IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] X.510

Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Tue, 01 October 2019 15:22 UTC

Return-Path: <prvs=17082832e=Mike.Ounsworth@entrustdatacard.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BDDE9120872 for <spasm@ietfa.amsl.com>; Tue, 1 Oct 2019 08:22:54 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=entrustdatacardcorp.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ncf_NB7Ow1km for <spasm@ietfa.amsl.com>; Tue, 1 Oct 2019 08:22:52 -0700 (PDT)
Received: from mx1.entrustdatacard.com (mx1.entrustdatacard.com [204.124.80.220]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5FC512089D for <spasm@ietf.org>; Tue, 1 Oct 2019 08:22:51 -0700 (PDT)
IronPort-SDR: dRs/hWvnwkFqHtocHJlRf6+W/dJQE+02mZYs9JCB5ATNFfBiWstw77k2ZIZemGiYMvqu8Fa36X fHvwifDrl+jA==
X-IronPort-AV: E=Sophos;i="5.64,571,1559538000"; d="scan'208";a="58266495"
Received: from pmspex02.corporate.datacard.com (HELO owa.entrustdatacard.com) ([192.168.211.30]) by pmspesa03inside.corporate.datacard.com with ESMTP/TLS/ECDHE-RSA-AES256-SHA384; 01 Oct 2019 10:22:50 -0500
Received: from PMSPEX05.corporate.datacard.com (192.168.211.52) by pmspex02.corporate.datacard.com (192.168.211.30) with Microsoft SMTP Server (TLS) id 15.0.1497.2; Tue, 1 Oct 2019 10:22:50 -0500
Received: from NAM02-BL2-obe.outbound.protection.outlook.com (172.28.1.8) by PMSPEX05.corporate.datacard.com (192.168.211.52) with Microsoft SMTP Server (TLS) id 15.0.1497.2 via Frontend Transport; Tue, 1 Oct 2019 10:22:50 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=n3UGSlz4vGuXmG5si4GkIPPJdCXPrDHyFySti9XSouza8ObqVeWlgceTxsOx4/bv0xj/DUOc+fCIBqdcN/c7K7F6pwiUisS9S+/INxEsmdrwcrrIputWQdy+l0tnXKY8f2ZUh4ONrgyiWuc7IkdSOyiqsqLkqTN2VDQr6XcgK/EXIrxBQNIAta4PpweKNNitwctSO01f+YYUtc3+M6n3fxxIYdO0p3jbvC01Ax5vSkyyGqTv4Bw7JS+7oZlAQD3A9v5bDqpxMft7MbImaAmogCWlExJWzIjholcg+vQUo8tPJ5ao05tYTvbH/io/8D/DLnCRrVXOFLy3nrY7KjXCFA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YetR+pqTvDYiBh+nJocK7Wxzr24m7ubHKN/1gpu3Sbw=; b=JqyQYDMe5LcAbYvlR4ibxl2eSXQKrto0gfhzIlOXY39WBaKyoSrpLwftmE+cs1rwFAbjgkYxD//rgCvQqixmgxVPHdo+NQHCceRQT7RlCzPYP5my7JNrPfCPWMALtoINJbOCPBuFziXnXM20RSkkDkRG1YN2Jd4kzvELAIN0uXpiAqYAWrevrGVWVgC6/38HTyTYEaKkmmNb1u8Z8E3WxCiI8KfGn5g8uRuxmdjlQUa/3iHCE9uh/DHlrzO0HEmAFx0Y19khiMpUAUALIVJVdjkcVzjjvIOd9gcTDklw+bDEh8FdPp2Uk3KL16CH/mrmR7QpoGlmg84tTysNd7hVUg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrustdatacard.com; dmarc=pass action=none header.from=entrustdatacard.com; dkim=pass header.d=entrustdatacard.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrustdatacardcorp.onmicrosoft.com; s=selector2-entrustdatacardcorp-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=YetR+pqTvDYiBh+nJocK7Wxzr24m7ubHKN/1gpu3Sbw=; b=QkEQcdtF4lYffUmXJclR9q8cx+7OsCWHyOl8N/A4YHjN2IMhCTTIYY20XU4QEySrtYHSxUceBH2JyFm9rFVXUD2yv+geYqhbtHHfgHWS7m02EXcMptMT3cadvdVHgW3iuYgUZiTh+oF5i1aHeaSvGlYokUYkQBowxCUDM50q1O0=
Received: from MN2PR11MB3710.namprd11.prod.outlook.com (20.178.252.147) by MN2PR11MB3742.namprd11.prod.outlook.com (20.178.254.79) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2305.20; Tue, 1 Oct 2019 15:22:49 +0000
Received: from MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::ccee:a2c9:107:8e97]) by MN2PR11MB3710.namprd11.prod.outlook.com ([fe80::ccee:a2c9:107:8e97%5]) with mapi id 15.20.2305.017; Tue, 1 Oct 2019 15:22:49 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com>
