Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
Russ Housley <housley@vigilsec.com> Wed, 28 November 2018 19:57 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69213127B92 for <spasm@ietfa.amsl.com>; Wed, 28 Nov 2018 11:57:07 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qdsOZI7m_qNw for <spasm@ietfa.amsl.com>; Wed, 28 Nov 2018 11:57:05 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id F1A0C1277D2 for <spasm@ietf.org>; Wed, 28 Nov 2018 11:57:04 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id CF0ED300AA4 for <spasm@ietf.org>; Wed, 28 Nov 2018 14:57:02 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oXQmQHtiF-sC for <spasm@ietf.org>; Wed, 28 Nov 2018 14:57:01 -0500 (EST)
Received: from [192.168.1.161] (pool-71-178-45-35.washdc.fios.verizon.net [71.178.45.35]) by mail.smeinc.net (Postfix) with ESMTPSA id 2152F3002C7; Wed, 28 Nov 2018 14:57:01 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <E9467D3D-2FA2-4528-ADA8-89FCD7ABB566@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_48FC0FFB-4410-47F8-B278-ECAFBF832BA9"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Wed, 28 Nov 2018 14:57:01 -0500
In-Reply-To: <046a01d48751$2684dfd0$738e9f70$@augustcellars.com>
Cc: SPASM <spasm@ietf.org>
To: Jim Schaad <ietf@augustcellars.com>
References: <018d01d477fa$97522760$c5f67620$@augustcellars.com> <14A5DD8E-15E3-4009-961C-2E33011E0C44@vigilsec.com> <02fc01d48059$7bd665c0$73833140$@augustcellars.com> <840DC27B-3F3A-4D2D-9944-67007F88DAA7@vigilsec.com> <044a01d48748$acbd9e10$0638da30$@augustcellars.com> <EB3BA34B-F9B8-42BD-9C57-A3FF89B75B80@vigilsec.com> <046a01d48751$2684dfd0$738e9f70$@augustcellars.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/95ovlcLceCEB8Ru5UOudyYExGyE>
Subject: Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 28 Nov 2018 19:57:07 -0000
That bit of ambiguity is what jumped out at me when I was working with my toy implementation. I also discovered that the library that I was using did not easily allow additional OIDs in the key agreement. Russ > On Nov 28, 2018, at 2:32 PM, Jim Schaad <ietf@augustcellars.com> wrote: > > Ahhh yes, I was planning on using the KDF algorithm identifier (assuming it has one) rather than the key wrap algorithm identifier for that step. > > If there wasn’t one then I would probably have asked for one. > > Jim > > > From: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> > Sent: Wednesday, November 28, 2018 11:25 AM > To: Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com>> > Cc: SPASM <spasm@ietf.org <mailto:spasm@ietf.org>> > Subject: Re: Review draft-ietf-lamps-cms-mix-with-psk-00 > > Jim: > > I was saying that KEK1 and KEK2 would use the same AlgorithmIdentifier value in any KDF that was used. For example, KEK1 might come from ECDH with the X9.63 KDF, and then KEK2 would come from the HKDF as described in the I-D. Both KDFs require an AlgorithmIdentifier as an input. > > Russ > > > >> On Nov 28, 2018, at 1:32 PM, Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com>> wrote: >> >> I don’t know if this is more clear or not. >> >> I am not sure that I agree that this demonstrates why KEK1 and KEK2 ought to be the same length, to me it only shows why len(KEK1) >= len(KEK2) is a required factor. >> >> I don’t care enough to say you should change things however. >> >> Jim >> >> >> From: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>> >> Sent: Tuesday, November 27, 2018 12:22 PM >> To: Jim Schaad <ietf@augustcellars.com <mailto:ietf@augustcellars.com>> >> Cc: SPASM <spasm@ietf.org <mailto:spasm@ietf.org>> >> Subject: Re: Review draft-ietf-lamps-cms-mix-with-psk-00 >> >> Jim: >> >>> * I am missing the discussion about what the KDK length is going to be for a >>> key agreement algorithm. Am I just blind? >> >> >> I have been playing with a toy implementation to make sure that I have sorted out all of the issues, and I think that the key agreement needs some fine tuning, not so much in what is actually going on, but more in the way that it is explained. >> >> I think this processing description will make more sense, and it will encourage the intended code reuse... >> >> 1. The content-encryption key is generated at random. >> >> 2. The pairwise key-encryption key is established for each recipient. >> The recipient's public key and the sender's private key are used >> to produce a pairwise symmetric key-encryption key, called KEK1. >> >> 3. The key derivation function (KDF) is used to mix the pre-shared >> key (PSK) and KEK1, and the result is called KEK2. >> >> 4. The KEK2 is used to encrypt the content-encryption key. >> >> KEK1 is not actually used to encrypt anything, but it allows existing DH and ECDH implementations to used without any modification. >> >> I think this also makes it very clear why KEK1 and KEK2 ought to be the same size. >> >> Russ
- [lamps] Review draft-ietf-lamps-cms-mix-with-psk-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley