Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI

Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Tue, 17 September 2019 19:04 UTC

Return-Path: <prvs=15631f794=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 645FF120A2B for <secdispatch@ietfa.amsl.com>; Tue, 17 Sep 2019 12:04:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TSOBuDjCjDne for <secdispatch@ietfa.amsl.com>; Tue, 17 Sep 2019 12:04:10 -0700 (PDT)
Received: from mx2.entrustdatacard.com (mx2.entrustdatacard.com [204.124.80.222]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3E3F61209C2 for <secdispatch@ietf.org>; Tue, 17 Sep 2019 12:04:08 -0700 (PDT)
IronPort-SDR: jPO8eXxks0wNbERxP7hbM2uzrqcOJjusVXmSwklaZfwpjpAIJgkzTGd1R63XlKnSFoV8l8wbvD WuXxfbTc2+XA==
X-IronPort-AV: E=Sophos;i="5.64,517,1559538000"; d="scan'208";a="1524870"
Received: from pmspex01.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.29]) by pmspesa04inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 17 Sep 2019 14:04:07 -0500
Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex01.corporate.datacard.com (192.168.211.29) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 17 Sep 2019 14:04:07 -0500
Received: from PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2]) by PMSPEX05.corporate.datacard.com ([fe80::8084:293e:7f03:4ab2%12]) with mapi id 15.00.1497.000; Tue, 17 Sep 2019 14:04:06 -0500
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>, "secdispatch@ietf.org" <secdispatch@ietf.org>
Thread-Topic: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI
Thread-Index: AQHVbYRxJG27EQIGIUe3TF2r2sIifKcwN6Wg
Date: Tue, 17 Sep 2019 19:04:06 +0000
Message-ID: <6db29f92978141439b9922fb63459fb9@PMSPEX05.corporate.datacard.com>
References: <a2e32c33-8589-f3fb-97e5-c5977dfc64b4@openca.org> <BL0PR11MB317285DF599EC58CCF26FD5EC1B00@BL0PR11MB3172.namprd11.prod.outlook.com> <28224.1568427573@dooku.sandelman.ca> <cf1a301c-47d6-7565-ddc7-69048e3c08f3@cs.tcd.ie> <5F8D32EB-CE27-4ECD-997F-D0AAE4B798B5@akamai.com> <2b87f695-314c-5aed-14a4-9877fe254161@ericsson.com> <CAN40gStdbJ0TNoeL0VFU4Tx1F5ubtAdJnz+QJXYFFAP7W2OV7w@mail.gmail.com> <3cfa21d8-efe2-1a69-5268-0a39e9171fe1@cs.tcd.ie> <8e67edddf9154537b438db96ac86e2f8@PMSPEX05.corporate.datacard.com> <e3d7556b-10a4-a9d8-147e-28f177d8122d@cs.tcd.ie> <3048353759814820b0c0a289caee038c@PMSPEX05.corporate.datacard.com> <19799.1568744365@localhost>
In-Reply-To: <19799.1568744365@localhost>
Accept-Language: en-CA, en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.1.43.131]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/Wz_lAb7x8Ca9_i2esGGkbYcaSvc>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2019 19:04:20 -0000

Hi Michael,

Yup, Those are the general ideas, with one small correction; for 1) what we've proposed in draft-ounsworth-pq-composite-sigs is a SubjectPublicKeyInfo that has the algorithmID "Composite", and then the octet string for its public key data is an encoded SEQUENCE of SubjectPublicKeyInfos for RSA, PQ1, etc, -- basically the SPKI contains a list of SPKIs. Same trick for signatureAlgorithm and signatureValue.

This subtle difference avoids the explosion of pairwise OIDs "RSA+PQ1", "ECDSA+PQ2", etc. Also, this allows a legacy client to continue processing if it doesn't understand the OID for PQ2, but its local policy says that ECDSA alone is still ok for now, so there's a crypto agility win.

- - -
Mike Ounsworth | Office: +1 (613) 270-2873

-----Original Message-----
From: Michael Richardson <mcr+ietf@sandelman.ca> 
Sent: Tuesday, September 17, 2019 1:19 PM
To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>om>; secdispatch@ietf.org
Subject: Re: [Secdispatch] [EXTERNAL]Re: Problem statement for post-quantum multi-algorithm PKI


Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> wrote:
    > I've posted a new version with minor tweaks to make that more clear.

    > https://datatracker.ietf.org/doc/draft-pq-pkix-problem-statement/

Thank you. I understand much better the three possibilities now.

As I understand it:
1) new algorithm numbers, "RSA+PQ1", "ECDSA+PQ2", etc.  works with old code
   because old-algorithms are negotiated.  Requires negotiation.

2) multiple certificate chains: seems to work well with web servers, but
   in my experience fails with everything else.  The "weak" chain fails
   and then what?

3) new certificates; the v3-extension hack is just that, a hack to do
   multiple certificate chains in a single object.   I assume that the PQx
   signature would cover the legacy public key value as well?

I prefer (3), btw.  (1) hadn't occured to me, as I don't think it works well with objects at rest, such as firmware updates.

--
Michael Richardson <mcr+IETF@sandelman.ca>ca>, Sandelman Software Works  -= IPv6 IoT consulting =-