Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509
Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 15 February 2024 17:21 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2AE2AC151545; Thu, 15 Feb 2024 09:21:24 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.805
X-Spam-Level:
X-Spam-Status: No, score=-2.805 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id su6HGv9-bJMd; Thu, 15 Feb 2024 09:21:19 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 255BFC48AA05; Thu, 15 Feb 2024 09:19:28 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41FDKgQ5012217; Thu, 15 Feb 2024 11:19:25 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=SsJ8th0x8Jf1i6fXHKieUNV9 AaQGZRk0iAdSBLpwWHg=; b=fKqj9VJH+XBLgRvOIsRoXR3cfuVk+Xa0FNbM2b4A fpNv3wf5NlTh+xiOjy1e0eUDB7WtlMCV6drY0e6XZL+T5ZQgtp8xDtZk5HomxpHP qR+l7M4zmsBnZ+6mU66BzA3LmdwJKl6solxh/CKQUsYmWNJHbF7xoj9ZY9kXspuj I8mczOlSknHyKlnRhgfT+1lViq+NC7lUpDAj2W1Mt+oyMVCAJWKb2W4+Lhz9oEpr WIBUde4d5UR52Dbu8Km9GyvB8QKqcUs1WOQZiY5XfKg5NdJkWcRzlB9U0AsYGYUx zhO9J4wN8oV7D/Er8T83au1i0iMBzKjZ4AgG9XM9LPppPA==
Received: from nam04-dm6-obe.outbound.protection.outlook.com (mail-dm6nam04lp2040.outbound.protection.outlook.com [104.47.73.40]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3w8f2genga-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 15 Feb 2024 11:19:25 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=B5eoX7OSvflp9/PlW0lU1aoO2ZjMYHZqmKP1/9pRDkfqxu8/CnpyGCf1L51TS0Qs0iG5jSGZ3npheOF+hWFMPclT/CyJSxR7nD1iA9A9I1I8shieqjnasMCYfoKt/XQmGIKSECVN0lQBM6wZroDvkhO1NwGu8LRjg73vo3jrmqKBqIMqW63khUNr2vQZAZdSKcGZgAYyUe93pxNDISzlj0ZjFRq5APkz8SRpkh5CZWt1sgrRkKj65AWFr5lAuGuiskfKYcVQO+HrrUufLeTqq9G7tgD/PKzRPSMZwZCKbOM+N2CE5lPI6xGAObRwuWNjbtwXw0n22ZHVUAr/Je4+/A==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=NZ1vTwEImjn6tIhIHzVqoFkHXFWDCyJ6+lF2rhvVn0w=; b=fsUXmqtuQymjEeGzhW4zgyOvxo27HS1n/yVFc7hTd8nJUFQa4rQr2lngk5/OPr0QIsp15LpLfCyQGOyDC2NDzRnLZ27M/sm5m9aaCOfrCHqA9Wl8En/RgK4OeDM0lSc+WT9xpih0HKrHw00e2mzK7ZmrOXoYsyR3xlaw4rWKDnp9YQYqe/ir+U0sbRG1TSb8E+D+Fc6kHH0aliXieQ38j4+AErBjxzMg+utur02JpnUf2hCwWBtexbUtpfzWG9lszlZW+DD6YV9lc7HsaYMipRaQbLe7LXl5O1qdyUnd5yyW0I4bo3gG1owAAlc5osNZlgvMrWVG0xrYvKiOT/SOcw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by BL1PR11MB5413.namprd11.prod.outlook.com (2603:10b6:208:30b::16) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7292.25; Thu, 15 Feb 2024 17:19:20 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8%6]) with mapi id 15.20.7292.029; Thu, 15 Feb 2024 17:19:19 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Daniel Van Geest <daniel.vangeest.ietf@gmail.com>, "'Kampanakis, Panos'" <kpanos@amazon.com>, "draft-ietf-lamps-dilithium-certificates@ietf.org" <draft-ietf-lamps-dilithium-certificates@ietf.org>
CC: 'LAMPS' <spasm@ietf.org>
Thread-Topic: [EXTERNAL] SLH-DSA in CMS/X.509
Thread-Index: AQHaYAw/rEIOD8BKYkKN85JIrlsrT7ELpgMw
Date: Thu, 15 Feb 2024 17:19:19 +0000
