Re: [lamps] Double signatures

Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 11 September 2018 14:02 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5B7C6130DDB for <spasm@ietfa.amsl.com>; Tue, 11 Sep 2018 07:02:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qt3wqIY0YNE9 for <spasm@ietfa.amsl.com>; Tue, 11 Sep 2018 07:02:44 -0700 (PDT)
Received: from mail1.bemta23.messagelabs.com (mail1.bemta23.messagelabs.com [67.219.246.215]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2C047130DC6 for <spasm@ietf.org>; Tue, 11 Sep 2018 07:02:44 -0700 (PDT)
Received: from [67.219.246.196] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-3.bemta.az-c.us-east-1.aws.symcld.net id C0/E4-30461-30BC79B5; Tue, 11 Sep 2018 14:02:43 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA+NgFprFLsWRWlGSWpSXmKPExsVyXm+xmC7T6en RBgv3iVlM6v7MaDHvWrLF+uuTWR2YPU5dlPJYsuQnk8fhie+YApijWDPzkvIrElgz1p1+wlbw 4xJjxdnbp1gaGNcdZuxi5OJgEehhlnh44QGYIyQwgUli4pvjUM4DRol/89qZuhg5OdgEDCSu7 T0OZosIlEr8WPmEGcQWFlCT2DP7MDtEXF1i7sIFbBC2n8S7M3uABnEArVCVOLYlDCTMKxArse fKKaj5HUwShzYuBpvDKWAmsXXLVrA5jAJiEt9PrQHbxSwgLnHryXwwW0JAROLhxdNsELaoxMv H/1gh6mMk5n4+BBWXk2h4uYkFwpaVuDS/G2yZhMB+doljZ/9BFelKfJg6lRnC9pVY93gbE0TR JUaJBw2djBAJLYnm9d1Qm3Mk9vxrgmqIkdi59w8TzLZVvQ9ZIJq3Mku8n30PqllGonHiDqjVH WwSd58/BesQEkiRmLIK5FaQxARmiVu3b7BNYNSaheTXWUA5ZoEFjBLrvt5ingUONUGJkzOfsE AURUncej+fFcLWkpi69hVUXFti2cLXQPUcQLamxLHLSqjC7EC2jcSWFIioosSU7ofsELaZRNu 5j2wLGLlXMZomFWWmZ5TkJmbm6BoaGOgaGhrpmulaGuslVukm65UW66YmFpfoGuollhfrFVfm Juek6OWllmxiBKbKlAK22B2MG7vSDzFKcjApifJuzp0eLcSXlJ9SmZFYnBFfVJqTWnyIUYaDQ 0mCN/sUUE6wKDU9tSItMweYtGHSEhw8SiK8KSBp3uKCxNzizHSI1ClGe45zKydNYuY4cm8KkL wAJv+8nzqJWYglLz8vVUqcVxWkTQCkLaM0D24oLMtcYpSVEuZlZGBgEOIpSC3KzSxBlX/FKM7 BqCQMcRtPZl4J3O5XQGcxAZ217vwUkLNKEhFSUg2MDekr5qzYMjd7y+dHzAV1VhN/n2KurSqq z5s35fDbxd1akba2MWu6l39qjV9SUjXvOOPThBrrv1lO7DPnaIh6WYmvYfP9X+95bsq6pdUfp ts+cH0pdlTaIiWUb0Lffg4GuVnVa5mnr/yrUFb1jD0/yvn59oQNrh0CPD43wtacZzzHON8652 aDEktxRqKhFnNRcSIAjtSnJy0EAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-35.tower-404.messagelabs.com!1536674561!166705!1
X-Originating-IP: [207.46.163.22]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.14.24; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 8444 invoked from network); 11 Sep 2018 14:02:42 -0000
Received: from mail-dm3nam03lp0022.outbound.protection.outlook.com (HELO NAM03-DM3-obe.outbound.protection.outlook.com) (207.46.163.22) by server-35.tower-404.messagelabs.com with AES256-SHA256 encrypted SMTP; 11 Sep 2018 14:02:42 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=l2TMvXUtx9cSVEEJjPBNRtGkElWm9iqaBef3AVEii54=; b=QcZtZwMVAn9/XDho5NKz9/UHWU8QoFVWCk9Sv68gHirlpB/ie0CnBmpviAqJ2zz9IvnR+4NfAhU8igLEDaExNp5dL3HWydRuThYjceK8l8d1H9kZKXqv6SJHwNM5cRwOf/Sz6WFXcXvbtHThVzrtQx3HRc8pgi6EbqqEwuHqwZY=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.15; Tue, 11 Sep 2018 14:02:37 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9%11]) with mapi id 15.20.1122.020; Tue, 11 Sep 2018 14:02:37 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Erik Andersen <era@x500.eu>, 'SPASM' <spasm@ietf.org>, "x500standard@freelists.org" <x500standard@freelists.org>
Thread-Topic: [lamps] Double signatures
Thread-Index: AdRJE8Ft784CpTSnSY6kx9oi8PdHNwACpPmAAAKWXAAAAGJ/gAAdEOUAAA5DsMA=
Date: Tue, 11 Sep 2018 14:02:37 +0000
Message-ID: <BN6PR14MB110623B94ED97509FAE9F71283040@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <005a01d44916$7c9cb560$75d62020$@x500.eu> <CAErg=HHhU9H-Ng8sUtXu2S+F0fr2tLOX6=8UR77gz0YLqtGyaA@mail.gmail.com> <004a01d44928$b1500d40$13f027c0$@augustcellars.com> <04ce01d4492a$39400ce0$abc026a0$@gmail.com> <003601d4499e$7c8be3b0$75a3ab10$@x500.eu>
