25 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: saag@ietfa.amsl.com
Delivered-To: saag@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A9F812085E for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 17:25:47 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lpfbiUg5rk9b for <saag@ietfa.amsl.com>; Tue, 11 Feb 2020 17:25:44 -0800 (PST)
Received: from mail-lj1-x22d.google.com (mail-lj1-x22d.google.com [IPv6:2a00:1450:4864:20::22d]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8012212085D for <saag@ietf.org>; Tue, 11 Feb 2020 17:25:44 -0800 (PST)
Received: by mail-lj1-x22d.google.com with SMTP id d10so332446ljl.9 for <saag@ietf.org>; Tue, 11 Feb 2020 17:25:44 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=Uk+yGrz/OB9RmZmIAKWvX/iQUNDOHsm3kiZeEiOh7XQ=; b=1I0WQZHLsEJpuKnOGU1trOXy0+yE9ZKWd2WTvJJw2tLd1dvyp7Xlxb50WxgTsUwDUo ambI8QFSD4mn6qbGaQHHth0/8W94W4KvkiDfzi2PYbfGmdAghIN758LqB4pTG5K6xMkF vEMPHUD/h8U9kULWNyQ4lN5uwQjV/ZR2nOJhy3X17n3JQFYPyCAkGrLYG5VGxWbnLQse 3vIDgGzT9gB300ssRR6l5NiWNuD592d6trlTjYxthOgIFGwB5pVF0plSm76Eh4aVCNIN z5btyx1U+Qcyi8C0lR07Wtnx/AIwRLszlIjO9PL0vK8sCjCLViqkr0lTEYYOLx/9plWn 2E7Q==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=Uk+yGrz/OB9RmZmIAKWvX/iQUNDOHsm3kiZeEiOh7XQ=; b=rzdxXcBmRihSKC6626KzekfAdGfgIOny7EumPRuxyyvNWbupl9413x2ebS52Xnd0ms xQo8P2txAAvddpsme99/0XdITA0brCCSsJPgUyaDOLOrWkld/3lpSQZ3LmFOHJKwUo0y dwrp3jgeN/oTEiNt39MABD2QbroTbXaH+ERiBHFNcsmoTnBwQQ2ZYACbX+sLqbyk1+dC jeyqa5b+GW3HEgRao/5iPXcoqo1SHd2qwFzJwIOSXqEcZ1cMTVW6TPzYy3RDhmFp8s78 EET/JjZgujNTW/NryfKRljcQqE5KbQJEJ6c/3K40+GDOgqDMYdJXfP7i+XkfkXtU6Rjn pZVw==
X-Gm-Message-State: APjAAAWREsAXUpQqTzVLFGClVHquXhQmMVAl8U4uxKC/zxg9MDXBKhss ix6ArNbFLmRtxqHkHrELZgJOgLboHad0WrhbhytgLw==
X-Google-Smtp-Source: APXvYqxsinYJ9XTXhi8T7otf0H2ZuznZiksgT18ycAug7WTDk0P0c663N8Qe5B5ZHG4j/Rzr0eda+o8bBd2yEb4kNKo=
X-Received: by 2002:a2e:9b12:: with SMTP id u18mr6075414lji.274.1581470742696; Tue, 11 Feb 2020 17:25:42 -0800 (PST)
MIME-Version: 1.0
References: <157762745765.1150.7880025422884493076@ietfa.amsl.com> <2C5DFA70-AD0E-4139-B28E-2D4EDB6E5409@sinodun.com> <46BDE9EB-6306-4194-AFFA-7E9E6604765F@sinodun.com> <825b8c8e-7ee9-9276-d09e-9c006acf3804@ericsson.com> <CABcZeBOzJ2MRS8deZqN+e-o9tFDwgSrYK3_hmV-0pfO+L9oaVw@mail.gmail.com> <53c87d6b-cad1-3a80-291d-e2a896705da5@ericsson.com> <CABcZeBNJWmFTV==6sa0qnAPyRr4=6OiCacchzobE=RozHnqPdg@mail.gmail.com> <7901248e-c7dd-8a12-65df-f40415fde5e2@cs.tcd.ie> <26497.1581418516@dooku> <db922345-12f5-33f6-2d85-01e858078ad7@cs.tcd.ie> <CABcZeBMR3KVunWGhm7BnX8KocUOuby1HecAatMFZy0acTxCO=g@mail.gmail.com> <3388d1ad-93f6-7d0d-3554-88ee67d1bb8b@cs.tcd.ie> <CABcZeBP4iVG8yeUVqjrDy25th-j0jJQAs1-z_NP0yGgOr21nfw@mail.gmail.com> <1dc76f29-a214-2172-fc4a-8a7262facdb4@cs.tcd.ie> <CABcZeBPn8RZ0QPgx8NvGiLxhx5hRP=UN03fUNwZpRvYjuduEUw@mail.gmail.com> <a87d6a01-ca27-caf6-6fa4-0e0140c5a769@cs.tcd.ie>
In-Reply-To: <a87d6a01-ca27-caf6-6fa4-0e0140c5a769@cs.tcd.ie>
From: Eric Rescorla <ekr@rtfm.com>
Date: Tue, 11 Feb 2020 17:25:06 -0800
Message-ID: <CABcZeBPM=xd-RG8dyQn6a_VDs2S7T09-GSnocNSVAGZOwVUHZQ@mail.gmail.com>
To: Stephen Farrell <stephen.farrell@cs.tcd.ie>
Cc: Michael Richardson <mcr+ietf@sandelman.ca>, saag@ietf.org
Content-Type: multipart/alternative; boundary="000000000000d76b94059e56d9b3"
