Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (

Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Thu, 19 December 2019 16:09 UTC

Return-Path: <prvs=24925edb2=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C29EE1200F1 for <secdispatch@ietfa.amsl.com>; Thu, 19 Dec 2019 08:09:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qfIKsMg5eHMZ for <secdispatch@ietfa.amsl.com>; Thu, 19 Dec 2019 08:09:53 -0800 (PST)
Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D77CF1200A4 for <secdispatch@ietf.org>; Thu, 19 Dec 2019 08:09:52 -0800 (PST)
IronPort-SDR: Yp84EwkRj4F9sYZpywCbq9eKZH3FleyXzjE2P9OzEiMKFJ8a4OZNMDgEzveGfpvw7Vrwx4A84w a8fOXQSXdIlw==
X-IronPort-AV: E=Sophos;i="5.69,332,1571720400"; d="scan'208,217";a="6634575"
Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 19 Dec 2019 10:09:51 -0600
Received: from pmspex01.corporate.datacard.com (192.168.211.29) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Thu, 19 Dec 2019 10:09:51 -0600
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (172.28.1.8) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Thu, 19 Dec 2019 10:09:51 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fChywsN6MxTivBfTC4C0im+86dy/BPWLQzZhBougTgE1ijynXJhG6VMMT2lvUZOH0cFwI7iNYnEvaPRvRILCOBg2S0ccvQAjLKn3mN6ep1EYSTBn/e7fL14lBx2jjCRnwqBRNwDGCTidCZS1Z2S37NkE7f3x2CrKaiO6EeGsoA0DkYaA8Dt77KkSB8k152kkamoIsopckZOXbfaYwK1PKpczGvu1bltz3Xfdl4FFNvA9BIJDmkKgtbAnJhn4TAdBXhcpCEHwpCl0Qp5jUAxACRlFzx1Mkn8yFONSVsI1ZVaOzwql2M+0yFvToJMZ461sd/PCDmdAtn3gI4GK0Usr+A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PaJkwVi01kNNc8VfzyR+FiMI1mQr5VC/epkBz5gp7zY=; b=SKujxKDnTNT8Rul0HULwqVORaRRAZvWpPmgq0nCDmgYxm4DdnHl4f/a+FKIMkddNYiiW2CQMhz18vdAiTpZIn8SfzbqbeYUpn/xEt8FzbArvRHGI6rcD+Wb4XiDo02TIQuwKhZ7ExAynz5N4jTZq+8oZIeOy85nj9FucGalHDNCrlkMuRjedCUH1+PFxQe4rBKlZG8pk8CXXu3sZqhFyHiHq4ye1xCjIT2b6ahNL9hbEIL42FXlxzYVVd2PPYIJNZF+oUxvL4zqbN8lFeSEJKyyKwupAJbfUixWScgvQKmVj9hlEwjjFKcYi5jplTh9eUWCSQHqNOkJaoz5KM+Oblw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector1-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=PaJkwVi01kNNc8VfzyR+FiMI1mQr5VC/epkBz5gp7zY=; b=XT6pCkLmr7Vs+AYDOZK3jA7KpRTxkydPxXJbCOzyoBG+ttWkWY/YbI9QC8Jgf1GPskEXgvj3ECUgVLiBooMCxZAqpZ9l/D0j8UFO2O2QJqcytnvNwdihOQALYs3stAlQ+BxoIODEs5SSjUMEO4v5F+mCqjekeNevdWGaMD119DU=
Received: from CY4PR11MB1430.namprd11.prod.outlook.com (10.172.69.137) by CY4PR11MB1861.namprd11.prod.outlook.com (10.175.80.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2538.19; Thu, 19 Dec 2019 16:09:49 +0000
Received: from CY4PR11MB1430.namprd11.prod.outlook.com ([fe80::ede9:16cf:479e:b525]) by CY4PR11MB1430.namprd11.prod.outlook.com ([fe80::ede9:16cf:479e:b525%10]) with mapi id 15.20.2538.019; Thu, 19 Dec 2019 16:09:49 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>, Eric Rescorla <ekr@rtfm.com>, Stephen Farrell <stephen.farrell@cs.tcd.ie>, "Michael Richardson" <mcr+ietf@sandelman.ca>
CC: IETF SecDispatch <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (
Thread-Index: AQHVsQnb1MFmXdTjB0GBQdRnfAIVfqe2tvMAgACoyACAB7g8QA==
Date: Thu, 19 Dec 2019 16:09:49 +0000
