Re: [lamps] Hybrid pkix isn't needed

Tadahiko Ito <tadahiko.ito.public@gmail.com> Tue, 31 January 2023 01:25 UTC

Return-Path: <tadahiko.ito.public@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6F734C1B18AB for <spasm@ietfa.amsl.com>; Mon, 30 Jan 2023 17:25:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.095
X-Spam-Level:
X-Spam-Status: No, score=-7.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id c874SWo6mnzQ for <spasm@ietfa.amsl.com>; Mon, 30 Jan 2023 17:25:07 -0800 (PST)
Received: from mail-yw1-x1133.google.com (mail-yw1-x1133.google.com [IPv6:2607:f8b0:4864:20::1133]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5126C1B18A2 for <spasm@ietf.org>; Mon, 30 Jan 2023 17:25:07 -0800 (PST)
Received: by mail-yw1-x1133.google.com with SMTP id 00721157ae682-51ba4b1b9feso10747237b3.11 for <spasm@ietf.org>; Mon, 30 Jan 2023 17:25:07 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=bTEeOMWvikjKOgCx6piEQF8MN/wp8MYjhr3Huu02TWY=; b=lxfwIPJ4QXEJmjjgrwXsD7L/sYstbUB6U8dGZfgz+q8465dUTwjMYxFWXYu/ieZTSx DNhaWN6jRqZUto9aO7VxgMOb0asIARdJaOODTs9t2938EjT271Z8IMjuCcGBTc4k7T7D c1XCQlliapFlAU0Fkc9YPF5MfP4fdxqBIZQqqIXrrtl+XgQRbp4SaHMpfblhCN1jdXZE naNtFNNPdP8Qd3MiEnlcTaw4U3x3TdXhu66ejINhzXTaK3SNBXIh8ybvrBEvj8sm2x5M mycwYO+GkQwaApd3cyCS6RKtT7zIcC9BtvDMInudUDRpBafEK1zXkFdySR7+Px6DGjph KBug==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=bTEeOMWvikjKOgCx6piEQF8MN/wp8MYjhr3Huu02TWY=; b=MfQDpsFcz22GDvgh0mf098YMZZUt1gn/JPfU+4fXl3z+lGKIIRxNvUp7frZ8DaLciq CIpcvsyHlvEbtrtese59C2/hVToMS0Kz56hWlJviesKAekjHLiURkfpYnEwfktVr0GW+ BGc3rhc/wNt2ZrQSCznYMnETbykl1c0eZmZHzZA6v5z0C03a+tLN4qDdvDSkdeiXpQqs syMt14uMo4xLULn1oZZG2IBvtWv6KZJ84THlagiIjUPjOmast9aXkUb+i3TeGlQu/fus De0aEklcjHWjOshj/ueKKP15nq/Q/BTIRwwMwCzrXqxvi7AUcpcr4ypzid5mQavSU5Ux Ofiw==
X-Gm-Message-State: AFqh2kp+2bw1f+hwBKfBO086v8LhDlyGa7OnXBX7r8TGh+owM++IBZAf QiWt43rYhD8UM/PmgycHRsb5R+JXhGU0alA8odY=
X-Google-Smtp-Source: AMrXdXsukK//chYdtgmQvizOPysq3QjVj3DMEL55URogelekx0BKhBV6NuQFmKNyqqmtVcgh0qmVYV77thc81k9QAQo=
X-Received: by 2002:a0d:e742:0:b0:4d3:94e8:6888 with SMTP id q63-20020a0de742000000b004d394e86888mr5037253ywe.288.1675128306687; Mon, 30 Jan 2023 17:25:06 -0800 (PST)
MIME-Version: 1.0
References: <CACsn0c=uPvp_hmakpfPff8WkYh1q9NhjfTJYs7iFu_czL2yAyA@mail.gmail.com> <CAFTXyYBCZRgBpJ_j1AQSek7Dm7tjW3hAg8h06+hL4iXZ8iDbog@mail.gmail.com> <Y9eVt/hf8vlUPpkB@LK-Perkele-VII2.locald>
In-Reply-To: <Y9eVt/hf8vlUPpkB@LK-Perkele-VII2.locald>
From: Tadahiko Ito <tadahiko.ito.public@gmail.com>
Date: Tue, 31 Jan 2023 10:24:55 +0900
Message-ID: <CAFTXyYBiZ+LGSXS9M6MEC_j4gtZ8O09rTyPZ=7jVwHdxc_YXBg@mail.gmail.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>
Cc: spasm@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ac619505f3853314"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/70-LuTKlWjscPbtbpgyCyhgyAto>
Subject: Re: [lamps] Hybrid pkix isn't needed
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 01:25:09 -0000

Hi Ilari

> And OCSP signing is very different from code-signing or time-stamping.
Thanks, it is true that lifetime of signed data is much shorter for OCSP.

> The simplest is probably multiple independent signatures, assuming
> whatever system actually supports that.

I believe that approach also works with bonded (or linked) certs for some
systems.
certs can be linked, but also able to use as independent certificates and
signatures.
(it is not critical, so some systems may just ignore extension and use as
independent certificates)

system seems to also be able to migrate their approach anytime after
migration of data format or CA systems.

Regards Tadahiko

2023年1月30日(月) 19:02 Ilari Liusvaara <ilariliusvaara@welho.com>:

> On Mon, Jan 30, 2023 at 02:46:50PM +0900, Tadahiko Ito wrote:
> > 2023年1月30日(月) 8:43 Watson Ladd <watsonbladd@gmail.com>:
> >
> > >
> > > I don't think linking certs or special provisions for hybrid
> > > encryption or authentication are a good idea.  A hybrid encryption
> > > scheme should be an encryption scheme with a public and private key,
> > > just like any other key you can put in the PKIX.
> > >
> > > Authentication breaks are not retroactive:
> > Could you clarify if signing purposes ( code-signing, and OCSP signing,
> > time-stamping, etc.) is outside the scope of your comment or not.
>
> Well, the comment said "encryption or authentication" (and also talked
> about "ECDSA"), so presumably "authentication" mainly refers to signing.
>
> And OCSP signing is very different from code-signing or time-stamping.
>
>
> > I am not sure if we need bonded certs or hybrid cert for those use-cases,
> > but it might be better to have some mechanisms for those use-cases.
>
> Well, for code-signing or time-stamping, I don't think either of those
> works very well:
>
> - Bonded certs are extremely complicated.
> - Hybrid certs need to be backward-compatible for depoloyment reasons,
>   which requires very nasty hacks.
>
> The simplest is probably multiple independent signatures, assuming
> whatever system actually supports that.
>
>
>
> -Ilari
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm
>