Re: [lamps] Proposed addition of hash-based signature algorithms for certificates to the LAMPS charter
Tim Hollebeek <tim.hollebeek@digicert.com> Mon, 12 November 2018 16:06 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AEEA912F1AC for <spasm@ietfa.amsl.com>; Mon, 12 Nov 2018 08:06:34 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.481
X-Spam-Level:
X-Spam-Status: No, score=-0.481 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.47, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gzLmDVAUYMVU for <spasm@ietfa.amsl.com>; Mon, 12 Nov 2018 08:06:31 -0800 (PST)
Received: from mail1.bemta23.messagelabs.com (mail1.bemta23.messagelabs.com [67.219.246.212]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 76B9D130E4A for <spasm@ietf.org>; Mon, 12 Nov 2018 08:06:31 -0800 (PST)
Received: from [67.219.246.100] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-2.bemta.az-b.us-east-1.aws.symcld.net id 3F/29-10938-605A9EB5; Mon, 12 Nov 2018 16:06:30 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTf0wTZxjHee+u1xM5fS0ozwjobIKJkGtakin ZFExMDEZNDH+YTF3ksLe2S3uUXjvBZFmV6Ij4A6oINlZQ8BfKEhAzM3RLWIaKv6ZTfqiRVEi0 FQlmZW4a0Tve4o9/3nzyfL/3fJ/nzXscbajTp3FSmVfyyKLTyCYy/Z93pArM8cgG86lf+Nzo0 wF9bmAwhHKP9G5eRhc0N/9PFVR0djIFLQ9jurX0ep1DLi4pK9LZK6oqWff4eVT2Z2yb3o8On0 a7UCLH4N00/F5ZRe9C0zgDrqag41aGJhjwIIIT/X+xmsBiM/ReukxpnIIXQLjuuk5jGufD4PY jKnNcMnbDRHANsZTCldf7GcIrINC2Y5IZnAnt3beRxjz+Bq7W/KEjuSEKrj3/TmszDRfCyXCm VkZ4DrzsOUuRpFS4P9wwyYBTIHz7Gkt4NkSGJnTEvxFC/3TF63PBH2lnCGfAnYYqRLiPhX018 wgLMFZbS2uxgNfAlXqrtjngBwhC29ri/iwIRy7rCDthcCjGEFMjgid7HqKpsJY94bgwQMNAKB IX0qG3ez9LhB4WDlU0MWRjKxxo6WKrUXbwo+2Cqo/WOg+9GtcHJ29pFlw9NMwQ03oI9HVShLO gtjUar2fDiaPP6KC6Bo0XQvffxk/LepWXQIeVVOfDgaqwnvAi2HnzBduIpregRcUeh83udYkO p2AxmwWLJUcwCzmWHJO4VSg2+RRBEhWvYDGJWxSTUu7a7LSaZMnbjtQnaXUn3L2Afj5u60Kfc ZRxNq8/GtlgmFFcYi23i4p9k8fnlJQulM5xRuDZZlWb5ZFsUtm3Dqf6rqdk4JKMKfyzJlXmFb foUhw2IvWgfG608W0dze19sKOe5h7XV6rnqHYaGLlEltJSeUrrirXP7D75fdOp/+UOykhL5lF CQoIhyS15XA7vp3oUpXLImMwv17okOWTv++yoOhaljuWNPNHG8oofpDQ/uhTDj44t9bc2mZ6f vym//C9ZHt8eamVWWqJ5qx7fqPEVdodKRl+M+GfeCuxlR387V3/wrKtuWagmuPrN8saffOtK5 +c7874a2bfge7f+37Z5P1L09C9/pX4Yu9iQ/vV9PJ6YN3Y38Yvm8kD/mWEm3VJ4z/Y0JXviQq y3Qywa4RZXNxgZxS5asmiPIr4D+Va+jyoEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-20.tower-384.messagelabs.com!1542038787!1870632!1
X-Originating-IP: [216.32.180.23]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.14.24; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 2917 invoked from network); 12 Nov 2018 16:06:28 -0000
Received: from mail-sn1nam02lp0023.outbound.protection.outlook.com (HELO NAM02-SN1-obe.outbound.protection.outlook.com) (216.32.180.23) by server-20.tower-384.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 12 Nov 2018 16:06:28 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sy+Mg6CDkIaRZBbnhBDAe/FWxibJ3RE/Dzu2tGAuseI=; b=h+RsHBFJ+Zvr5UpInKXJCP8aLyem1wOPMqcEIzOsaRlT9kV80K6m/V6K5BKKZ1Z7WtOKooK2NIYMF+FccvSMwcwkcwGlPdRZsQZZP7UnBKNLKdqn2AXxdPwb9nG5U1udabcieCkDsSkxEPOb8B428PosxichPLXyQVMe3Tn/gkA=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1124.namprd14.prod.outlook.com (10.173.161.21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1294.27; Mon, 12 Nov 2018 16:06:25 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::c068:bfe2:cb64:217c]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::c068:bfe2:cb64:217c%9]) with mapi id 15.20.1294.044; Mon, 12 Nov 2018 16:06:24 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Ryan Sleevi <ryan-ietf@sleevi.com>
