Re: [lamps] CMS: selection of key management technique to use for EnvelopedData
Russ Housley <housley@vigilsec.com> Sat, 24 December 2022 20:06 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14712C14F749 for <spasm@ietfa.amsl.com>; Sat, 24 Dec 2022 12:06:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id krtz-5MhoGBk for <spasm@ietfa.amsl.com>; Sat, 24 Dec 2022 12:06:32 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0DE7FC14F72C for <spasm@ietf.org>; Sat, 24 Dec 2022 12:06:32 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 02373111E85; Sat, 24 Dec 2022 15:06:31 -0500 (EST)
Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id CDD0D111DA6; Sat, 24 Dec 2022 15:06:30 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <E81F066B-6541-4594-A35C-7553EA7B21CE@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_75C89E68-91A8-4B36-82A8-294F7D1FCACD"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Sat, 24 Dec 2022 15:06:30 -0500
In-Reply-To: <0aedcb9cef4436867986ae78baf64b56cd87c505.camel@siemens.com>
Cc: LAMPS <spasm@ietf.org>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "von Oheimb, David" <david.von.oheimb@siemens.com>
References: <b8c681f4f7e6728ecec2cb848e43f2228c4cba7a.camel@siemens.com> <db687565617dde5cc08fcedf0f39241255bb5ac8.camel@siemens.com> <E3949494-08FA-4558-8FFA-1FA7143FD61E@vigilsec.com> <c671f3550a3c422398ded9aa687432aabc9731e1.camel@siemens.com> <CAB18899-660F-4BC5-92FB-9A3B7AF7290D@vigilsec.com> <0aedcb9cef4436867986ae78baf64b56cd87c505.camel@siemens.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.10 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Co0V5ccZenqPuqcaXs0s2euRaaA>
Subject: Re: [lamps] CMS: selection of key management technique to use for EnvelopedData
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 24 Dec 2022 20:06:33 -0000
David: > I wonder why nobody brought this up before - > maybe simply because cryptographically educated users of CMS know (and others should learn by failure) that RSA does not support key agreement and ECC does not support key transport. The CMS-related algorithm specifications make it pretty clear. For example, RFC 5753 tells ho to use ECC Algorithms in CMS. I do not see how an implementer would try to use KeyTransRecipientInfo after reading that document. Maybe some pointers are needed in CMP in the central key generation section. Russ
- [lamps] CMS: selection of key management techniqu… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Brockhaus, Hendrik
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… Brockhaus, Hendrik