To: Erik Andersen <era@x500.eu>, 'LAMPS' <spasm@ietf.org>
Thread-Topic: [lamps] [EXTERNAL] X.510
Thread-Index: AQHVcrIQKeRiJK3IuUWLzXk81rHZpKdF8cpw
Date: Tue, 01 Oct 2019 15:22:49 +0000
Message-ID: <MN2PR11MB37106863E5A2CE52D8125EE39B9D0@MN2PR11MB3710.namprd11.prod.outlook.com>
References: <000601d57081$5afa8fc0$10efaf40$@x500.eu> <01fd886909e94b0ab9c353958f46a45e@PMSPEX05.corporate.datacard.com> <002201d572b2$0815f6e0$1841e4a0$@x500.eu>
In-Reply-To: <002201d572b2$0815f6e0$1841e4a0$@x500.eu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=Mike.Ounsworth@entrustdatacard.com;
x-originating-ip: [142.114.132.63]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 7c27b18e-9ff2-427e-3459-08d746833819
x-ms-traffictypediagnostic: MN2PR11MB3742:
x-ms-exchange-purlcount: 6
x-microsoft-antispam-prvs: <MN2PR11MB374234FA546C97D3742AD7469B9D0@MN2PR11MB3742.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:4714;
x-forefront-prvs: 0177904E6B
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(366004)(396003)(376002)(346002)(39850400004)(199004)(189003)(13464003)(52314003)(66446008)(8676002)(66556008)(476003)(305945005)(76116006)(110136005)(14454004)(446003)(11346002)(81166006)(81156014)(6116002)(966005)(3846002)(6436002)(66946007)(66476007)(8936002)(71200400001)(7736002)(486006)(478600001)(9686003)(2906002)(229853002)(64756008)(316002)(7696005)(5660300002)(14444005)(5024004)(186003)(256004)(66066001)(25786009)(26005)(99286004)(6246003)(55016002)(76176011)(52536014)(86362001)(74316002)(6506007)(71190400001)(6306002)(53546011)(33656002)(102836004); DIR:OUT; SFP:1102; SCL:1; SRVR:MN2PR11MB3742; H:MN2PR11MB3710.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IEg3qulGBsQJSJRKqTD6AV4ISRA03uQPSrJK31PyNXHP4tL9zB/K6g3pbEKv1NSwCjY+4BNRH9psZSKpTuP+0FM3A1OelX8NLSduHecsWKViL2klVumBkn0HnnboiLqU7ECpOjSPufySC8ricilYwWFnqCPkHNGT+hU3Ld6OCtNtSbHkYrMrIk/wVTdomDkjDpdktW/1Y8OPLW60Gz1idAQ9yTmtgoK6HpaOCC+OsVfEfwXw3oi1Oq+IVWQ7V4aZQbQ75zIQOOg49Twi11Nq+9VECkgaIKdzAqekAekpvZf4bTyGXfd7QewF73dtpl6p6zIaqCYTtN+jWBQsxZDfjwecg7OeOfJJBEN0K94NZHlC1LfNdPjA384Z4ydaddLdmNrahl781K2vAaJLLiDAPXrqrAQoQ1dUYE7nkdP8zVDbY8j7oncBuBVr9liJALQVbIfLeXyWNXreX4ZE2XxwdQ==
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 7c27b18e-9ff2-427e-3459-08d746833819
X-MS-Exchange-CrossTenant-originalarrivaltime: 01 Oct 2019 15:22:49.0601 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: U093avvTRee5zVnvLvk24rrv4Sv40T5LOI2/+Kl4y+7caNxQ2RfaZ2X8FvIPzX7EphNUM/+n3C3s3dyaYiqhrK0wpIZZ9sNNRPFDPm4JMGeG4QZRU5+VmkicVVP1Zp54
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MN2PR11MB3742
X-OriginatorOrg: entrustdatacard.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/DK4IYjhTM1mhIZRw1NsdB87pg58>
Subject: Re: [lamps] [EXTERNAL] X.510
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 01 Oct 2019 15:22:55 -0000

Hi Erik,

This is joint feedback on X.510 from the group of authors who worked on the composite pubic keys and signatures draft (https://tools.ietf.org/html/draft-ounsworth-pq-composite-sigs-01) and some overlap with the authors of the hybrid certificates draft (https://tools.ietf.org/html/draft-truskovsky-lamps-pq-hybrid-x509-01) which is now being pursued at ITU-T by ISARA.

1.	X.510 section 6 defines MultiplePublicKeyAlgo identifiers and params, but seems to be missing a definition of the public keys themselves. If the idea is to concatenate multiple public keys into the single existing octet string, it's probably important to define that encoding. See our draft for how we thought to define that structure: https://tools.ietf.org/html/draft-ounsworth-pq-composite-sigs-01#section-2.3.

2.	X.510 Annex G: the mechanism you define relies on the use of ASN.1 extension marks, which were introduced to the SIGNED structure in X.509 rev 7 (2012), and are not included in the ASN.1 structures of the X.509 profile in IETF RFC5280 (2008). I see that you address that on p. 72 in the paragraph "If extension marks are not supported", basically saying to use the MultiplePublicKey definitions from section 6. This is not a problem for your draft, but we wanted to point out on this mailing list that IETF and WebPKI can't use the mechanism proposed in Annex G without updating RFC5280 and relying implementations to support ASN.1 extension marks.

3.	For both mechanisms (section 6, and Annex G), have you thought about stripping attacks, where say the attacker cracks the weaker of the two signatures and then replaces the other public key with one that he controls? I suppose this needs to be addressed at the protocol layer, and therefore is out of scope for section 6 / annex G, but we still wanted to mention it on this mailing list.

4.	Perhaps it makes sense to harmonize the ASN.1 structures between X.510 and our IETF draft(s). Would you be open to joining a phone call with our author group?

-Mike Ounsworth,
Representing the authors of draft-ounsworth-pq-composite-sigs

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen
Sent: Tuesday, September 24, 2019 3:28 AM
To: 'LAMPS' <spasm@ietf.org>
Cc: Mark Pecen <mark.pecen@isara.com>; Jean-Paul LEMAIRE <jean-paul.lemaire@univ-paris-diderot.fr>
Subject: Re: [lamps] [EXTERNAL] X.510

Hi Mike,

A good point. Having multiple algorithms for added security and not just for migration is not really considered in draft X.510, which could be a miss. We will see if we can get that aspect into document during its final ballot round where in principle only editorials are allowed. Anyway, we will probably need an edition 2 quite quickly.

Best regards,

Erik

-----Oprindelig meddelelse-----
Fra: Spasm [mailto:spasm-bounces@ietf.org] På vegne af Mike Ounsworth
Sendt: 24 September 2019 05:51
Til: Erik Andersen <era@x500.eu>; LAMPS <spasm@ietf.org>
Emne: Re: [lamps] [EXTERNAL] X.510

Hi Erik,

I found your slides
https://docbox.etsi.org/Workshop/2019/201906_ETSISECURITYWEEK/202106_Dynamic
NatureOfTechno/SESSION03_CHANGINGCRYPTOGRAPHY/ANDERSENSLSERVICES_ANDERSEN.pd
f, explaining the rationale behind X.510. In it, you say:

* A back level recipient will ignore the alternative algorithm, but validate according to the native one
* An advanced recipient will validate according to the alternative algorithm

In attending post-quantum conferences, for example the NIST PQC, there is a strong call for "hybrid" modes where *both* algorithms are validated because we don't fully trust the new stuff yet. So this may not be simply a migration issue, but a more long-term issue of combining algorithms for increased security.
Do you have an opinion on whether X.510 in its current form would be appropriate for hybrid modes, and whether your language should be adjusted to be "native algorithm and alt algorithm" as opposed to your current "native algorithm or alt algorithm" ?

- - -
Mike Ounsworth | Office: +1 (613) 270-2873

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen
Sent: Saturday, September 21, 2019 8:35 AM
To: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL][lamps] X.510

WARNING: This email originated outside of Entrust Datacard.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________________
Within ITU-T and ISO we have developed a new specification, Rec. ITU-T X.510
| ISO/IEC 9594-11, which now is out for final vote. There is a link to 
| it
https://www.dropbox.com/s/qzzuy9hu2vjz9qw/X.510-dis.pdf?dl=0. We expect to complete it by March 2020.

Any comment any of you might have will be highly appreciated.

Best regards,

Erik

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email