Message-ID: <CY4PR11MB14306370336BBCA04E9E755F9B520@CY4PR11MB1430.namprd11.prod.outlook.com>
References: <12eed4ff-edd2-7f70-9460-fc86dcbab927@openca.org> <CABcZeBPbAgBfC6Et+OKQi2=GwsyeyKEKfW5GG=StUepQwy+f0g@mail.gmail.com> <7999ebac-c9c1-eb4f-d9f7-2ba814a3b331@cs.tcd.ie> <78997490-c5ae-c856-6e26-0f79c7733ca3@openca.org> <CABcZeBM5WgpcBP4axBvzWaxKU=JA-K-4qiVxhhO1+HzFf246aw@mail.gmail.com> <MN2PR11MB3710195708AAA808B3D08EC29B580@MN2PR11MB3710.namprd11.prod.outlook.com> <2feb1778-7770-8a09-2066-a84663ff6b2e@cs.tcd.ie> <BN7PR11MB2547EA5F6DF70BC2B9C21E64C9550@BN7PR11MB2547.namprd11.prod.outlook.com> <CABcZeBMu5fRazr3KS8fqAc8c9O3heBY73OfHSCYNyvrKyFrtCw@mail.gmail.com> <DM6PR11MB2555C062D7FC31DC30A6357DC9540@DM6PR11MB2555.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB2555C062D7FC31DC30A6357DC9540@DM6PR11MB2555.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com;
x-originating-ip: [216.191.252.67]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 1b8d2514-4987-421d-08bb-08d7849ddf91
x-ms-traffictypediagnostic: CY4PR11MB1861:
x-microsoft-antispam-prvs: <CY4PR11MB1861AE0D3E93D9BBF1A985D59B520@CY4PR11MB1861.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-forefront-prvs: 0256C18696
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(366004)(39860400002)(346002)(136003)(396003)(199004)(189003)(13464003)(81166006)(8676002)(5660300002)(55016002)(53546011)(66946007)(2906002)(6506007)(76116006)(110136005)(186003)(52536014)(86362001)(4001150100001)(66446008)(966005)(478600001)(66556008)(7696005)(4326008)(316002)(8936002)(26005)(71200400001)(81156014)(66476007)(33656002)(9686003)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:CY4PR11MB1861; H:CY4PR11MB1430.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Dt0oWYlIAuoYA9IxHeFCtcGgO1HPitSjaQHSAxY5mNbLihtMMyi6QiQgjDI1BvPNKp78oGggpkuyP0RyqpJOfdzSGdnohSkRg8s/YKNty2npMVBTznkFEvpZwuesAUwW33W/EopBCJx9SjToZizCyxoPdDgX+2WnuS47BaBin9d+PkFTv+v+mBlHba2LZymuOTSTJbB2/4CqyCqTk/ZbUcezupyaW2mlgF0vz0Z6lpW7+z7uO5Cln5sscNSnKjDv3cHixwKRDPLkNn2suISHjJVnFjT96qn8ysK0D8/Re52fqUB9TzYcajajSvEgK+pTxWG1NsHkjxN0OQXQQmcWJ44a/o6e01jwgg973wohYqXAOYq+eda5Ya36MwjHEZbwVy2d5S6wXhfIOF2PBP7ROwwoxjFMW+dl/Nmo9R7rvzCyWJbQKtEQrX+FD1Il6kQNL1/RSk9a/Uwp1Dj7CUjCsgNgVWcrTEkmVIC1YZtDcfLaErHnygOfBfl8x4PJ1BhQVeC87sZA038WYFDhqu6LR+GpKkl/e9f6wyPlXvEs+/M=
x-ms-exchange-transport-forked: True
Content-Type: multipart/alternative; boundary="_000_CY4PR11MB14306370336BBCA04E9E755F9B520CY4PR11MB1430namp_"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 1b8d2514-4987-421d-08bb-08d7849ddf91
X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Dec 2019 16:09:49.0740 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: NLUFCF3fSEXP+sjlKUr5l3oN05ahzFXnHQVOaasyHkVdt+YVtd33A6ekEwHbqRKLnl2hV1SAkakgiHgyT3mBmATqgCrD4T6IYt0z1sXmcFcJuqtrYgWRw9pMSRTfQvLN
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1861
X-OriginatorOrg: entrustdatacard.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/7FaTtb7pw5vUcXwhDMCJ2KIQ2ko>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Dec 2019 16:09:56 -0000