CC: Russ Housley <housley@vigilsec.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] Proposed addition of hash-based signature algorithms for certificates to the LAMPS charter
Thread-Index: AQHUdk0m7MhkaGRmnECyDCOzRnEIM6VGWnAAgAXiAOCAABTGAIAABDIQ
Date: Mon, 12 Nov 2018 16:06:24 +0000
Message-ID: <BN6PR14MB11065CA3D3DA75CF3003096183C10@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <3653FE62-CD11-47D1-A9DB-5C6FF4AD8498@vigilsec.com> <CAMfhd9WiqpH96UVTOxmeu50yw5N0ACtxk+5X3dax7tnT_+wpbQ@mail.gmail.com> <BN6PR14MB1106B0554634CADF97A3465783C10@BN6PR14MB1106.namprd14.prod.outlook.com> <CAErg=HE33Vfd8xVDFAi9Zf=Kfgmop18oyY3Qwg9GcpZTHGCkJg@mail.gmail.com>
In-Reply-To: <CAErg=HE33Vfd8xVDFAi9Zf=Kfgmop18oyY3Qwg9GcpZTHGCkJg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [8.46.76.26]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1124; 6:2dz9W7EJ38sum178/uNdsZeeYCyEBRIlcvm+aX/wEE+AnqnC6IZBbU3J5Pi4lL2/QjhtcuWRIyWOQEXlXFVM4izd0feBl6OTdDZyqqpxij4rkn4QhsqcClPyPfW+E2ibgR1XpZ0bKTmbLhAU6UzRioVcjGnV3w7TVyNCxGGOmF1aaRZYZojnUA0IoelKjM3higArB53Sh6B9heSdHRqZVK0YQif/gRUPIgx5Q0ztvXBF744Kt7wMILt6Rvgt9WBJlpDL6Hdyw/iLGR/jWEJOPS9FNOtTuwIiuSi3Fmfy34TI9N65bVBnG3wA9GBSYfuSpqCKSkOtebPZ1EguvI7fBnkGPbpjYhRWYupkncjNhsyzGuEAKXnmTp/EtuC8xqQCRlisOmY5X+3jBu+bFGM3wgFahIZQtSMopRcNKLMIpsAmLo3PH4M5RCb4tiNeUpBM4M6QAuuuzJtww65KMkXLHg==; 5:BI65TBCW0mz27d9+gGZW5QdhUqX9tq7D9s/5xFeNMcW65rftf7rXj3HBk06x+AuECqvldFi2taNBKxkOC4gu7Ij2YdcE2+Xe8j/PQilYGDijsG2r09OHQDUiuFQOcHM90DdIi4qw3dUgvBckMbF+r6sROZnK6CK1yjdXFwpcwfg=; 7:SImjg+0pQTvVn/0JZCoydbYpQlzesGEHBoxdk43BmS5lBM7jpEOip+AUfNLnY3ERBaizzGLPIM5tx5FkNQn3EqAWnwseCQ9KzCCY87y78ZunJFnxEqg9hC3siSE1FSFXta2bpbzjeBzLz9HrqrEIAA==
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 99f783ec-1c46-4adb-10ad-08d648b8cbc4
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390040)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1124;
x-ms-traffictypediagnostic: BN6PR14MB1124:
x-microsoft-antispam-prvs: <BN6PR14MB1124821AA53A4D16D181FA8383C10@BN6PR14MB1124.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(192374486261705)(158342451672863)(21748063052155)(28532068793085)(190501279198761)(227612066756510)(258766100185102);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(3231382)(944501410)(4983020)(4982022)(52105112)(3002001)(93006095)(93001095)(10201501046)(148016)(149066)(150057)(6041310)(20161123562045)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(201708071742011)(7699051)(76991095); SRVR:BN6PR14MB1124; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1124;
