[lamps] Re: Using cms-kemri this CMP Indirect POP
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 02 July 2024 05:54 UTC
Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D133CC15199D for <spasm@ietfa.amsl.com>; Mon, 1 Jul 2024 22:54:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VSvb97zDMu9 for <spasm@ietfa.amsl.com>; Mon, 1 Jul 2024 22:54:32 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2082.outbound.protection.outlook.com [40.107.21.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2AD6C14F6A1 for <spasm@ietf.org>; Mon, 1 Jul 2024 22:54:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z9z1IwVUHJ68QP/vy6sFM4emgq6yCrugtKIhK/1JKfRvTpW2E8WXBF++LvKEuhNCj990Um0n4Qlf+GX0Dbb9WIewM71gwLEOAaeBvjX6xE8CwldCD0C2gh1HiaqutCu+6uRjQVPW2LhVNGfpoMdaapsXAoA3P2XjivM0f9bxvJgm4+wkasQUH2QLduFu/PsnQ4nlsms7alIDMMTqwrnVTsfnZOgBnoQjJP0rdZ+B3vBAZZVfOfvjE3VBtXdv0FnsabfQ3Z3XD47LFcVy2GmnxGoWiVuqauXuUlT/9geIlk/JAX1jKb1oEFzngdIrYNEkW95zyILLeQ1+JHFtBRgyGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t25bvL6HIfP2xcLaYz/idPwZCMmkh/iuHN0+P2Aa0K8=; b=WzjdeLArLlWxFeA4bBixIRks588f/mTo+ppQtgRVuMLGd3liHUyoYj0ZPb07VuDAhu8sCIXxPT4+ME4ei7vfFO5PsbYYfD7BfTkZkmeitcfyxdCO2uVVI1955LEwH2ixW9jEu1Gfcruf+aDius9dn7Y6DE2ykGuhEdI+4amG44b5WLIXj/epvHAWGZN4L94+kP/22lqSYDe9rL6PZCpmHJAhupyLpxPbIzQV0qPFSHhmed4kRJy/EuNqWSx3DESH9Hxl4RYDX6qTBaT7ViQt/0J8STtSXvDVPvuhOwg9GX5yJeL6tOBlCY6OdNK+keUkkl4+PTrEyt0rMU0TofoK9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t25bvL6HIfP2xcLaYz/idPwZCMmkh/iuHN0+P2Aa0K8=; b=qX7q9BhJZWlkcFugTO5mV0+VwhT8Fr9yt7IM5eDNO+F2NaHMUbWkzK9zwBekIiBgIl1TfwHa8nTF3bYK/iLo8MbX7jA0s0plgQnOWSjrwafb8UkC+plsZoWwhopqWU23Ufoi6dksKeINvxC6rG3HCnnUSF/55OsabyvNoZjp4d6YrcVThwxu/GoY7mwZHEdEIl2SlTnO4vsFe86tJ7subnhrEC3AJBrWxX2w8ydtb/fgDvGWSRJ1GCL+OwLz+82mkIDtQMzOETs46E7o7MjAu7V/ke8vHmZGnAsT0Z+P9VmTFklMyFqca4URuR6+YAalWvACiMYIehCY58XjzOM84w==
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2ee::5) by AS8PR10MB6021.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:52a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.32; Tue, 2 Jul 2024 05:54:28 +0000
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a]) by DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a%4]) with mapi id 15.20.7719.028; Tue, 2 Jul 2024 05:54:27 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>, David von Oheimb <it@von-Oheimb.de>
Thread-Topic: [lamps] Using cms-kemri this CMP Indirect POP
Thread-Index: AQHay+h4qqORI7j3FEqgnnjYICYurrHi6wtQ
Date: Tue, 02 Jul 2024 05:54:27 +0000
Message-ID: <DB9PR10MB57155DB490C3593AEDFEC119FEDC2@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
References: <9CADB58B-BF50-4FD6-B444-CDEE18B7DB38@redhoundsoftware.com> <DB9PR10MB57157D0D783CEE7D60298DBFFEC82@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <87189d62-d8a5-4029-91bf-f084a1dd3423@von-Oheimb.de> <DB9PR10MB57150E845DDCA05A95623B73FED32@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <BC26287F-462B-462C-A6DE-EF06E919656B@vigilsec.com> <a98b2821-5cc3-451f-a22d-5d4f60361585@von-Oheimb.de> <BEF16A08-149A-4095-AC0A-D178E4260270@vigilsec.com>
In-Reply-To: <BEF16A08-149A-4095-AC0A-D178E4260270@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=f33977ec-b771-4c0b-97d1-3bfed6e002b1;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-07-02T05:33:55Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB5715:EE_|AS8PR10MB6021:EE_
x-ms-office365-filtering-correlation-id: c57a2293-52c0-48f1-bb96-08dc9a5b6f05
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|4022899009|1800799024|38070700018;