Message-ID: <CH0PR11MB573971D394628EEE4AC60E599F4D2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB5739AF8408E1669FB9EF912A9F4F2@CH0PR11MB5739.namprd11.prod.outlook.com> <48348cdba84f4d93b9a1f67838f74201@amazon.com> <01a401da600c$3941d260$abc57720$@gmail.com>
In-Reply-To: <01a401da600c$3941d260$abc57720$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|BL1PR11MB5413:EE_
x-ms-office365-filtering-correlation-id: 983245b0-0c29-4d02-016b-08dc2e4a3f00
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: K3nEUSzG22XG77UG+ialnCdVnopzLEi7vgtAQJLRJXCF2xnd1pJn8sUhV5n+bVWxywrP1tnnCB/cdy58+V0Y0rYWEg894fhUR36g4njT52ZQb/ofVFrMY7XGD5oGJszVrLwGsGQQzCstbCIq5hwfyaKqcFNQOpAtbYv3VyTjb2FFXu7xykxayp+UyvpJv/aYw1pD1jiyk4DwPwKO3BYEnMUi22RTcv4Eg2XvvyZr+IoLIxgDe4pV16u7sjYYQ48cx0BH2GWlB1cuD2Pd05++VrUizY1QsRbA/1xzyfwS8kEelMUmWu9AXETTjim3rocmy9i09C+WAb2pAus0bKyIQrlgEeMM2qfrrdm4fO2xNK8ZxBCEIK8+tZF790Wa/49egchhjzQasz+UjgcKRp4NL1tdB9g3BoqxGGcZjHo2YA5YBiPoK7x6rluyu5WCwMFbY6ueOlHGyR3ezThIrt5g94PoE8rBlZv4WFYOpLU39jkJK4h7Pq6Bwa/CJnw1Jzd80OEoEt6CVO9YUb5ljoRVOXcEXcRmPHTfBpo4YutjH13X3yztd1NGmQ8aHufKn4PuUIscSbAjX9q2uI42aDP6ucAuQHYRv4UBGDdURMFgNyusBJBMalIyQ77F9OPkCh/G
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(346002)(366004)(396003)(39860400002)(376002)(136003)(230922051799003)(230273577357003)(1800799012)(186009)(451199024)(64100799003)(71200400001)(478600001)(9686003)(55016003)(41300700001)(8676002)(4326008)(2906002)(8936002)(52536014)(5660300002)(64756008)(53546011)(7696005)(86362001)(38070700009)(99936003)(66946007)(6506007)(316002)(66556008)(66476007)(110136005)(66446008)(76116006)(83380400001)(26005)(122000001)(38100700002)(33656002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: Yz04dwlPo+JIdNSX1ivSn++IQ5jL3w86Q1zJZTqCyturaDQBQlhWos2HpXdjQTcMo9s3LfJ66yFq9ajBSb74zLyLs2VtsXtkwc3+DVkOF1MXkYssqb5+MNb303cSVwn22VSxiaHcG7XjDKVWLlITOJHd9wfNWVuYALQeKhKiATuVWZmEapEfRMwIEpl41AuRBxKyTi6RRAkwrXJu1FfXTottTYb3cvDBo0Q5WgtmwKvUFu9PZcyQnZFf5MZYkdoXMS2pnqhAnbc03d596F8xEUGKoDLF2/GzWcMKb93TJE9cAgoGl37HgVaUyTqdoh9vjtYpZwYaI1XmDvIBFdGscXLEhNfrquQKlbx6/7ek1+kEna1chuuDqYQmlTnhwRNnNeggWEfBc3DoKuEL8eh5k38P3UoC1+B265tjKf+ZSYpc9EJkV12m0Roi3WApdHoLOf/kxmHzopJ6YsFG5HrDX1reVuEk5yHn6XmZpIQMRR0mGBPqAHdDf23tfPA6D83+5UCy4KGNdrQ7rVGZY9GqwFMC4FDnE6xMPgSSULK6M54UpQTt7dlifQOrb3N34CJJaWLocE60R430nIIPTNQsl8wTARL7hxs7WnLrbOJdXDAAvIJVCQZy2pEeJ0NJPU7QpjMRW/7WgJ7SXGj7npLoWQcDtZIroUVKkh+/4eJ7Y2hWT1khixDbBEQsdas32+uJEGKC8womxRSa2C8qwQ3JfIR7cTBDi+jdMsgQwR/uf+pZxWg1RgavagzAssDzzgXyEHRNzrxUX8tyXnEEUD6fW9TY3beqqOR1qqtD/ocIE6znJOL3hY2UOv96O0nijiUBMdBHrQ0+JAaP+3taDFpCqqpvS45Mne6LHl5pcz9ondx8MSdWxs4pLa/VfkkY+yC1WRHiut8CwFOQ6I0Q/bZkmgPa4MkweusMP6L9vk81EU4h9Nxrm8xcZ62gG0MJ6E1rUvx9TpNt1nxEgaezYuRUwJoAAlkTZc6CPvfahOvlH0H1DCir0qQgTk8m6nhCqxnNxYJNnPt4y0pzwBYXB3DdEeZw+8Fezz/mxwwqhS9DZjJrjLyj+nicK49RZtp+sxWHj8Y2VTYyqyTchT5rBLo8sCMyRharNRqmzPVJwTQXSYLqv4jr6J/40xaxHkkYTvxuPOwjGetwVScHovQ9o8HK9fR8bFGyvXwOiEqiSxzDJTH/9kgamcdsE9IpXFgEKM+7q3g9CTQ4QXSFw9ruTizoTigkv7OKqowBiJo9dfZ1JsbWvNuTJY7aFQxR0+Lq9yfdXmhgJRoyZIL78/MVy3jPXs3YfU00wLFQJFzaCK8x8SeylBWRdGWtHZPGQNEQRwJzcMCr5k5oj9KdckRedczYtDHNasL67HvQPabDKwy7skbxWIAaksnNNoAwYpn5ILMbi+Yxm5mS8E8AftHcxHaUgrG7NctCRwi3/MyB22yCfA9EiOPZYVd086ZVncUN0FzXY1lxrdTsfVrQGcp/jSHzWGM/7gvlYUoJ/28eHtY8bBSFw5VfT4j8U1m1udtvoumVU5zKZwbRf4m6lYst4hOJ0PM3GszRw9nvWp3qtBuzzakcXhuuR6125PLu9sX7hxlX