x-forefront-prvs: 0854128AF0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(376002)(366004)(39850400004)(346002)(396003)(189003)(199004)(33656002)(102836004)(93886005)(74316002)(8936002)(6916009)(5660300001)(186003)(14444005)(99936001)(53936002)(68736007)(54896002)(14454004)(6306002)(9686003)(7696005)(236005)(26005)(966005)(19273905006)(54906003)(6246003)(256004)(53546011)(229853002)(55016002)(478600001)(25786009)(2906002)(6436002)(99286004)(97736004)(66066001)(476003)(6506007)(8676002)(486006)(76176011)(106356001)(606006)(790700001)(6116002)(3846002)(105586002)(44832011)(4326008)(71200400001)(2900100001)(7736002)(446003)(71190400001)(81156014)(81166006)(316002)(86362001)(11346002)(21615005)(562404015)(563064011); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1124; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: DG2FUtw7TfwQA9EecuXX8Yth2rWRmHefqHRHqM/wqYGVXeRNpUxYBw3LXtxoCnHq2Sa99p4mZ1+nBgcv14LbpPVyIP9ULrB2wnbdXvodk2G3qLFKq2ZjhawazR+zQXln2X4RHMGl45iJpHbE2mt7IqPSO/jkVs7E9WiE1M4f9vZCeHg2xD149P+3zESU5AQHSu3KuLILP2Eq0M9aLweTTGRAsAXl80/RkfNhC3CWgMoNu1edBrMr+0yFBp788MYKJMk6ho0yWYJTDydAp0pvlvppgkq4nIXYSDVJLaCsNoVBKqLuSLNHfcwOo7X5d8B/JPkYRTxYMgetqMNunib2N0+wH/akiF8u0b5j4Ig7/QI=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_0194_01D47A5E.94D50550"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 99f783ec-1c46-4adb-10ad-08d648b8cbc4
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Nov 2018 16:06:24.7288 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1124
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/1E72ePW-zmyk-1YJO5zk1lj38Bc>
Subject: Re: [lamps] Proposed addition of hash-based signature algorithms for certificates to the LAMPS charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Nov 2018 16:06:35 -0000
Most people disagree with you, including NIST. Another example: http://www.pqsignatures.org/index/hbs.html “While the security of other post-quantum cryptographic schemes like lattice-based ones is still object to further research, hash-based signatures are well understood.” Second, hash-based signatures have already been standardized by IETF, while stateless schemes have not. -Tim From: Ryan Sleevi <ryan-ietf@sleevi.com> Sent: Monday, November 12, 2018 7:47 AM To: Tim Hollebeek <tim.hollebeek@digicert.com> Cc: Russ Housley <housley@vigilsec.com>; SPASM <spasm@ietf.org> Subject: Re: [lamps] Proposed addition of hash-based signature algorithms for certificates to the LAMPS charter On Mon, Nov 12, 2018 at 9:35 AM Tim Hollebeek <tim.hollebeek@digicert.com <mailto:tim.hollebeek@digicert.com> > wrote: (chair hat off) Reconstituting a CT log server from a backup is similarly catastrophic. Could you elaborate on why you believe that’s relevant? I have some suspicions, but before I point out the flaws in an argument you may not be making, it seems useful to understand exactly what connection you see between that and a discussion of certificate signing algorithms. The risk you note is certainly something that should be carefully addressed in the draft, but I think throwing stateful signatures out of IETF entirely because of it is a bit of an overreaction. That’s fairly dismissive, even if couched in “a bit”. Do you disagree that the stateless signatures offer equivalent security and with better usability than stateful signatures - something that other WGs have been prioritizing or requiring