x-microsoft-antispam-message-info: JFMAgY7r5cJ3KKYZ3nFRry9wbAUDdy76mAYbhSz6F9K3BKUbOZxfvTg+oJfQ5XVK39dzO9Z6rG2pcc6I5eDvmCQgDdSh1mpZshUWPKlOJ/Lbj7S0onncUyD1yHzGvhZke1t2CvVcId9wa4HPqn06NtStfCTI/TobX2k+Xo2W3weczE5OAKNp2uh4ZtbLIzAKT7feVYJgIFYjLAhgM+TY1GcnW29OOOubPjDu5tDcGGcBpiuGulClrYHV3TxWagMxlqhy9PD7jLZ7lKkCV5gdEnIKnci2JDmHKzLCWqxdDYMKAF2E8bZz5M6Kz6VyOBjKXOpkFfuQgmIfFH7k6dVCpy4J44oZBq18J+PN7XyfYfgLD1JKM8pjoqIvt5dRp8SSJJuYyNeoABkppX5IbAyp9vsVIO8pAZ/4V0JLdk6VIoAhP0ZVGSOD2gcQRKgAdO7K3njYpIgy3aX8VRX3igoYe/BCuYbo+JjBwWJ8j0JNNhO0Phw9pa5CmgmyViXwz+VjeRgkUcPi09+HXJzBlABOz1QGkocp4JS0M+WXj7YdpILvVA9coS0GxKSNt6bXePIAMPVe+4Pohk7iuEL8mf32GBhqutkoFeo0XKpO6aezO/78yXCqQSB/rnhHtXdoaW3vpw/3nWtnzLrp+wU5e8Ym5rDG39b3VnwAdbifwWW3jKaMBLqP/L0yWiBC+HcIdROHQRfbuxWlAeeXcNiThLApB053u+7w3odTGjNsfsWxNXWYyw+/ggqxxF0ZHEQNz81qOMnhCkm4bf2hC2TOsnrSm/P6PNUVZ4y1Aol69n/keEiBz3tyezBZDeM8CRfRSx5G187Vvxw3Ofr23xSjP9L+Ao1iieXcg8TUBmtL1IDOexdTBxqtxesGyUAWJm1z0/hbBIPpvi4WQQK77L34bZRDuPv6c29ovNqMy3+3mD0Ej7FK/eR4GZBTsbplZeuuOX5ycTrLZ+fcO+zmVDik3nOsEW5CLRuKJhEZ+EKCA3gSohpXqCzpTHBAPTXNEn5YP+8+UfcMcMpjOLHUPLEBB5gppKnwPpxhC0bCz4JqUiTrijMWkqyo2uw1+g7qa6b94F4XCvseFP/U7NIgCvaJQT4c6R/qgmQInfl6imbgV5CMD670P4jPPWZ1oj5bixTpFRvvUX7eeIjg4a54UfWzHDhb33Yx2/5o6RLXgW48pU5eOhxmHUkki2EdQVX9ngF6CTJlOT0s5DFx8cpGrUxhGIDwMtbeQRWUtoMB2+TmXvzlH5Pqr3cd4AyBp7ELnoD8Ju5H18bOO39dKbLbAOODuy8kzzm6eqBVWoy/9awqVquk+Obyqdws6exhKxqjUiy/2jSg0sL0d3kk2B3D7NTcVB+hPa7LSrXjMd+SYRbKPWhivUc=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(4022899009)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IKklmkDTgGPrfp3HZ7ULfZZOhMG0HOeXSD/ZXyXeNFCeVUP08N9VRK8ECNFrU5xHISjhlsRWlGWJR+GCkDbxuXCBb9Aw3KEHnYUGPg7LtXRcrOcOQLlY1sKfXNVM0GkPDeIgFMik48seSjQ0Pledab06rCzinPtMm9FxRr13TwOLems+3ZwoycE+vRr/eD4B4ftVCi6XFcDSqx3iOoeyFhHDXnTaIgEMwkGhfaO8nZJvbzbF/cFt36wx935LloMBWa07kvy0sXUHuJXWzzEp9w83zQxyOKCaD81KAfeNOBbNbU1hKCmKxOzWatRS0GENdfqG7/UrSgVSx+q+WE8NX2z07pLHlSgcdtQEbRm8I/rycGK28BPAClfg/XuC8bfdvJIjHCATwmVeLTrE959W7ct9dQziya2xSaHHE61FEmNsRZNAnU4cnejIxcGOgf8MSR43gW1Rubrs/X9drl1b+gJRFJW4DSwcsgddVZ1r0Ocmb1TNhFzCp/DUI71GQRBnjjQ8qv6EUgtXLUK2lNEvF7v9mXJM+7oUJz4/KXYHEYR7FXJHd5Xhxy0BwgeWGfApmVy7c3LHPFgg54gsdpHCjudSU1dG92dFPHD0ycKlzZQ669qSk+4OlTqomXuMLZCS5JJTvSf/+JhtnUF303U6yhECcry+0+GJ7Flo8hAkO4anlvYePbnDKqAajhrVbMXygaLDliaM67pq+RXZy02zVWR7lXn+VyKyqYknxegiC9y3QKies18VggZltC4xeVvAY2KaM3RG6FpPtxk/14btmmL/fLOBSJiwY1R+tMS83WKtzKavodcPNH2OyfnYVdJIa8T/jY/GqaD4xfrHaNfCzQHv6XI6V19lNB5QaT/ifpxXHCk788klABiDimHzL3Gh1Ppdq0Q0uw0c5nqDSKbAY0ooD9px6AT83KFT5LjUWgrxS7NNQhUVN08zM5NcdvuIKJX3MhdbMJi4TWbCDbFEk27iWfg914trYiKDq0QMiciULsnM8aPXzqZgQ4rACSE8qVBI7g1CBz4iNZF8O0+AXM4LzwkntHiVvn0AIbZkkhAx32+kXtzhixb16dzCyiMe8eS8/XB0gNTFmPGa1sj+BSP8BXygJAOSpM0LWpbLjPI9Sk6pON9mk39zHR65ABhypXtFWqmhV9jyZFYrAqgVXTISgxGcXCwYQwrzlvAOxUaw+/qJSXoHx818Vt7ak4iiAMKzSfR8QPGChctGsG9kI/tu26HEx9zSwm1Bem27ovRGe7N+woQTt/ipHrpWBQ7WZLZkB4oZjnNeSCpBXBn5avzS+Z8QY3JZb2DSw2XDIySHOC26uUhPVy8H7VbfiNJA7T3NYYRHbvKdQYY2Beza+wzycNf3pKnu4BHn0c/ZD+51vTN7XTKn5TSazKgVDvwcY6nsEo++rRHmNzn6Mv0Qskod1o55GL/sCvwmKNB8LO3srpepp7EM7jX8jmNixaVFTL8VDoEhyFBk6pDnJL4fg+QUIP7RXb9TYn8nQF2xJLtDygBJvDcVa5b0OpRk7/rPnohbnt5OXEX4P3cbFOlTU5Y6Ua9+AvRPUhdj+1qdQl2bBLIhn5xOGl0wBABOlhbXfc+VmEaw5KAK+CBJefo0EQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.3"; boundary="----=_NextPart_000_0002_01DACC55.097A08D0"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c57a2293-52c0-48f1-bb96-08dc9a5b6f05
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2024 05:54:27.4761 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aTwmqL89ZQpqxr/JvbILOeF2TuL9vxLhkHbm/DbKz0XF09F6UlkcEb0K4KGgzQJbA68gWPnVYCLuVMTqoJjqdgg24tF1X1zJIep+GLOB1PI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB6021
