[lamps] Re: Using cms-kemri this CMP Indirect POP

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 02 July 2024 05:54 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D133CC15199D for <spasm@ietfa.amsl.com>; Mon, 1 Jul 2024 22:54:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.006
X-Spam-Level:
X-Spam-Status: No, score=-2.006 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=siemens.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1VSvb97zDMu9 for <spasm@ietfa.amsl.com>; Mon, 1 Jul 2024 22:54:32 -0700 (PDT)
Received: from EUR05-VI1-obe.outbound.protection.outlook.com (mail-vi1eur05on2082.outbound.protection.outlook.com [40.107.21.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E2AD6C14F6A1 for <spasm@ietf.org>; Mon, 1 Jul 2024 22:54:31 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Z9z1IwVUHJ68QP/vy6sFM4emgq6yCrugtKIhK/1JKfRvTpW2E8WXBF++LvKEuhNCj990Um0n4Qlf+GX0Dbb9WIewM71gwLEOAaeBvjX6xE8CwldCD0C2gh1HiaqutCu+6uRjQVPW2LhVNGfpoMdaapsXAoA3P2XjivM0f9bxvJgm4+wkasQUH2QLduFu/PsnQ4nlsms7alIDMMTqwrnVTsfnZOgBnoQjJP0rdZ+B3vBAZZVfOfvjE3VBtXdv0FnsabfQ3Z3XD47LFcVy2GmnxGoWiVuqauXuUlT/9geIlk/JAX1jKb1oEFzngdIrYNEkW95zyILLeQ1+JHFtBRgyGA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=t25bvL6HIfP2xcLaYz/idPwZCMmkh/iuHN0+P2Aa0K8=; b=WzjdeLArLlWxFeA4bBixIRks588f/mTo+ppQtgRVuMLGd3liHUyoYj0ZPb07VuDAhu8sCIXxPT4+ME4ei7vfFO5PsbYYfD7BfTkZkmeitcfyxdCO2uVVI1955LEwH2ixW9jEu1Gfcruf+aDius9dn7Y6DE2ykGuhEdI+4amG44b5WLIXj/epvHAWGZN4L94+kP/22lqSYDe9rL6PZCpmHJAhupyLpxPbIzQV0qPFSHhmed4kRJy/EuNqWSx3DESH9Hxl4RYDX6qTBaT7ViQt/0J8STtSXvDVPvuhOwg9GX5yJeL6tOBlCY6OdNK+keUkkl4+PTrEyt0rMU0TofoK9g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=t25bvL6HIfP2xcLaYz/idPwZCMmkh/iuHN0+P2Aa0K8=; b=qX7q9BhJZWlkcFugTO5mV0+VwhT8Fr9yt7IM5eDNO+F2NaHMUbWkzK9zwBekIiBgIl1TfwHa8nTF3bYK/iLo8MbX7jA0s0plgQnOWSjrwafb8UkC+plsZoWwhopqWU23Ufoi6dksKeINvxC6rG3HCnnUSF/55OsabyvNoZjp4d6YrcVThwxu/GoY7mwZHEdEIl2SlTnO4vsFe86tJ7subnhrEC3AJBrWxX2w8ydtb/fgDvGWSRJ1GCL+OwLz+82mkIDtQMzOETs46E7o7MjAu7V/ke8vHmZGnAsT0Z+P9VmTFklMyFqca4URuR6+YAalWvACiMYIehCY58XjzOM84w==
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:10:2ee::5) by AS8PR10MB6021.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:52a::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7719.32; Tue, 2 Jul 2024 05:54:28 +0000
Received: from DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a]) by DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM ([fe80::8b02:6852:93f4:50a%4]) with mapi id 15.20.7719.028; Tue, 2 Jul 2024 05:54:27 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Russ Housley <housley@vigilsec.com>, David von Oheimb <it@von-Oheimb.de>
Thread-Topic: [lamps] Using cms-kemri this CMP Indirect POP
Thread-Index: AQHay+h4qqORI7j3FEqgnnjYICYurrHi6wtQ
Date: Tue, 02 Jul 2024 05:54:27 +0000
Message-ID: <DB9PR10MB57155DB490C3593AEDFEC119FEDC2@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM>
References: <9CADB58B-BF50-4FD6-B444-CDEE18B7DB38@redhoundsoftware.com> <DB9PR10MB57157D0D783CEE7D60298DBFFEC82@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <87189d62-d8a5-4029-91bf-f084a1dd3423@von-Oheimb.de> <DB9PR10MB57150E845DDCA05A95623B73FED32@DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM> <BC26287F-462B-462C-A6DE-EF06E919656B@vigilsec.com> <a98b2821-5cc3-451f-a22d-5d4f60361585@von-Oheimb.de> <BEF16A08-149A-4095-AC0A-D178E4260270@vigilsec.com>
In-Reply-To: <BEF16A08-149A-4095-AC0A-D178E4260270@vigilsec.com>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ActionId=f33977ec-b771-4c0b-97d1-3bfed6e002b1;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_ContentBits=0;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Enabled=true;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Method=Standard;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_Name=restricted;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SetDate=2024-07-02T05:33:55Z;MSIP_Label_9d258917-277f-42cd-a3cd-14c4e9ee58bc_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a;
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=siemens.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DB9PR10MB5715:EE_|AS8PR10MB6021:EE_
x-ms-office365-filtering-correlation-id: c57a2293-52c0-48f1-bb96-08dc9a5b6f05
x-ms-exchange-atpmessageproperties: SA
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;ARA:13230040|366016|376014|4022899009|1800799024|38070700018;
x-microsoft-antispam-message-info: JFMAgY7r5cJ3KKYZ3nFRry9wbAUDdy76mAYbhSz6F9K3BKUbOZxfvTg+oJfQ5XVK39dzO9Z6rG2pcc6I5eDvmCQgDdSh1mpZshUWPKlOJ/Lbj7S0onncUyD1yHzGvhZke1t2CvVcId9wa4HPqn06NtStfCTI/TobX2k+Xo2W3weczE5OAKNp2uh4ZtbLIzAKT7feVYJgIFYjLAhgM+TY1GcnW29OOOubPjDu5tDcGGcBpiuGulClrYHV3TxWagMxlqhy9PD7jLZ7lKkCV5gdEnIKnci2JDmHKzLCWqxdDYMKAF2E8bZz5M6Kz6VyOBjKXOpkFfuQgmIfFH7k6dVCpy4J44oZBq18J+PN7XyfYfgLD1JKM8pjoqIvt5dRp8SSJJuYyNeoABkppX5IbAyp9vsVIO8pAZ/4V0JLdk6VIoAhP0ZVGSOD2gcQRKgAdO7K3njYpIgy3aX8VRX3igoYe/BCuYbo+JjBwWJ8j0JNNhO0Phw9pa5CmgmyViXwz+VjeRgkUcPi09+HXJzBlABOz1QGkocp4JS0M+WXj7YdpILvVA9coS0GxKSNt6bXePIAMPVe+4Pohk7iuEL8mf32GBhqutkoFeo0XKpO6aezO/78yXCqQSB/rnhHtXdoaW3vpw/3nWtnzLrp+wU5e8Ym5rDG39b3VnwAdbifwWW3jKaMBLqP/L0yWiBC+HcIdROHQRfbuxWlAeeXcNiThLApB053u+7w3odTGjNsfsWxNXWYyw+/ggqxxF0ZHEQNz81qOMnhCkm4bf2hC2TOsnrSm/P6PNUVZ4y1Aol69n/keEiBz3tyezBZDeM8CRfRSx5G187Vvxw3Ofr23xSjP9L+Ao1iieXcg8TUBmtL1IDOexdTBxqtxesGyUAWJm1z0/hbBIPpvi4WQQK77L34bZRDuPv6c29ovNqMy3+3mD0Ej7FK/eR4GZBTsbplZeuuOX5ycTrLZ+fcO+zmVDik3nOsEW5CLRuKJhEZ+EKCA3gSohpXqCzpTHBAPTXNEn5YP+8+UfcMcMpjOLHUPLEBB5gppKnwPpxhC0bCz4JqUiTrijMWkqyo2uw1+g7qa6b94F4XCvseFP/U7NIgCvaJQT4c6R/qgmQInfl6imbgV5CMD670P4jPPWZ1oj5bixTpFRvvUX7eeIjg4a54UfWzHDhb33Yx2/5o6RLXgW48pU5eOhxmHUkki2EdQVX9ngF6CTJlOT0s5DFx8cpGrUxhGIDwMtbeQRWUtoMB2+TmXvzlH5Pqr3cd4AyBp7ELnoD8Ju5H18bOO39dKbLbAOODuy8kzzm6eqBVWoy/9awqVquk+Obyqdws6exhKxqjUiy/2jSg0sL0d3kk2B3D7NTcVB+hPa7LSrXjMd+SYRbKPWhivUc=
x-forefront-antispam-report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM;PTR:;CAT:NONE;SFS:(13230040)(366016)(376014)(4022899009)(1800799024)(38070700018);DIR:OUT;SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IKklmkDTgGPrfp3HZ7ULfZZOhMG0HOeXSD/ZXyXeNFCeVUP08N9VRK8ECNFrU5xHISjhlsRWlGWJR+GCkDbxuXCBb9Aw3KEHnYUGPg7LtXRcrOcOQLlY1sKfXNVM0GkPDeIgFMik48seSjQ0Pledab06rCzinPtMm9FxRr13TwOLems+3ZwoycE+vRr/eD4B4ftVCi6XFcDSqx3iOoeyFhHDXnTaIgEMwkGhfaO8nZJvbzbF/cFt36wx935LloMBWa07kvy0sXUHuJXWzzEp9w83zQxyOKCaD81KAfeNOBbNbU1hKCmKxOzWatRS0GENdfqG7/UrSgVSx+q+WE8NX2z07pLHlSgcdtQEbRm8I/rycGK28BPAClfg/XuC8bfdvJIjHCATwmVeLTrE959W7ct9dQziya2xSaHHE61FEmNsRZNAnU4cnejIxcGOgf8MSR43gW1Rubrs/X9drl1b+gJRFJW4DSwcsgddVZ1r0Ocmb1TNhFzCp/DUI71GQRBnjjQ8qv6EUgtXLUK2lNEvF7v9mXJM+7oUJz4/KXYHEYR7FXJHd5Xhxy0BwgeWGfApmVy7c3LHPFgg54gsdpHCjudSU1dG92dFPHD0ycKlzZQ669qSk+4OlTqomXuMLZCS5JJTvSf/+JhtnUF303U6yhECcry+0+GJ7Flo8hAkO4anlvYePbnDKqAajhrVbMXygaLDliaM67pq+RXZy02zVWR7lXn+VyKyqYknxegiC9y3QKies18VggZltC4xeVvAY2KaM3RG6FpPtxk/14btmmL/fLOBSJiwY1R+tMS83WKtzKavodcPNH2OyfnYVdJIa8T/jY/GqaD4xfrHaNfCzQHv6XI6V19lNB5QaT/ifpxXHCk788klABiDimHzL3Gh1Ppdq0Q0uw0c5nqDSKbAY0ooD9px6AT83KFT5LjUWgrxS7NNQhUVN08zM5NcdvuIKJX3MhdbMJi4TWbCDbFEk27iWfg914trYiKDq0QMiciULsnM8aPXzqZgQ4rACSE8qVBI7g1CBz4iNZF8O0+AXM4LzwkntHiVvn0AIbZkkhAx32+kXtzhixb16dzCyiMe8eS8/XB0gNTFmPGa1sj+BSP8BXygJAOSpM0LWpbLjPI9Sk6pON9mk39zHR65ABhypXtFWqmhV9jyZFYrAqgVXTISgxGcXCwYQwrzlvAOxUaw+/qJSXoHx818Vt7ak4iiAMKzSfR8QPGChctGsG9kI/tu26HEx9zSwm1Bem27ovRGe7N+woQTt/ipHrpWBQ7WZLZkB4oZjnNeSCpBXBn5avzS+Z8QY3JZb2DSw2XDIySHOC26uUhPVy8H7VbfiNJA7T3NYYRHbvKdQYY2Beza+wzycNf3pKnu4BHn0c/ZD+51vTN7XTKn5TSazKgVDvwcY6nsEo++rRHmNzn6Mv0Qskod1o55GL/sCvwmKNB8LO3srpepp7EM7jX8jmNixaVFTL8VDoEhyFBk6pDnJL4fg+QUIP7RXb9TYn8nQF2xJLtDygBJvDcVa5b0OpRk7/rPnohbnt5OXEX4P3cbFOlTU5Y6Ua9+AvRPUhdj+1qdQl2bBLIhn5xOGl0wBABOlhbXfc+VmEaw5KAK+CBJefo0EQ==
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.3"; boundary="----=_NextPart_000_0002_01DACC55.097A08D0"
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DB9PR10MB5715.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: c57a2293-52c0-48f1-bb96-08dc9a5b6f05
X-MS-Exchange-CrossTenant-originalarrivaltime: 02 Jul 2024 05:54:27.4761 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: aTwmqL89ZQpqxr/JvbILOeF2TuL9vxLhkHbm/DbKz0XF09F6UlkcEb0K4KGgzQJbA68gWPnVYCLuVMTqoJjqdgg24tF1X1zJIep+GLOB1PI=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AS8PR10MB6021
Message-ID-Hash: TAEMQCYTHYA5YR2OAN5DAVYVJDK3KGZV
X-Message-ID-Hash: TAEMQCYTHYA5YR2OAN5DAVYVJDK3KGZV
X-MailFrom: hendrik.brockhaus@siemens.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-spasm.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: "spasm@ietf.org" <spasm@ietf.org>
X-Mailman-Version: 3.3.9rc4
Precedence: list
Subject: [lamps] Re: Using cms-kemri this CMP Indirect POP
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/3CB207JPCI00qdWbmj3lUaWppXo>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Owner: <mailto:spasm-owner@ietf.org>
List-Post: <mailto:spasm@ietf.org>
List-Subscribe: <mailto:spasm-join@ietf.org>
List-Unsubscribe: <mailto:spasm-leave@ietf.org>