of their work product for half a decade now? What makes this WG unique? -Tim From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Adam Langley Sent: Thursday, November 8, 2018 12:42 PM To: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> > Cc: SPASM <spasm@ietf.org <mailto:spasm@ietf.org> > Subject: Re: [lamps] Proposed addition of hash-based signature algorithms for certificates to the LAMPS charter On Tue, Nov 6, 2018 at 7:51 PM Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com> > wrote: The SECDISPATCH WG met on Tuesday afternoon, and they made this recommendation: > draft-vangeest-x509-hash-sigs-01 -- re-charter LAMPS WG to accept this draft Three questions: 1) Do you support the addition of this work to the LAMPS charter? No: The signature schemes in the draft are stateful and sudden-death: the penalty for mishandling the state is huge. This contrasts with every signature scheme ever (I believe) deployed and thus with every current process. For example, reconstituting an HSM from smartcards would be a fatal error with such a scheme. These schemes hedge against a valid risk, but at the cost of introducing a much larger one. The contexts in which stateful & sudden-death signatures are plausible are so specific and controlled that standisation in X.509 would be immaterial to them—they are not multi-lateral enough that whether something has an RFC or not matters. On the other hand, standisation implicitly hints that the thing being standardised is somewhat reasonable. So, on balance, I don't think the integration of stateful schemes into formats and protocols is a suitable subject for the IETF. AGL -- Adam Langley agl@imperialviolet.org <mailto:agl@imperialviolet.org> https://www.imperialviolet.org _______________________________________________ Spasm mailing list Spasm@ietf.org <mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Proposed addition of hash-based signature… Russ Housley
- Re: [lamps] Proposed addition of hash-based signa… Salz, Rich
- Re: [lamps] Proposed addition of hash-based signa… Yoav Nir
- Re: [lamps] Proposed addition of hash-based signa… Tim Hollebeek
- Re: [lamps] Proposed addition of hash-based signa… Panos Kampanakis (pkampana)
- Re: [lamps] Proposed addition of hash-based signa… Daniel Van Geest
- Re: [lamps] Proposed addition of hash-based signa… Dr. Pala
- Re: [lamps] Proposed addition of hash-based signa… Adam Langley
- Re: [lamps] Proposed addition of hash-based signa… Dr. Pala
- Re: [lamps] Proposed addition of hash-based signa… Adam Langley
- Re: [lamps] Proposed addition of hash-based signa… Tim Hollebeek
- Re: [lamps] Proposed addition of hash-based signa… Ryan Sleevi
- Re: [lamps] Proposed addition of hash-based signa… Tim Hollebeek
- Re: [lamps] Proposed addition of hash-based signa… Ryan Sleevi
- Re: [lamps] Proposed addition of hash-based signa… Stephen Farrell
- Re: [lamps] Proposed addition of hash-based signa… Daniel Van Geest
- Re: [lamps] Proposed addition of hash-based signa… Adam Langley
- Re: [lamps] Proposed addition of hash-based signa… Benjamin Kaduk
- Re: [lamps] Proposed addition of hash-based signa… Adam Langley