Re: [lamps] WG Last call: draft-ietf-lamps-hash-of-root-key-cert-extn
Russ Housley <housley@vigilsec.com> Wed, 07 November 2018 11:38 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 05CBD129619 for <spasm@ietfa.amsl.com>; Wed, 7 Nov 2018 03:38:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lhbIUZIPREko for <spasm@ietfa.amsl.com>; Wed, 7 Nov 2018 03:38:11 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5412D1277C8 for <spasm@ietf.org>; Wed, 7 Nov 2018 03:38:11 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 22E7A300AA5 for <spasm@ietf.org>; Wed, 7 Nov 2018 06:38:09 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id OuprjQpLlwoG for <spasm@ietf.org>; Wed, 7 Nov 2018 06:38:08 -0500 (EST)
Received: from dhcp-8a9b.meeting.ietf.org (dhcp-8a9b.meeting.ietf.org [31.133.138.155]) by mail.smeinc.net (Postfix) with ESMTPSA id 22E2D3004FE; Wed, 7 Nov 2018 06:38:06 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <01ba01d475cb$8ef10cc0$acd32640$@augustcellars.com>
Date: Wed, 07 Nov 2018 06:38:04 -0500
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <2B5D295E-4CB0-450E-BF90-31C66F18AD49@vigilsec.com>
References: <BN6PR14MB1106CF89BEC31A9D837A3A5383F30@BN6PR14MB1106.namprd14.prod.outlook.com> <014401d47581$5fe919d0$1fbb4d70$@augustcellars.com> <7104A92B-DC98-4E58-A50A-D470E8E4A0B9@vigilsec.com> <016001d4758c$67daa2c0$378fe840$@augustcellars.com> <0871B813-F7BE-470D-AE97-6F5B62CDA7C3@vigilsec.com> <019601d475b9$578c9ea0$06a5dbe0$@augustcellars.com> <E77C61DD-E953-438A-A020-319F74C656BD@vigilsec.com> <01ba01d475cb$8ef10cc0$acd32640$@augustcellars.com>
To: Jim Schaad <ietf@augustcellars.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/46zfra5BCbtI03cRgB4Hm8ClnYc>
Subject: Re: [lamps] WG Last call: draft-ietf-lamps-hash-of-root-key-cert-extn
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 07 Nov 2018 11:38:13 -0000
Jim: I think I have two comments from you that have not yet been resolved. Here is the text for the Security Considerations that I propose to address them: The Root CA needs to ensure that the public key in the next generation certificate is as strong or stronger than the key that it is replacing. The Root CA needs to employ a hash function that is resistant to preimage attacks [RFC4270]. A first-preimage attack against the hash function would allow an attacker to find another input that results published hash value. For the attack to be successful, the input would have to be a valid SubjectPublicKeyInfo that contains the public key that corresponds to a private key known to the attacker. A second-preimage attack becomes possible once the Root CA releases the next generation public key, which makes the input to the hash function becomes available to the attacker and everyone else. Again, the attacker needs to find a valid SubjectPublicKeyInfo that contains the public key that corresponds to a private key known to the attacker. Russ
- [lamps] WG Last call: draft-ietf-lamps-hash-of-ro… Tim Hollebeek
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Tim Hollebeek
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Salz, Rich
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Jim Schaad
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Jim Schaad
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Jim Schaad
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Jim Schaad
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Russ Housley
- Re: [lamps] WG Last call: draft-ietf-lamps-hash-o… Jim Schaad