Russ: 

 

I see your point in the sender offering both methods to let the recipient
chose, which generally eases interoperability. 

But so far, I do not see any convincing argument that it is really necessary
to requiring the sender to use any specific method to generate rid at all
because the recipient can easily ignore the rid field.

 

Currently I did not see any CMS implementation using method 4 from RFC 7093
Section 2 for generating recipient identifier. Typically, CMS implementation
simply use the data from the certificate of the recipient. I our case the
sender could simply use this standard procedure because the certificate is
available in on sender side in clear (not encrypted). 

Are you aware of CMS implementations offering the flexibility of specifying
the method for generation rid?

 

 

Hendrik

 

Von: Russ Housley <housley@vigilsec.com> 
Gesendet: Montag, 1. Juli 2024 20:57
An: David von Oheimb <it@von-Oheimb.de>
Cc: Brockhaus, Hendrik (T CST SEA-DE) <hendrik.brockhaus@siemens.com>;
spasm@ietf.org
Betreff: Re: [lamps] Using cms-kemri this CMP Indirect POP

 

David:

 

I think the CA should do Method 1+2, and the the client side should do
whatever is most straightforward for the implementer.  I see no reason for
the client to trow an error if the rid is a value other than expected as
long as it is able to figure out what private key to use in one way or
another,.

 

Russ

 





On Jul 1, 2024, at 2:35 PM, David von Oheimb <it@von-Oheimb.de
<mailto:it@von-Oheimb.de> > wrote:

 

On 01.07.24 19:40, Russ Housley wrote:

Hendrik: 

 

The transactionID from the CMP message header can be used by the recipient
to determine the appropriate private key to use, and the rid can be set to
the hash of the public key.  I do not see how this leads to the
interoperability concerns that you list under method 2.

What Hendrik meant with potential interop topic is that the implementations
on sender and receiver side must agree on 
the method for generating the key id, which might go wrong and which is
something simply not needed with method 1.

BTW, as mentioned in
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40
siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149
5d55a%7C1%7C0%7C638554570276887056%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=WHggTTd
hT0aitds4j%2FmMB%2FBPiexFsODWAe%2Bpgfqk79Y%3D&reserved=0>
https://github.com/lamps-wg/cmp-updates/issues/62., most implementations
will (need to) do method 1 anyway,
since this is the typical simple way a CMS API is designed (at least for
OpenSSL, and I suppose for most/all others, too),
and method 2 is an optional thing that may be done in addition (for an early
sanity check before decryption).
So the choice boils down to doing just method 1 or methods 1+2.