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_0203_01DA6000.D1206A80"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 983245b0-0c29-4d02-016b-08dc2e4a3f00
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2024 17:19:19.8959 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: bzb+iZZrTfdqqZNnnGMpWzNDWsaHFKxSxwGouOYnqMwP28yGIHtE2sE0PJKmkHGgc5GDPIcAZ+3v0fFxD5chMeZPrFKkFhzpKqX8uvqlymg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB5413
X-Proofpoint-ORIG-GUID: JV4T6e_CBARUeXPu51lTpVFoCnIWmtEQ
X-Proofpoint-GUID: JV4T6e_CBARUeXPu51lTpVFoCnIWmtEQ
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-15_16,2024-02-14_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 priorityscore=1501 suspectscore=0 mlxlogscore=999 adultscore=0 impostorscore=0 mlxscore=0 clxscore=1015 spamscore=0 phishscore=0 bulkscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402150139
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/-Oz_YYbj1ZfngIsd4v6ToDzBd9Q>
Subject: Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Feb 2024 17:21:24 -0000
I support that we need to sort this out. I have no preference for how it is sorted out (any of the options outlined by Dan seem fine to me). --- Mike Ounsworth From: Daniel Van Geest <daniel.vangeest.ietf@gmail.com> Sent: Thursday, February 15, 2024 6:41 AM To: 'Kampanakis, Panos' <kpanos@amazon.com>; Mike Ounsworth <Mike.Ounsworth@entrust.com>; draft-ietf-lamps-dilithium-certificates@ietf.org Cc: 'LAMPS' <spasm@ietf.org> Subject: [EXTERNAL] SLH-DSA in CMS/X.509 Forking from "Can ML-DSA be used in CMS" because it's the same problem with a different subject. The question of separate drafts also applies to SLH-DSA. One line in draft-ietf-lamps-cms-sphincs-plus shouldn't be sufficient Forking from "Can ML-DSA be used in CMS" because it's the same problem with a different subject. The question of separate drafts also applies to SLH-DSA. One line in draft-ietf-lamps-cms-sphincs-plus shouldn't be sufficient to say to the IETF world "And now you can use SLH-DSA in X.509!". draft-gazdag-x509-hash-sigs would do that work. At 118, Stefan kindly asked for adoption and there weren't any objections in the queue. But I haven't seen a call for adoption on the list. There was also no opinion on splitting the draft (SLH-DSA and XMSS/HSS). Since draft-ietf-lamps-cms-sphincs-plus is adopted, we should have something adopted at the X.509 level, whether it's draft-gazdag-x509-hash-sigs or a split draft for just SLH-DSA. Question for the chairs: Was there sufficient interest for adoption of draft-gazdag-x509-hash-sigs at 118, and it was just missed? Question for the WG: Should draft-gazdag-x509-hash-sigs be split into SLH-DSA and Stateful HBS