Message-ID-Hash: TAEMQCYTHYA5YR2OAN5DAVYVJDK3KGZV
X-Message-ID-Hash: TAEMQCYTHYA5YR2OAN5DAVYVJDK3KGZV
X-MailFrom: hendrik.brockhaus@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "spasm@ietf.org" <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [lamps] Re: Using cms-kemri this CMP Indirect POP
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3CB207JPCI00qdWbmj3lUaWppXo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>
Russ: I see your point in the sender offering both methods to let the recipient chose, which generally eases interoperability. But so far, I do not see any convincing argument that it is really necessary to requiring the sender to use any specific method to generate rid at all because the recipient can easily ignore the rid field. Currently I did not see any CMS implementation using method 4 from RFC 7093 Section 2 for generating recipient identifier. Typically, CMS implementation simply use the data from the certificate of the recipient. I our case the sender could simply use this standard procedure because the certificate is available in on sender side in clear (not encrypted). Are you aware of CMS implementations offering the flexibility of specifying the method for generation rid? Hendrik Von: Russ Housley <housley@vigilsec.com> Gesendet: Montag, 1. Juli 2024 20:57 An: David von Oheimb <it@von-Oheimb.de> Cc: Brockhaus, Hendrik (T CST SEA-DE) <hendrik.brockhaus@siemens.com>; spasm@ietf.org Betreff: Re: [lamps] Using cms-kemri this CMP Indirect POP David: I think the CA should do Method 1+2, and the the client side should do whatever is most straightforward for the implementer. I see no reason for the client to trow an error if the rid is a value other than expected as long as it is able to figure out what private key to use in one way or another,. Russ On Jul 1, 2024, at 2:35 PM, David von Oheimb <it@von-Oheimb.de <mailto:it@von-Oheimb.de> > wrote: On 01.07.24 19:40, Russ Housley wrote: Hendrik: The transactionID from the CMP message header can be used by the recipient to determine the appropriate private key to use, and the rid can be set to the hash of the public key. I do not see how this leads to the interoperability concerns that you list under method 2. What Hendrik meant with potential interop topic is that the implementations on sender and receiver side must agree on the method for generating the key id, which might go wrong and which is something simply not needed with method 1. BTW, as mentioned in <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40 siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149 5d55a%7C1%7C0%7C638554570276887056%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=WHggTTd hT0aitds4j%2FmMB%2FBPiexFsODWAe%2Bpgfqk79Y%3D&reserved=0> https://github.com/lamps-wg/cmp-updates/issues/62., most implementations will (need to) do method 1 anyway, since this is the typical simple way a CMS API is designed (at least for OpenSSL, and I suppose for most/all others, too), and method 2 is an optional thing that may be done in addition (for an early sanity check before decryption). So the choice boils down to doing just method 1 or methods 1+2. David On Jul 1, 2024, at 12:32 PM, Brockhaus, Hendrik <mailto:hendrik.brockhaus=40siemens.com@dmarc.ietf.org> <hendrik.brockhaus=40siemens.com@dmarc.ietf.org> wrote: Thank you to all for the good discussion on the list as well as on <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40 siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149 5d55a%7C1%7C0%7C638554570276900309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=f0Lecx9 WgkwgrD1sPa9H2B6yipJWgzsrkAhzEvpg7B4%3D&reserved=0> https://github.com/lamps-wg/cmp-updates/issues/62. There were two methods proposed to identify the private key to be used on recipient side for decryption of the EnvelopedData delivering the newly issued certificate in encrypted form. 1. Use a certificate management context, like transactionID from the CMP message header and certReqId from the certificate request object. 