Thanks Panos for laying out the use-cases. I think you hit a bit one on the head: FIPS approval. On 2019-10-30, NIST published a PQC FAQ that includes a call for hybrid modes for both key exchange and signatures.
https://csrc.nist.gov/Projects/Post-Quantum-Cryptography/faqs
draft-ounsworth-pq-composite-sigs intends to be the “obvious” implementation of NIST’s call for hybrid modes.


One place that we differ from NIST’s call is this point in the FAQ:

> The mode is valid if and only if both signatures are valid.

One of the design requirements that we’ve been working with is the one pushed by Max Pala / CableLabs; deploy devices in the field today that understand the hybrid pub key / signature format, but do not necessarily have an implementation of the PQ algorithm (or have an older, incompatible, implementation of the PQ alg while the NIST PQC is still shaking out mathematical or implementation vulnerabilities).


As to the philosophical debate about “Keep X.509 or go to something new?”, note that draft-ounsworth aims to define composite public key and signature formats that, if we’ve done it right, are compatible with any ASN.1 protocol. This draft is intentionally decoupled from, but can be used by, X.509.  The goal here is not to


Re: hash-based signatures: For a CA vendor – whether providing publicly-trusted services, or on-prem software -- product capabilities are driven by the industry; if the industry is happy with pure hash-based PKI during the transition period, then I agree that hybrid modes are unnecessary. However, that’s not what I’m seeing: the HBS schemes currently available in IETF are all stateful, and 1) NIST’s SP 800-208-draft says “Stateful HBS schemes are not suitable for general use because they require careful state management that is often difficult to assure”, and 2) chats I’ve had with Ryan Sleevi and Adam Langley who seem skeptical that all CA operators (public, private, corporate, etc), can responsibly manage a stateful private key. 3) Earlier this year, Panos had been pushing for publicly-trusted HSB root CAs, but dropped it on the point that, once you have a stateful HBS root CA, what do you do with it? You don’t really want end entities (TLS servers, the S/MIME client on your phone, PIV cards, etc) using stateful keys.
So maybe the market will be satisfied with HBS-only PKIs for some use-cases, but I maintain that we should standardize a fully algorithm-agnostic hybrid mechanism anyway.



PS - I’ll take your bait on the “corner the market” comment; IMHO a PKI is useless if its core functionality – public keys and signatures --do not interoperate with other vendors. No cornering of the market is intended, simply looking for a simple-ish solution quickly-ish.

---
Mike Ounsworth
Software Security Architect, Entrust Datacard

From: Secdispatch <secdispatch-bounces@ietf.org> On Behalf Of Panos Kampanakis (pkampana)
Sent: December 12, 2019 9:56 PM
To: Eric Rescorla <ekr@rtfm.com>om>; Stephen Farrell <stephen.farrell@cs.tcd.ie>ie>; Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (

Hi Ekr, Stephen, Mike,


> As a variation of what EKR asked, you are asking for PQ-PKI, but your use case is image signing.

UEFI Secure Boot (in essence what I meant by image singing)  uses a PKI architecture. There is a Product Key PK (root CA) that establishes a trust relationship between the platform owner and the platform firmware. The PK signs KEKs which established a trust relationship between the platform firmware and the operating system. These are mostly in X.509 today. More in [2].

> Is there a reason why you don't want to do hash signatures?

HBS indeed looks like the best option for this usecase. Not necessarily stateful. We have some preliminary analysis on this is in Section 3 in [1]. More to come soon.