drafts? My opinion: draft-ietf-lamps-cms-sphincs-plus shows demand for SLH-DSA in IETF protocols. A separate SLH-DSA in X.509 draft would progress faster because it's not weighed down by the concerns around stateful algorithms. If somehow draft-ietf-lamps-cms-sphincs-plus can progress without an associated X.509 draft I guess that's okay too. If they should be split, I can spin up the SLH-DSA draft. It'll be a lot of copy-paste, so if you think I'll be copying your text and can help with that, let me know. Daniel From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Kampanakis, Panos Sent: Wednesday, February 14, 2024 3:08 AM To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> >; draft-ietf-lamps-dilithium-certificates@ietf.org <mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> Cc: 'LAMPS' <spasm@ietf.org <mailto:spasm@ietf.org> > Subject: Re: [lamps] Can ML-DSA be used in CMS? Hi Mike, We could consider doing all ML-DSA in CMS and X.509 in one draft, but personally I would rather we kept them separate like we did with SHAKEs in CMS (rfc8702) and X.509 (rfc8692) or with EdDSA in CMS and X.509. They are more straightforward for implementers that way. We could change that if there was WG consensus. Note that draft-ietf-lamps-cms-sphincs-plus mentions about SLH-DSA in CMS "When this AlgorithmIdentifier appears in the SubjectPublicKeyInfo field of an X.509 certificate [.]" So, it includes how the SLH-DSA OID can be used in X.509 cert public keys as well, but it does not mention how to use the signatures. From: Spasm < <mailto:spasm-bounces@ietf.org> spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth Sent: Tuesday, February 13, 2024 8:37 AM To: <mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> draft-ietf-lamps-dilithium-certificates@ietf.org Cc: 'LAMPS' < <mailto:spasm@ietf.org> spasm@ietf.org> Subject: [EXTERNAL] [lamps] Can ML-DSA be used in CMS? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. The answer obviously is Yes, but draft-ietf-lamps-dilithium-certificates does not actually say this. I was reading a draft ICAO ePassport document yesterday that correctly points out that IETF has a draft for how to use ML-DSA into X.509 certificates, but no draft for how to use ML-DSA in CMS. Authors of draft-ietf-lamps-dilithium-certificates, if you add a section "Signed-data Conventions" modelled after RFC8419, then I think that saves us from needing a whole second ML-DSA draft. --- Mike Ounsworth Software Security Architect, Entrust
- [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Sean Turner
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- [lamps] SLH-DSA in CMS/X.509 Daniel Van Geest
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Mike Ounsworth
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Ira McDonald
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Kousidis, Stavros
- Re: [lamps] SLH-DSA in CMS/X.509 Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Michael Prorock