2. Use the SHA-256 hash of SubjectKeyIdentifier from the CSR by sender and recipient as recipient identifier in the CMS recipienInfo field and do not use the issuerAndSerialNumber or subjectKeyIdentifier from the new certificate. There are different people in favor of the one or the other method. I would like to reach consensus on the method to specify in rfc4210bis until end of this week to cover it in the update I plan to submit before the submission cut-off. Method 1: Pros: * Is specific to the recipient and does not raise any requirement to the sender implementation. Using transactionID and certReqId can be used, but any other context on recipient side is as good. * Is independent to the CMS implementation used because no specific rid value needs to be used. * If there is only one certificate request pre CMP transaction the context is trivial. * The sender can populate the rid field using the standard CMS method using either issuerAndSerialNumber or subjectKeyIdentifier from the new certificate. Cons: * The recipient cannot doublecheck if the private key to use for decryption is the right before decrypting the EnvelopedData. * The recipient must ignore the rid content. Method 2: Pros: * It is a clear specification on how to populate the rid field so that sender and recipient must use. Cons: * It introduces a potential interoperability topic an implementation must properly address. * A recipient would need to reject decrypting the EnvelopedData in case the sender is implementing the standard CMS method using either issuerAndSerialNumber or subjectKeyIdentifier from the new certificate, even if the decryption would work fine. * The certificate management context needs to be maintained anyhow when implementing CMP. Maybe I am a bit biased :-) Does anyone want to add additional pros and cons to my summary? Hendrik Von: David von Oheimb < <mailto:it@von-Oheimb.de> it@von-Oheimb.de> Gesendet: Samstag, 29. Juni 2024 11:39 An: <mailto:spasm@ietf.org> spasm@ietf.org Betreff: [lamps] Re: Using cms-kemri this CMP Indirect POP I had a closer look at this both from conceptual and implementation point of view - see <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40 siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149 5d55a%7C1%7C0%7C638554570276909388%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vVXDa%2 FqpR0OvVEtrulcYmzOGgq%2BXGUp%2BJKUSMzB%2BNfY%3D&reserved=0> https://github.com/lamps-wg/cmp-updates/issues/62 for details. IMO its sufficient to let the CMP client application provide the CMS layer the right decryption key, namely the one corresponding to the public key it sent in the CSR in the same transaction. In the vast majority of cases, anyway just one such key is involved, and otherwise they certReqId selects among those involved. One might spend extra effort, both in specification and mostly in the implementation on the server and client side, in order to steer the generation of the RecipientIdentifer such that the client is enabled to check the agreement of the en/decryption key before decrypting the certificate