Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03

Tim Hollebeek <tim.hollebeek@digicert.com> Fri, 12 April 2019 19:44 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B22112030E for <spasm@ietfa.amsl.com>; Fri, 12 Apr 2019 12:44:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=Wq5R4Mbw; dkim=pass (1024-bit key) header.d=digicert.com header.b=XzpwtGmk
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gK4NjDQMBs2T for <spasm@ietfa.amsl.com>; Fri, 12 Apr 2019 12:44:08 -0700 (PDT)
Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C7A120486 for <spasm@ietf.org>; Fri, 12 Apr 2019 12:44:08 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1555098247; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XDyd/HDCjIxuJekQriFcczKyjLZI1btTjC/DrntIXTw=; b=Wq5R4Mbwz3/TfDIGZk8cA+qr9+brqqrY2Jh16BUHieZGvb4d04yR863V8Fctjq7Wu7B34J9TalUl6uI73NbznL9FcuQwxJRmFofWz0Ss8/Qy2blbOg0tswAruuBDsEP1gPtGRZWX96FG1A+xbFGbDO0LIeBr1i9qUX0rlQXO0qY=
Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-by2nam05lp2050.outbound.protection.outlook.com [104.47.50.50]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-253-HRV64RhRPYqAkUx8IZ4COQ-1; Fri, 12 Apr 2019 15:44:05 -0400
X-MC-Unique: HRV64RhRPYqAkUx8IZ4COQ-1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDyd/HDCjIxuJekQriFcczKyjLZI1btTjC/DrntIXTw=; b=XzpwtGmkscwBeNv4ygm91p5XxY8375FB9N5LCIUuNavps00KNzj39ekgM7D4TM9IrkXe2QKUjMUQfednOZC7ebY3yesPuXDRClsjRPRbY3MIVVW99UZHwfGzveGUwURkexmdzgQ2DkFQHT05fPUzBZFdYwEdOEQwfzgalS7XNC8=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1123.namprd14.prod.outlook.com (10.173.160.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.15; Fri, 12 Apr 2019 19:44:03 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728%6]) with mapi id 15.20.1771.019; Fri, 12 Apr 2019 19:44:03 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Russ Housley <housley@vigilsec.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03
Thread-Index: AQHU49NowkMfYPWCe0mf+LI7TVjMg6Y3Yf+AgAGlFxA=
Date: Fri, 12 Apr 2019 19:44:02 +0000
Message-ID: <BN6PR14MB1106B95D86CDAE6CEB29517983280@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <BN6PR14MB1106140408FFB08553DEAE98835F0@BN6PR14MB1106.namprd14.prod.outlook.com> <D6AB5830-C69A-44CA-BD63-9B64F92C032E@vigilsec.com> <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com>
In-Reply-To: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com;
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7781b2f5-b4ec-445e-d1de-08d6bf7f3766
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1123;
x-ms-traffictypediagnostic: BN6PR14MB1123:
x-microsoft-antispam-prvs: <BN6PR14MB11237D31498BE7F596F8FAA183280@BN6PR14MB1123.namprd14.prod.outlook.com>
x-forefront-prvs: 0005B05917
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(136003)(366004)(396003)(199004)(189003)(25786009)(9686003)(6506007)(68736007)(11346002)(52536014)(6116002)(7736002)(5660300002)(8936002)(66574012)(81166006)(33656002)(316002)(486006)(97736004)(26005)(7696005)(2906002)(186003)(3846002)(74316002)(6436002)(44832011)(476003)(81156014)(790700001)(105586002)(53936002)(86362001)(71200400001)(106356001)(606006)(478600001)(14444005)(8676002)(99936001)(102836004)(54896002)(229853002)(446003)(71190400001)(76176011)(66066001)(55016002)(6246003)(6306002)(256004)(99286004)(14454004)(53546011)(236005)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1123; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: 27vszJgSzsV2ObzGWZ6OkRbPScXEircFWRtMPCWkRAl49f5zFvHruCoz+KnqeJE0Wd9rh+L2zLik4zMF9tV2rFh/XxrC4dKd5VG3aPvDFBGGd6k78/StAJ7EWbvNPZ1FmHBsTtW9aALuxcNZBSCYJPVwMpHR7Q8FdQKfGt2cP9dEYskZC5jasspG89HlXh/FMURHdXmCazajFrqgOqbFjBTxuFUWglXo5WUSFZANaeRXdGX6lt9WrPmqSS6OeJTK6d4ri/pSozHp4qZuFLUm+idPKlBCYIaKQezgKkWj9zgSUlNe334lJPgQKVSHiR/apKidjKpgw3XBZMtXfMHZg4nfttdYTm21wQcT+a+hQzVd2edLZMvp5TqitmsarvjE/1hVRhYMzUJj7ShQx6ZbfvS4WVGPWR8VT+H4j5zYD9A=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0029_01D4F146.89792650"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 7781b2f5-b4ec-445e-d1de-08d6bf7f3766
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 19:44:02.8278 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1123
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/BqRQBdO_Gv7IYtsyWhShx-_WBjU>
Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2019 19:44:12 -0000

We support this work and would implement it.  While there are some
legitimate concerns about state management, we think a standard that
articulates the proper procedures for addressing those concerns is the best
way to resolve that.

 

Hash-based signatures are an important and well-understood tool for
providing security against attacks based on quantum computing, and failing
to adopt drafts describing the right way of using them will increase the
risks they are implemented unsafely, instead of reducing the risk.

 

-Tim

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: Thursday, April 11, 2019 2:32 PM
To: SPASM <spasm@ietf.org>
Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03

 

Only three people have spoken so fare (2 support; 1 oppose).  We need more
participation to make a consensus call.

 

Russ

 





On Mar 26, 2019, at 8:56 AM, Russ Housley <housley@vigilsec.com
<mailto:housley@vigilsec.com> > wrote:

 

We talked about the "Algorithm Identifiers for HSS and XMSS for Use in the
Internet X.509 Public Key Infrastructure"
<https://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> document
today dat the face-to-face meeting session.  It was suggested that the
document is read for WG adoption.  Please voice your support or concerns on
the list.

 

Russ