IETF Logo Mail Archive

Re: [lamps] AD Review: draft-ietf-lamps-cms-aes-gmac-alg-02

Roman Danyliw <rdd@cert.org> Fri, 05 February 2021 21:31 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7165E3A0B62 for <spasm@ietfa.amsl.com>; Fri, 5 Feb 2021 13:31:18 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SYHyhuFfzQlP for <spasm@ietfa.amsl.com>; Fri, 5 Feb 2021 13:31:16 -0800 (PST)
Received: from veto.sei.cmu.edu (veto.sei.cmu.edu [147.72.252.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BFFB53A0B60 for <spasm@ietf.org>; Fri, 5 Feb 2021 13:31:16 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by veto.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 115LVF1u019431 for <spasm@ietf.org>; Fri, 5 Feb 2021 16:31:15 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 veto.sei.cmu.edu 115LVF1u019431
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1612560675; bh=+DRjNyEzPUDN62noHrQHi48tPzDLVWwad0FiNdCxAXg=; h=From:To:Subject:Date:References:In-Reply-To:From; b=bL6TTicCJxz1H+A28nd3hrLXd6WgfOTM7VsA58L8S7WqgvNjd8cTTggk56gOmOeop exnkiQHba/y5zm/19mqHoGQ3mtaFhzZvTbO7+BGtJiSgN8+uGnapq5ezDw25eqnalj YAiinGxocWD0SkVDpKtcHeqqpAZJf7KvEmT/gICE=
Received: from MORRIS.ad.sei.cmu.edu (morris.ad.sei.cmu.edu [147.72.252.46]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 115LVBgC004306 for <spasm@ietf.org>; Fri, 5 Feb 2021 16:31:11 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MORRIS.ad.sei.cmu.edu (147.72.252.46) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Fri, 5 Feb 2021 16:31:11 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.002; Fri, 5 Feb 2021 16:31:11 -0500
From: Roman Danyliw <rdd@cert.org>
To: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD Review: draft-ietf-lamps-cms-aes-gmac-alg-02
Thread-Index: AdbzfN5BmWxXMmZ4QHOOCC27Bji/LAGzEJdQ
Date: Fri, 05 Feb 2021 21:31:10 +0000
Message-ID: <d4173e5ed4ae4c9498b809246a5fc424@cert.org>
References: <0653df8b1e474cd98cc6e3f06ab69d6a@cert.org>
In-Reply-To: <0653df8b1e474cd98cc6e3f06ab69d6a@cert.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.202.236]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/8Nh7XpSFjy_DcwRqTccExBwV44I>
Subject: Re: [lamps] AD Review: draft-ietf-lamps-cms-aes-gmac-alg-02
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 05 Feb 2021 21:31:18 -0000

Hi!

> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Roman Danyliw
> Sent: Monday, January 25, 2021 9:10 PM
> To: LAMPS WG <spasm@ietf.org>
> Subject: [lamps] AD Review: draft-ietf-lamps-cms-aes-gmac-alg-02
> 
> Hi!
> 
> I conducted an AD review draft-ietf-lamps-cms-aes-gmac-alg-02.  Thanks for
> the work to bring AES-GMAC to CMS.  Here is my feedback:
> 
> ** Questions about the recommendation in Section 3.1 for a 12 octet tag has
> come up a few times [1][2][3].  Thanks for adding the text in -02 to explain the
> origin as being from RFC5084 per [1]. If we decide to go that way, [2] makes a
> good suggestion to also add it to the comments.  [3] acknowledges the
> alignment with RFC5084 but speculates whether 13-year old guidance since
> applies. Like [3] I couldn't find any relevant NIST or RFCs to meaningfully cite.
> In addition to RFC5282, there is also RFC4543 which also recommend 16-bytes
> for the nonce.  However, I'm sensitive to those requirements potentially being
> protocol specific and CMS has a wider set of applications.  As an aside, this
> variability in application should be explicitly stated.
> 
> Is the thinking with [4] to make support for 12 and 16 octets a MUST, with the
> 12 there for parity with RFC5084 and the 16 because we think that's the right
> balance in 2021?
> 
> [1] https://mailarchive.ietf.org/arch/msg/spasm/KrmkF6kkbg8-
> pU4MpjgpTVmxzik/
> [2] https://mailarchive.ietf.org/arch/msg/spasm/T9UhA9T9j85o6VYjT-
> 9D2JnTEic/
> [3]
> https://mailarchive.ietf.org/arch/msg/spasm/7qqXzNFuA1YDFnfHw8oL9OVK_D
> c/
> [4] https://mailarchive.ietf.org/arch/msg/spasm/g1-
> 09MkwebIO3kI0T2sY5nBF2JM/

Answering myself ...

There has been a various off-list multi-party discussions and further search on the tag length topic.  To summarize for later reference, beyond following the previously discussed RFCs, there don't appear to be better academic pointers on attacks or outside SDO guidance to motivate the choice of 12 or 16 octets beyond what we have.  Therefore, let's keep the RECOMMENDED 12 octets when generically referencing CMS which keeps symmetry with RFC5084.  When we get into specific "application domains" (e.g., CRMF), we should consider this case by case.  draft-ietf-lamps-crmf-update-algs  can take a more conservative approach of 16 octets -- which is the current text as of -03.

[snipping all of the other AD review feedback]

Thanks for addressing it in -03.

Regards,
Roman

v2.23.0 | Report a Bug | By Email