in the response from the server, but this extra sanity check does not really bring value. The key selection can be done based on transaction and request ID, and successful decryption and use of the cert anyway implies that the correct key has been used for decryption. So my clear preference is to let the server-side CMS layer choose as usual whatever RecipientIdentifer it is pleased to construct, which may one that the client cannot really make use of before decrypting the cert, and the client-side CMS lib can simply ignore it. For instance, the existing OpenSSL CMS implementation checks for agreement of the RecipientIdentifer only if the calling application provides beforehand the cert corresponding to the decryption key - and this cannot be done in case of indirect POP, simply because the (decrypted) cert is not available yet. David On 20.06.24 08:10, Brockhaus, Hendrik wrote: Von: Carl Wallace <mailto:carl@redhoundsoftware.com> <carl@redhoundsoftware.com> From: Mike Ounsworth < <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> Mike.Ounsworth=40entrust.com@dmarc.ietf.org> Hendrik, Dumb question: does a CMP client actually need the rid in order to correctly parse and decrypt the message? The client should know which keypair it is trying to request a certificate for. Shouldn't the transactionID be sufficient to determine which private key to use? Can the KEMRI simply be left empty within CMP? [CW] RID is not OPTIONAL. It'd be unusual to populate it with an empty OCTET STRING, DN, serial. Mandating use of the key identifier option like Russ suggested and letting implementations use it or not seems right to me. [HB] You are right, we need to fill RID. But we are considering that the recipient does not use the content of the recipient identifier for identifying the private key to use for decryption in this case but use the CMP internal IDs transactionID and certReqId instead. The advantage is, that this would only affect the implementation on the receiving side. The sending entity could fill the recipient identifier as usual with the subject key identifier from the recipient's certificate and would not need to implement a specific method for generation the recipient identifier as Russ proposed. --- Mike Ounsworth From: Brockhaus, Hendrik < <mailto:hendrik.brockhaus=40siemens.com@dmarc.ietf.org> hendrik.brockhaus=40siemens.com@dmarc.ietf.org> Sent: Wednesday, June 12, 2024 2:19 AM To: Russ Housley < <mailto:housley@vigilsec.com> housley@vigilsec.com>; John Gray < <mailto:John.Gray@entrust.com> John.Gray@entrust.com>; Tomofumi Okubo < <mailto:tomofumi.okubo@digicert.com> tomofumi.okubo@digicert.com> Cc: Ranjan, Rajeev < <mailto:ranjan.rajeev@siemens.com> ranjan.rajeev@siemens.com>; <mailto:spasm@ietf.org> spasm@ietf.org Subject: [EXTERNAL] [lamps] Using cms-kemri this CMP Indirect POP Russ, John, Tomofumi While implementing Indirect POP for KEM in CMP we came across the following issue, see <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40 siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149 5d55a%7C1%7C0%7C638554570276916354%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=BxCCy5f B8SBp1jL%2BMi9pZrxlxPDPBi5FR%2FgoCkWkK24%3D&reserved=0> https://github.com/lamps-wg/cmp-updates/issues/62. Section 3 of cms-kemri says: "rid specifies the recipient's certificate or key that was used by the originator with the KEM Encapsulate() function. The RecipientIdentifier provides two alternatives for specifying the recipient's certificate [ <https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-e