Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?
Eric Rescorla <ekr@rtfm.com> Sat, 18 January 2020 19:59 UTC
Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E072120043 for <secdispatch@ietfa.amsl.com>; Sat, 18 Jan 2020 11:59:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BdOaPUzPyiv for <secdispatch@ietfa.amsl.com>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 681FB120019 for <secdispatch@ietf.org>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id r14so20945555lfm.5 for <secdispatch@ietf.org>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xj+ffqUWHkivQ0VdyUusKowdMOiiyBRmtJXiMO4+MWI=; b=ZBQFV2beuU5o0Eo3TVKDRjYMB6bTJiMnZL6A9EBJuN6DS+TjEnbM4qjeFPM7mB0t6s D9XbWc8Y+bc3QM7DVSljAMEsCMFlnPU5oZvtMMzyueksFtRN+PGaq3e4qzNjF9F4y0wv b7TVjjhOJZCFQTfj0yMGFeX/y5gAy/tSfXBmE6b1Ijz9SkuJkMnROk+AIunv0jusrvWv OrnKVev+v6Bj1VAzzreYXQxeQrpr1yqp/8bPbcWQq078UVwoX2nAYchocEEsQtsuloD5 Lbk4IvuH3JfHtjV/KZAfdtPEKj0JsEB74dkXARpHdsD51JoL2Pht4ieaIQXOXGiaZlKa LYlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xj+ffqUWHkivQ0VdyUusKowdMOiiyBRmtJXiMO4+MWI=; b=h6ijp7bCuX1Iaxl1iZeRoXKmMMPhjaJdHqk7PNAbRLkNlQmV/5oOcmB3NaovrSVTzS B+BSdszBeRB0PC9xRe+H2wUkZ5PhFzrFqnjWyRSWTuBsRrODq/2JMGSHPxBjTNbpjBgD eMyvdhG3Rrgbu4VjTcyHQTVX+PElW68Nn8kMpSy11Ijnt9qyQK21yIzHzcrRQwcBGS+n VYuAodi8aUaOFC3arZzmzbLnp/ivtAPTbkrHaowpyUCtjzjgw6odP5DCF+BIvf9f+xRt DyyXDAvcc571Cq0ljxCT2kqTwqbjdr4aksOxfkMA2FK4ZARVz5eJD5xKfvhKo6fxWCW/ mJzw==
X-Gm-Message-State: APjAAAVujFcybQQxIdYy272v7yKrFqZQ+1s8VFnhwwxVICSiw2ItjQo9 eZ+8ANV0as2X79uVwUfgPypV/eLR9IEmoyUAvwK8Ww==
X-Google-Smtp-Source: APXvYqy+iExOa377zJCx9VTz8OSzJ9+grZsLIJYqlQx/sNKgW57B6pRqYWF6E15EDKItaX5V29KlYscmZzsbatqMVIw=
X-Received: by 2002:a05:6512:284:: with SMTP id j4mr8789950lfp.109.1579377556478; Sat, 18 Jan 2020 11:59:16 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR11MB388377406A1AAEDCA397749C9B360@DM6PR11MB3883.namprd11.prod.outlook.com> <70b221bb-bc39-52cc-f9e0-a84261afe473@cs.tcd.ie> <09B0CA53-BAAF-4139-8179-2A70ADE58632@isara.com> <c0f620d7-4e22-18a5-c168-f66b737cae86@cs.tcd.ie> <CAPwdP4PG3i5-_BuVMdH0iMcJCT40xejoM=J3dH=pPO61T-F4Aw@mail.gmail.com> <3f9de00e-85ad-48ed-ba97-e1b5418e3867@cs.tcd.ie> <BYAPR11MB3478E8F964A34EDD232CFB03EE310@BYAPR11MB3478.namprd11.prod.outlook.com> <052d3ee0-41ae-c4f4-7013-6286942c468a@cs.tcd.ie> <DM6PR11MB3883DB8289E4EE1CDEFE7BA89B310@DM6PR11MB3883.namprd11.prod.outlook.com> <3140.1579364674@localhost>
In-Reply-To: <3140.1579364674@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 18 Jan 2020 11:58:39 -0800
Message-ID: <CABcZeBPfGmnkDU-7ot43hC2E7XvB0XeAFFEmsST4S_Hk1GgOFg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003872a5059c6f7e6a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/xY89YjkKFaVEodZntifBgc-8fLA>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jan 2020 19:59:21 -0000
On Sat, Jan 18, 2020 at 8:24 AM Michael Richardson <mcr+ietf@sandelman.ca> wrote: > > Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> wrote: > > Draft-ounsworth-pq-composite-sigs defines ASN.1 structures for > carrying > > multiple SubjectPublicKeyInfo, AlgorithmIdentifier, and BIT STRING > > (signature values), in a way that will be drop-in for PKIX-like > > protocols. > > > You keep mentioning parameter sets and "what if they change?". I > really > > don't see why that's relevant. Draft-ounsworth-pq-composite-sigs is > > algorithm-agnostic; orthogonal to the choice of algorithms by NIST or > > their encodings. > > In particular, it seems to me that we could add these multiple entries to > certificates, using dummy algorithms, and test them in the field against > existing browsers, web servers, IDS, firewalls, etc. > It's not quite clear to me how this would work. As I understand it, this involves replacing the existing public keys and signatures, in which case they won't be acceptable to any Web browser (and you in fact won't be able to get BR-compliant certs).... -Ekr > We know that this system has to work with systems that don't understand it > yet. > > I don't know if LAMPS is the right group though. > It feels like it needs a new WG. > > -- > Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works > -= IPv6 IoT consulting =- > > > > _______________________________________________ > Secdispatch mailing list > Secdispatch@ietf.org > https://www.ietf.org/mailman/listinfo/secdispatch >
- [Secdispatch] Can Composite sigs move back to LAM… Mike Ounsworth
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] Can Composite sigs move back to… Markku-Juhani O. Saarinen
- Re: [Secdispatch] Can Composite sigs move back to… Daniel Van Geest
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] Can Composite sigs move back to… Markku-Juhani O. Saarinen
- Re: [Secdispatch] Can Composite sigs move back to… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Mike Ounsworth
- Re: [Secdispatch] Can Composite sigs move back to… Carrick Bartle
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… John Gray
- Re: [Secdispatch] Can Composite sigs move back to… Valery Smyslov
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Mike Ounsworth
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Stephen Farrell
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Michael Richardson
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Eric Rescorla
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Markku-Juhani O. Saarinen
- Re: [Secdispatch] [EXTERNAL]Re: Can Composite sig… Benjamin Kaduk