Archived-At: <https://mailarchive.ietf.org/arch/msg/saag/bWkobMo2pXRwluxbbPadeQhNfx0>
Subject: Re: [saag] post-X509 cryptographic identities
X-BeenThere: saag@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Advisory Group <saag.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/saag>, <mailto:saag-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/saag/>
List-Post: <mailto:saag@ietf.org>
List-Help: <mailto:saag-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/saag>, <mailto:saag-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 12 Feb 2020 01:25:48 -0000
On Tue, Feb 11, 2020 at 5:21 PM Stephen Farrell <stephen.farrell@cs.tcd.ie> wrote: > > > On 12/02/2020 01:16, Eric Rescorla wrote: > > On Tue, Feb 11, 2020 at 5:09 PM Stephen Farrell > > <stephen.farrell@cs.tcd.ie> wrote: > > > >> > >> > >> On 12/02/2020 00:51, Eric Rescorla wrote: > >>> Well, I see what you say at the end, but I don't understand it. > >>> In TLS > >> 1.3, > >>> key establishment does not involve the cert, which is used for > >>> authentication. > >> > >> Sure. And in a PQ world one might worry about factorisation and > >> propose unwise changes to x.509 that involve >1 alg in the > >> certificate signature and SPKI fields. My main point is that I > >> think that'd be unwise. (Not so much because of TLS details, but > >> more because of x.509 library details.) > > I'm not sure if you're agreeing with me in the above > or just skipped over that. But that's ok. > I didn't think it was that relevant to the topic of KE, as noted below. > >> It'd be similarly unwise to want to try handle public keys for PQC > >> KEMs via x.509 and given the entire world is not yet on TLS1.3, > >> that'd maybe still be a bit of an issue. > >> > > > > Well, I don't think there is going to be much enthusiasm for adding > > PQ to TLS 1.2, but even if there was, you would most likely do it the > > same way as in 1.3, as a new DH "group" > > That would make sense, yes. History seems to me to > indicate that people will want every possible way to > do it to be well-defined, leading to those x.509 > library complications in the code, even if it's rarely > executed. (A well-known undesirable thing.) > Well, I suppose that's possible, but as that would require defining TLS cipher suites that used those certificates, and I agree that would be a bad thing, we would presumably have an opportunity to say so. -Ekr
- [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Derek Atkins
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Eric Rescorla
- Re: [saag] post-X509 cryptographic identities Stephen Farrell
- Re: [saag] post-X509 cryptographic identities Peter Gutmann
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Watson Ladd
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Tony Rutkowski
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Phillip Hallam-Baker
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Henry Story
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Michael Richardson
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Viktor Dukhovni
- Re: [saag] post-X509 cryptographic identities Nico Williams
- Re: [saag] post-X509 cryptographic identities Tony Finch
- Re: [saag] post-X509 cryptographic identities Michael Richardson