ditor.org%2Frfc%2Frfc5280&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7Cc 95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7 C638554570276922568%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sJ7qxGOXQZx0rGH%2FvS2e DxzHuCb4HygxviGcroRUAtE%3D&reserved=0> RFC5280], and thereby the recipient's public key." When using Indirect POP, the recipient's certificate is delivered in encrypted form. Therefore, the recipient does not know about issuerAndSerialNumber or subjectKeyIdentifier before decrypting it and there is no option to directly specify the recipient's public key. Currently the cms-kemri implementation for Indirect POP in CMP need to spot the private key to uses for KEM Decapsulate() by using the transactionID from the PKIHeader and certReqId from the certificate request. Is there a chance to get a third alternative in rid to directly specify the recipient's public key. This would allow implementation to directly spot the key pair to use. Hendrik _______________________________________________ Spasm mailing list -- spasm@ietf.org <mailto:spasm@ietf.org> To unsubscribe send an email to spasm-leave@ietf.org <mailto:spasm-leave@ietf.org>
- [lamps] Re: Using cms-kemri this CMP Indirect POP Carl Wallace
- [lamps] Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP Carl Wallace
- [lamps] Re: Using cms-kemri this CMP Indirect POP Mike Ounsworth
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP David von Oheimb
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP Tomas Gustavsson
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP David von Oheimb
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Mike Ounsworth
- [lamps] Re: Using cms-kemri this CMP Indirect POP Tim Hollebeek
- [lamps] Re: Using cms-kemri this CMP Indirect POP Mike Ounsworth
- [lamps] Re: Using cms-kemri this CMP Indirect POP David von Oheimb
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP John Gray
- [lamps] Re: Using cms-kemri this CMP Indirect POP Mike Ounsworth
- [lamps] Re: Using cms-kemri this CMP Indirect POP John Gray
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Brockhaus, Hendrik
- [lamps] Re: Using cms-kemri this CMP Indirect POP Russ Housley
- [lamps] Re: Using cms-kemri this CMP Indirect POP Tomas Gustavsson
- [lamps] Re: Using cms-kemri this CMP Indirect POP David von Oheimb
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Mike Ounsworth
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Carl Wallace
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Mike Ounsworth
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… David von Oheimb
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Brockhaus, Hendrik
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… David von Oheimb
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Mike Ounsworth
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Tomas Gustavsson
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Mike Ounsworth
- [lamps] Re: [EXTERNAL] Re: Re: Using cms-kemri th… Carl Wallace
- [lamps] CMS RecipientInfo for EnvelopedData in CMC David von Oheimb
- [lamps] Re: [EXTERNAL] CMS RecipientInfo for Enve… Mike Ounsworth
- [lamps] Re: CMS RecipientInfo for EnvelopedData i… Carl Wallace
- [lamps] Re: CMS RecipientInfo for EnvelopedData i… David von Oheimb
- [lamps] Re: CMS RecipientInfo for EnvelopedData i… Carl Wallace
- [lamps] Re: CMS RecipientInfo for EnvelopedData i… David von Oheimb
- [lamps] Re: CMS RecipientInfo for EnvelopedData i… Carl Wallace
- [lamps] Re: [EXTERNAL] CMS RecipientInfo for Enve… Brockhaus, Hendrik