In-Reply-To: <003601d4499e$7c8be3b0$75a3ab10$@x500.eu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [8.46.76.26]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1106; 6:ydtMLc1iQuGvHPTlmuHoFWYA/QUl6PjOt/Zz1DVVSZh7pCCsZ/hLdLtGwtHzsflpXtXyTzSDQOl0a0fBZcxQICF5j2SyTXLUDMj+IIpxmDhWxauYhllk85qMCT85wUDvZt4JSsw/ZcGvjMikXJ2oqirWa/DoC7WUBnNCksT1gzluUS3c60hkTZP6x0Q0sejjX+k0gXeDkF/7DSh/ohW5RDxx3iVtvX5LNsh+yh4q9vZhK3Y+5mHc/k0cYxDO5ccMd4lQr6j9M8R14CbdRCAKL0919JgumXCUP2C0Hf34BLhxGVd8m8tzuy9QqF61dLVXaBmEcqYWOCTAxSr83KL91zSxz9/NObIAnL17tFdBcW9X0Wu1diLJXZnRlZv2BOCearcj1ZMGqe6Dzg8QabTzyiZNcOifn8wgevFqccNoRNL3lxiPsCZssTAjG4/Km7p4XSryRS6hQdIZXcsuq8PLuQ==; 5:+2sYBHIF2lclngy4ZRUUrTRy4DQV2JlzWXxd3uMEXCmGhYWxIRzvdakWdSFrXd6OTdKFi6fq8jMa2iU2do6fQJGQZ/JL/4h759YltcgkXvbKW3ls9CqbJcS5Ru75/jYtJri1rtRlcoPTakwJ4boHwonZx36exxtqO7PW7VEiWYQ=; 7:5JGeTKlOHcLkwzFHQTZAR/NuM0XN6S7kNGdc7igIip7n8I1i1T3HWcb58Xn6qfPEZRqHOMu63LItWXu/0FuVCjESKqi7+Tvcm5u7CBWA1IdFdBTETvLfZSLa03njizUDLwteipofw4pcrZXzbKAm03SIPQ7cutxCbEGpUSPSF77lljYKG47F+gjb9F3b40XlOSfLgapOWypxrjH+30Erw045B4/wsyxPeqHaRcd3faxJmaAF9HdmtLr8YscnU2Mn
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: abc6016e-e245-41d9-dd28-08d617ef3b17
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1106;
x-ms-traffictypediagnostic: BN6PR14MB1106:
x-microsoft-antispam-prvs: <BN6PR14MB11066D86D9D6CA0682398AD183040@BN6PR14MB1106.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(3002001)(10201501046)(93006095)(93001095)(3231311)(944501410)(52105095)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123562045)(20161123560045)(20161123564045)(20161123558120)(201708071742011)(7699050); SRVR:BN6PR14MB1106; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1106;
x-forefront-prvs: 0792DBEAD0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(346002)(396003)(136003)(366004)(376002)(189003)(199004)(55016002)(8936002)(6306002)(54896002)(105586002)(9686003)(106356001)(6436002)(561944003)(66066001)(2906002)(236005)(6246003)(8676002)(81156014)(81166006)(33656002)(53936002)(93886005)(14454004)(606006)(5250100002)(478600001)(966005)(97736004)(2501003)(68736007)(25786009)(86362001)(3846002)(74316002)(790700001)(316002)(110136005)(6116002)(256004)(7736002)(7696005)(99286004)(26005)(186003)(76176011)(44832011)(486006)(11346002)(2900100001)(446003)(102836004)(476003)(6506007)(53546011)(229853002)(99936001)(5660300001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1106; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: g6U3/8MXR/PC1XGRFl7rjrAiZD+g4au5P84L55ZzBJ1jrb/4a50dztdr8mn37G3l3Ob3OkPZLECBhVjkzwpctk46gwfzVJsQBXK2lahtTYSkS99yTAyGuQ7X/XuhJapkc9PmE7HaZOr29nus9s80rXqZvVQd6AFgAAEj3yhQoWG0Y4uWD2FjfahOVuYZhW7Jrt3mEsScmCzkLqNPl5U4znEIYhGKx+CzXh2ngy5zO9S/avyG2bG5Qdl44Y0x3bLtdBAGtJ08kkaLNYWBBcXfAIAcsjdHkLq3i26SXbt0Ca5+TXXyOlCbARpx6yK9K+nEid2TEQcme0APUkCvxOOQjVWbnWHf/bk2vidLLklSgGc=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_03B3_01D449B6.831935D0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: abc6016e-e245-41d9-dd28-08d617ef3b17
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2018 14:02:37.3744 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1106
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/h48TQh64RQqQJyAGDLt16ZYIoxI>
Subject: Re: [lamps] Double signatures
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 14:02:49 -0000