But we can’t go directly to pure HBS because already deployed machines in the field will not boot at all and upgrading BIOS is not simple. Also, we can’t go to pure HBS because it will not be FIPS approved even after we have a standardized PQ option. So, we have to do some sort of composite RSA+post-quantum (NIST has put out a statement that says that a composite will still be FIPS approved if the classical part is). The FIPS argument is important. Waiting for PQ standardization is one thing, but FIPS approval will take even longer and until then we (Cisco) want to do some sort of composite before then.

Note that I am not interested in getting an X.509 OID for RSA+HBS, I want a definition of how composite would work so I can establish the requirements for these future chips supporting composite verification.


> It's not at all clear to me that data integrity nor origin authentication in that timeframe ought be tied to x.509 certificates at all.

Stephen’s comment about not doing it in X.509 is valid. We could use a composite blob and use it in our own custom way. Two issues with that:

  1.  UEFI chains of trust have been moving to X.509 and to CMS/PKCS#7 for the sw signatures. I am not claiming there are no custom keys/signature formats nowhere, but most UEFI vendors have been moving away from them. So going to custom key representations or COSE would be a step backwards or sideways.
  2.  Also OEM vendors that include sig verification in their chips or FPGAs show preference in well-defined specs probably because they can reuse them for other usecases.
That is why we (Cisco) would prefer to see a standard way of doing composite sigs for UEFI (in X.509 and in CMS to be honest) instead of defining our own. We probably don’t want to solve this many times, once by each vendor, once in CMS, once UEFI PKI.

I totally appreciate the counter-argument about complexity and potential cans of worms, but I am afraid vendors will have to address this either individually or as a group. And my argument would doing it as a group.

Rgs,
Panos

[1] https://eprint.iacr.org/2019/1276.pdf
[2] https://docs.microsoft.com/en-us/windows-hardware/manufacture/desktop/windows-secure-boot-key-creation-and-management-guidance



From: Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>
Sent: Thursday, December 12, 2019 11:52 AM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>>
Cc: Stephen Farrell <stephen.farrell@cs.tcd.ie<mailto:stephen.farrell@cs.tcd.ie>>; IETF SecDispatch <secdispatch@ietf.org<mailto:secdispatch@ietf.org>>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (



On Thu, Dec 12, 2019 at 8:33 AM Panos Kampanakis (pkampana) <pkampana@cisco.com<mailto:pkampana@cisco.com>> wrote:
Hi,

> Sorry if I've missed it, but who do we have that is calling for a post-quantum PKI solution to be developed now, but who is not promoting one such?

We (Cisco) will need PQ PKI (not WebPKI) solution for image signing. When talking about chips that are designed now and will live in the field for decades, we would like to design today instead of wait for 2030. Note we are spending (not making) money on PKI, so we are not trying to corner a market.

Is there a reason why you don't want to do hash signatures?

-Ekr

I have talked to another vendor interested in them to sign its OS but I will not speak for them. I have also talked to at least one HSM vendor that has some clients asking for PQ PKI support to be added in their HSM but I will not speak for them either. I don't think any of these use-cases are trying to corner a market.

Panos


-----Original Message-----
From: Secdispatch <secdispatch-bounces@ietf.org<mailto:secdispatch-bounces@ietf.org>> On Behalf Of Stephen Farrell
Sent: Sunday, December 08, 2019 9:04 PM
To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com<mailto:Mike.Ounsworth@entrustdatacard.com>>; Eric Rescorla <ekr@rtfm.com<mailto:ekr@rtfm.com>>; Dr. Pala <madwolf@openca.org<mailto:madwolf@openca.org>>
Cc: IETF SecDispatch <secdispatch@ietf.org<mailto:secdispatch@ietf.org>>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Clarification Question for the Comment from Eric Rescorla (


Hiya,

Cutting to the nub of my concern...

On 09/12/2019 01:46, Mike Ounsworth wrote:
> I hope that doesn’t preclude a push for a more immediate solution.

ISTM the "push" is less for a solution than for understandably attempting to corner a market. I don't think such attempts are "bad" things, but I do think following 'em is more likely unwise.

Sorry if I've missed it, but who do we have that is calling for a post-quantum PKI solution to be developed now, but who is not promoting one such?

Thanks,
S.
_______________________________________________
Secdispatch mailing list
Secdispatch@ietf.org<mailto:Secdispatch@ietf.org>
https://www.ietf.org/mailman/listinfo/secdispatch