    David

 

On Jul 1, 2024, at 12:32 PM, Brockhaus, Hendrik
<mailto:hendrik.brockhaus=40siemens.com@dmarc.ietf.org>
<hendrik.brockhaus=40siemens.com@dmarc.ietf.org> wrote: 

 

Thank you to all for the good discussion on the list as well as on
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40
siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149
5d55a%7C1%7C0%7C638554570276900309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=f0Lecx9
WgkwgrD1sPa9H2B6yipJWgzsrkAhzEvpg7B4%3D&reserved=0>
https://github.com/lamps-wg/cmp-updates/issues/62.

 

There were two methods proposed to identify the private key to be used on
recipient side for decryption of the EnvelopedData delivering the newly
issued certificate in encrypted form.

1.	Use a certificate management context, like transactionID from the
CMP message header and certReqId from the certificate request object.
2.	Use the SHA-256 hash of SubjectKeyIdentifier from the CSR by sender
and recipient as recipient identifier in the CMS recipienInfo field and do
not use the issuerAndSerialNumber or subjectKeyIdentifier from the new
certificate.

 

There are different people in favor of the one or the other method. I would
like to reach consensus on the method to specify in rfc4210bis until end of
this week to cover it in the update I plan to submit before the submission
cut-off.

 

Method 1:

Pros: 

*	Is specific to the recipient and does not raise any requirement to
the sender implementation. Using transactionID and certReqId can be used,
but any other context on recipient side is as good.
*	Is independent to the CMS implementation used because no specific
rid value needs to be used.
*	If there is only one certificate request pre CMP transaction the
context is trivial.
*	The sender can populate the rid field using the standard CMS method
using either issuerAndSerialNumber or subjectKeyIdentifier from the new
certificate.

Cons:

*	The recipient cannot doublecheck if the private key to use for
decryption is the right before decrypting the EnvelopedData.
*	The recipient must ignore the rid content.

 

Method 2:

Pros:

*	It is a clear specification on how to populate the rid field so that
sender and recipient must use.

Cons:

*	It introduces a potential interoperability topic an implementation
must properly address.
*	A recipient would need to reject decrypting the EnvelopedData in
case the sender is implementing the standard CMS method using either
issuerAndSerialNumber or subjectKeyIdentifier from the new certificate, even
if the decryption would work fine.
*	The certificate management context needs to be maintained anyhow
when implementing CMP.

 

Maybe I am a bit biased :-)

Does anyone want to add additional pros and cons to my summary?

 

 

Hendrik

 

 

Von: David von Oheimb < <mailto:it@von-Oheimb.de> it@von-Oheimb.de> 
Gesendet: Samstag, 29. Juni 2024 11:39
An:  <mailto:spasm@ietf.org> spasm@ietf.org
Betreff: [lamps] Re: Using cms-kemri this CMP Indirect POP

 

I had a closer look at this both from conceptual and implementation point of
view - 
see
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40
siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149
5d55a%7C1%7C0%7C638554570276909388%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=vVXDa%2
FqpR0OvVEtrulcYmzOGgq%2BXGUp%2BJKUSMzB%2BNfY%3D&reserved=0>
https://github.com/lamps-wg/cmp-updates/issues/62 for details.

IMO its sufficient to let the CMP client application provide the CMS layer
the right decryption key,
namely the one corresponding to the public key it sent in the CSR in the
same transaction.
In the vast majority of cases, anyway just one such key is involved, and
otherwise they certReqId selects among those involved.

One might spend extra effort, both in specification and mostly in the
implementation on the server and client side,
in order to steer the generation of the RecipientIdentifer such that the
client is enabled to check the agreement of the en/decryption key
before decrypting the certificate in the response from the server, but this
extra sanity check does not really bring value.
The key selection can be done based on transaction and request ID, 
and successful decryption and use of the cert anyway implies that the
correct key has been used for decryption.

So my clear preference is to let the server-side CMS layer choose as usual
whatever RecipientIdentifer it is pleased to construct,
which may one that the client cannot really make use of before decrypting
the cert, and the client-side CMS lib can simply ignore it.

For instance, the existing OpenSSL CMS implementation checks for agreement
of the RecipientIdentifer
only if the calling application provides beforehand the cert corresponding
to the decryption key -
and this cannot be done in case of indirect POP, simply because the
(decrypted) cert is not available yet.