Doesn’t the combinatoric explosion render this completely impractical?

 

You need N_c x N_pq algorithm identifiers just to handle the simple hybrid use case where a single classical algorithm is being used in conjunction with a single post-quantum algorithm.

 

And there are people who want to use multiple post-quantum algorithms to hedge against potential yet to be discovered weaknesses in post-quantum algorithms.

 

I’m not really looking forward to trying to allocate or manage O(N_c x N_pq^3) algorithm identifiers…

 

-Tim

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen
Sent: Tuesday, September 11, 2018 3:10 AM
To: 'SPASM' <spasm@ietf.org>rg>; x500standard@freelists.org
Subject: Re: [lamps] Double signatures

 

Hi Santosh,

 

You have proposed something like this before. It still puzzling in my brain. As I understand, it requires that we define a particular algorithm that has a parameter that includes the things you suggest. It is worthy to be analysed.

 

Erik

 

Fra: Spasm [mailto:spasm-bounces@ietf.org] På vegne af Santosh Chokhani
Sendt: 10 September 2018 19:18
Til: 'Jim Schaad' <ietf@augustcellars.com <mailto:ietf@augustcellars.com> >; 'Ryan Sleevi' <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com> >; era@x500.eu <mailto:era@x500.eu> 
Cc: 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> 
Emne: Re: [lamps] Double signatures

 

Why not let algorithm identifier dictate the number of signatures and their syntax?

 

From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Jim Schaad
Sent: Monday, September 10, 2018 1:07 PM
To: 'Ryan Sleevi' <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com> >; era@x500.eu <mailto:era@x500.eu> 
Cc: 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> 
Subject: Re: [lamps] Double signatures

 

Ryan,

 

The discussion in London dealt with a completely different proposal than this one.  While I think there are problems with this that need to be dealt with they are mostly not the same set.

 

Erik,

 

Why is this considered to be a preferred solution to defining a new signature algorithm which contains as the parameter the sequence of algorithm identifiers and as the signature value a sequence of signature values.  The problem with just defining the extension to SIGNED is that one needs to make sure that the set of signature algorithms and parameters are also part of the data to be signed and I am not seeing that highlighted here.

 

Jim

 

 

From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Ryan Sleevi
Sent: Monday, September 10, 2018 8:53 AM
To: era@x500.eu <mailto:era@x500.eu> 
Cc: SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> 
Subject: Re: [lamps] Double signatures

 

 

On Mon, Sep 10, 2018 at 10:56 AM Erik Andersen <era@x500.eu <mailto:era@x500.eu> > wrote:

Hi Folk,

 

In ITU-T we have plans to allow for double signatures using the SIGNED parametrized data type defined in X.509 to cope with situation as described in the internet draft: “Multiple Public-Key Algorithm X.509 Certificates (draft-truskovsky-lamps-pq-hybrid-x509-01)”

 

We suggest to enhance the SIGNED data type as shown below:

 

SIGNED{ToBeSigned} ::= SEQUENCE {

  COMPONENTS OF SIGNATURE,

  ....,

  altAlgorithmIdentifier  AlgorithmIdentifier{{SupportedAlgorithms}} OPTIONAL,

  altSignature            BIT STRING OPTIONAL  

  } (WITH COMPONENTS {..., altAlgorithmIdentifier PRESENT, altSignature PRESENT } |

     WITH COMPONENTS {..., altAlgorithmIdentifier ABSENT,  altSignature ABSENT } )

 

We are open to comments. We know that IETF is not a heavy user of this data type.

 

We have no intention to use this extended data type for certificates and CRLs.

 

For your information, SIGNATURE is defined as:

 

SIGNATURE ::= SEQUENCE {

  algorithmIdentifier  AlgorithmIdentifier{{SupportedAlgorithms}},

  signature            BIT STRING,

  .... }

 

>From the discussions in London (101), there were a number of challenges identified during the discussion - https://datatracker.ietf.org/meeting/101/materials/minutes-101-lamps-01.txt - that fundamentally questioned that approach.

 

Has the ITU-T addressed or resolved those concerns? Are they not applicable for some reason specific to ITU-T?