IETF Logo Mail Archive

Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?

Eric Rescorla <ekr@rtfm.com> Sat, 18 January 2020 19:59 UTC

Return-Path: <ekr@rtfm.com>
X-Original-To: secdispatch@ietfa.amsl.com
Delivered-To: secdispatch@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0E072120043 for <secdispatch@ietfa.amsl.com>; Sat, 18 Jan 2020 11:59:21 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=rtfm-com.20150623.gappssmtp.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 8BdOaPUzPyiv for <secdispatch@ietfa.amsl.com>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
Received: from mail-lf1-x12e.google.com (mail-lf1-x12e.google.com [IPv6:2a00:1450:4864:20::12e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 681FB120019 for <secdispatch@ietf.org>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
Received: by mail-lf1-x12e.google.com with SMTP id r14so20945555lfm.5 for <secdispatch@ietf.org>; Sat, 18 Jan 2020 11:59:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=rtfm-com.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=xj+ffqUWHkivQ0VdyUusKowdMOiiyBRmtJXiMO4+MWI=; b=ZBQFV2beuU5o0Eo3TVKDRjYMB6bTJiMnZL6A9EBJuN6DS+TjEnbM4qjeFPM7mB0t6s D9XbWc8Y+bc3QM7DVSljAMEsCMFlnPU5oZvtMMzyueksFtRN+PGaq3e4qzNjF9F4y0wv b7TVjjhOJZCFQTfj0yMGFeX/y5gAy/tSfXBmE6b1Ijz9SkuJkMnROk+AIunv0jusrvWv OrnKVev+v6Bj1VAzzreYXQxeQrpr1yqp/8bPbcWQq078UVwoX2nAYchocEEsQtsuloD5 Lbk4IvuH3JfHtjV/KZAfdtPEKj0JsEB74dkXARpHdsD51JoL2Pht4ieaIQXOXGiaZlKa LYlQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=xj+ffqUWHkivQ0VdyUusKowdMOiiyBRmtJXiMO4+MWI=; b=h6ijp7bCuX1Iaxl1iZeRoXKmMMPhjaJdHqk7PNAbRLkNlQmV/5oOcmB3NaovrSVTzS B+BSdszBeRB0PC9xRe+H2wUkZ5PhFzrFqnjWyRSWTuBsRrODq/2JMGSHPxBjTNbpjBgD eMyvdhG3Rrgbu4VjTcyHQTVX+PElW68Nn8kMpSy11Ijnt9qyQK21yIzHzcrRQwcBGS+n VYuAodi8aUaOFC3arZzmzbLnp/ivtAPTbkrHaowpyUCtjzjgw6odP5DCF+BIvf9f+xRt DyyXDAvcc571Cq0ljxCT2kqTwqbjdr4aksOxfkMA2FK4ZARVz5eJD5xKfvhKo6fxWCW/ mJzw==
X-Gm-Message-State: APjAAAVujFcybQQxIdYy272v7yKrFqZQ+1s8VFnhwwxVICSiw2ItjQo9 eZ+8ANV0as2X79uVwUfgPypV/eLR9IEmoyUAvwK8Ww==
X-Google-Smtp-Source: APXvYqy+iExOa377zJCx9VTz8OSzJ9+grZsLIJYqlQx/sNKgW57B6pRqYWF6E15EDKItaX5V29KlYscmZzsbatqMVIw=
X-Received: by 2002:a05:6512:284:: with SMTP id j4mr8789950lfp.109.1579377556478; Sat, 18 Jan 2020 11:59:16 -0800 (PST)
MIME-Version: 1.0
References: <DM6PR11MB388377406A1AAEDCA397749C9B360@DM6PR11MB3883.namprd11.prod.outlook.com> <70b221bb-bc39-52cc-f9e0-a84261afe473@cs.tcd.ie> <09B0CA53-BAAF-4139-8179-2A70ADE58632@isara.com> <c0f620d7-4e22-18a5-c168-f66b737cae86@cs.tcd.ie> <CAPwdP4PG3i5-_BuVMdH0iMcJCT40xejoM=J3dH=pPO61T-F4Aw@mail.gmail.com> <3f9de00e-85ad-48ed-ba97-e1b5418e3867@cs.tcd.ie> <BYAPR11MB3478E8F964A34EDD232CFB03EE310@BYAPR11MB3478.namprd11.prod.outlook.com> <052d3ee0-41ae-c4f4-7013-6286942c468a@cs.tcd.ie> <DM6PR11MB3883DB8289E4EE1CDEFE7BA89B310@DM6PR11MB3883.namprd11.prod.outlook.com> <3140.1579364674@localhost>
In-Reply-To: <3140.1579364674@localhost>
From: Eric Rescorla <ekr@rtfm.com>
Date: Sat, 18 Jan 2020 11:58:39 -0800
Message-ID: <CABcZeBPfGmnkDU-7ot43hC2E7XvB0XeAFFEmsST4S_Hk1GgOFg@mail.gmail.com>
To: Michael Richardson <mcr+ietf@sandelman.ca>
Cc: IETF SecDispatch <secdispatch@ietf.org>
Content-Type: multipart/alternative; boundary="0000000000003872a5059c6f7e6a"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdispatch/xY89YjkKFaVEodZntifBgc-8fLA>
Subject: Re: [Secdispatch] [EXTERNAL]Re: Can Composite sigs move back to LAMPS?
X-BeenThere: secdispatch@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Dispatch <secdispatch.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdispatch/>
List-Post: <mailto:secdispatch@ietf.org>
List-Help: <mailto:secdispatch-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdispatch>, <mailto:secdispatch-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 18 Jan 2020 19:59:21 -0000

On Sat, Jan 18, 2020 at 8:24 AM Michael Richardson <mcr+ietf@sandelman.ca>
wrote:

>
> Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> wrote:
>     > Draft-ounsworth-pq-composite-sigs defines ASN.1 structures for
> carrying
>     > multiple SubjectPublicKeyInfo, AlgorithmIdentifier, and BIT STRING
>     > (signature values), in a way that will be drop-in for PKIX-like
>     > protocols.
>
>     > You keep mentioning parameter sets and "what if they change?". I
> really
>     > don't see why that's relevant. Draft-ounsworth-pq-composite-sigs is
>     > algorithm-agnostic; orthogonal to the choice of algorithms by NIST or
>     > their encodings.
>
> In particular, it seems to me that we could add these multiple entries to
> certificates, using dummy algorithms, and test them in the field against
> existing browsers, web servers, IDS, firewalls, etc.
>

It's not quite clear to me how this would work. As I understand it, this
involves replacing the existing public keys and signatures, in which case
they won't be acceptable to any Web browser (and you in fact won't be able
to get BR-compliant certs)....

-Ekr


> We know that this system has to work with systems that don't understand it
> yet.
>
> I don't know if LAMPS is the right group though.
> It feels like it needs a new WG.
>
> --
> Michael Richardson <mcr+IETF@sandelman.ca>, Sandelman Software Works
>  -= IPv6 IoT consulting =-
>
>
>
> _______________________________________________
> Secdispatch mailing list
> Secdispatch@ietf.org
> https://www.ietf.org/mailman/listinfo/secdispatch
>

v2.23.0 | Report a Bug | By Email