    David

 

On 20.06.24 08:10, Brockhaus, Hendrik wrote:

 

 

Von: Carl Wallace  <mailto:carl@redhoundsoftware.com>
<carl@redhoundsoftware.com>

 

 

From: Mike Ounsworth < <mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Mike.Ounsworth=40entrust.com@dmarc.ietf.org>





 

Hendrik,

 

Dumb question: does a CMP client actually need the rid in order to correctly
parse and decrypt the message? The client should know which keypair it is
trying to request a certificate for. Shouldn't the transactionID be
sufficient to determine which private key to use? Can the KEMRI simply be
left empty within CMP?

 

[CW] RID is not OPTIONAL. It'd be unusual to populate it with an empty OCTET
STRING, DN, serial. Mandating use of the key identifier option like Russ
suggested and letting implementations use it or not seems right to me.

 

[HB] You are right, we need to fill RID. 

But we are considering that the recipient does not use the content of the
recipient identifier for identifying the private key to use for decryption
in this case but use the CMP internal IDs transactionID and certReqId
instead. The advantage is, that this would only affect the implementation on
the receiving side. The sending entity could fill the recipient identifier
as usual with the subject key identifier from the recipient's certificate
and would not need to implement a specific method for generation the
recipient identifier as Russ proposed.

 

---

Mike Ounsworth

 

From: Brockhaus, Hendrik <
<mailto:hendrik.brockhaus=40siemens.com@dmarc.ietf.org>
hendrik.brockhaus=40siemens.com@dmarc.ietf.org> 
Sent: Wednesday, June 12, 2024 2:19 AM
To: Russ Housley < <mailto:housley@vigilsec.com> housley@vigilsec.com>; John
Gray < <mailto:John.Gray@entrust.com> John.Gray@entrust.com>; Tomofumi Okubo
< <mailto:tomofumi.okubo@digicert.com> tomofumi.okubo@digicert.com>
Cc: Ranjan, Rajeev < <mailto:ranjan.rajeev@siemens.com>
ranjan.rajeev@siemens.com>;  <mailto:spasm@ietf.org> spasm@ietf.org
Subject: [EXTERNAL] [lamps] Using cms-kemri this CMP Indirect POP

 

Russ, John, Tomofumi

 

While implementing Indirect POP for KEM in CMP we came across the following
issue, see
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.co
m%2Flamps-wg%2Fcmp-updates%2Fissues%2F62&data=05%7C02%7Chendrik.brockhaus%40
siemens.com%7Cc95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e149
5d55a%7C1%7C0%7C638554570276916354%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwM
DAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=BxCCy5f
B8SBp1jL%2BMi9pZrxlxPDPBi5FR%2FgoCkWkK24%3D&reserved=0>
https://github.com/lamps-wg/cmp-updates/issues/62.

 

Section 3 of cms-kemri says: 

"rid specifies the recipient's certificate or key that was used by the
originator with the KEM Encapsulate() function. The RecipientIdentifier
provides two alternatives for specifying the recipient's certificate [
<https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.rfc-e
ditor.org%2Frfc%2Frfc5280&data=05%7C02%7Chendrik.brockhaus%40siemens.com%7Cc
95c0945a28b493afa4e08dc99ff9979%7C38ae3bcd95794fd4addab42e1495d55a%7C1%7C0%7
C638554570276922568%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2lu
MzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C0%7C%7C%7C&sdata=sJ7qxGOXQZx0rGH%2FvS2e
DxzHuCb4HygxviGcroRUAtE%3D&reserved=0> RFC5280], and thereby the recipient's
public key."

When using Indirect POP, the recipient's certificate is delivered in
encrypted form. Therefore, the recipient does not know about
issuerAndSerialNumber or subjectKeyIdentifier before decrypting it and there
is no option to directly specify the recipient's public key.

Currently the cms-kemri implementation for Indirect POP in CMP need to spot
the private key to uses for KEM Decapsulate() by using the transactionID
from the PKIHeader and certReqId from the certificate request.

 

Is there a chance to get a third alternative in rid to directly specify the
recipient's public key. This would allow implementation to directly spot the
key pair to use.

 

Hendrik

 

_______________________________________________
Spasm mailing list -- spasm@ietf.org <mailto:spasm@ietf.org> 
To unsubscribe send an email to spasm-leave@ietf.org
<mailto:spasm-leave@ietf.org>