IETF Logo Mail Archive

Re: [lamps] Proposed recharter text

Roman Danyliw <rdd@cert.org> Wed, 10 March 2021 23:17 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 138743A0C9A for <spasm@ietfa.amsl.com>; Wed, 10 Mar 2021 15:17:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id VYcTJblDe52o for <spasm@ietfa.amsl.com>; Wed, 10 Mar 2021 15:17:17 -0800 (PST)
Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 396E43A0C93 for <spasm@ietf.org>; Wed, 10 Mar 2021 15:17:17 -0800 (PST)
Received: from korb.sei.cmu.edu (korb.sei.cmu.edu [10.64.21.30]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12ANHBS7002003; Wed, 10 Mar 2021 18:17:11 -0500
DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu 12ANHBS7002003
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1615418231; bh=6q5wdgp52rBDzYxIWlWIAmBqvF4fnhD4nU/+oTvNt4Y=; h=From:To:CC:Subject:Date:References:In-Reply-To:From; b=cbrvwjfTi1Qn2xFekJxRBTDphpxFVwMqH/blWvB4zlHa7y41ZgKLGxpK4i1eYeSiF PXXe3qiVqzFrmvmrhYin9VTnzVlf6inX6027pxAH9zKIp+g69O8RCzX3WOtsmMDCWl GzYluzY2SnlYxpLnSGxdzQL9gUmwJnslmF8v89Fc=
Received: from MURIEL.ad.sei.cmu.edu (muriel.ad.sei.cmu.edu [147.72.252.47]) by korb.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id 12ANH6ZU004851; Wed, 10 Mar 2021 18:17:06 -0500
Received: from MORRIS.ad.sei.cmu.edu (147.72.252.46) by MURIEL.ad.sei.cmu.edu (147.72.252.47) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.2106.2; Wed, 10 Mar 2021 18:17:05 -0500
Received: from MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb]) by MORRIS.ad.sei.cmu.edu ([fe80::555b:9498:552e:d1bb%13]) with mapi id 15.01.2106.013; Wed, 10 Mar 2021 18:17:05 -0500
From: Roman Danyliw <rdd@cert.org>
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>, Benjamin Kaduk <kaduk@mit.edu>, "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Proposed recharter text
Thread-Index: AQHW/+p9fpmxGXwNzkKsUmNdZmw0j6pcFwOAgACkJACAHhuJAIAAafaAgAEJq6CAAIrcgIAAnbwAgABbiAD//7mOUIAAzyUA//+t4tA=
Date: Wed, 10 Mar 2021 23:17:05 +0000
Message-ID: <2822aef0720e439fa1e0d4b0e4efb886@cert.org>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <9D01B155-6BB8-4438-8FAA-149686B69B64@vigilsec.com> <BN7PR11MB254762EDB050588E65B423B2C9869@BN7PR11MB2547.namprd11.prod.outlook.com> <038A4AA3-96A5-4827-BEEB-12B58F49102B@vigilsec.com> <b82901c00c6847fe9a8f420275d74ccc@cert.org> <DM6PR11MB43805BE3FEFD91A5BDD592EF9F939@DM6PR11MB4380.namprd11.prod.outlook.com> <f6b83156ae704d459125bf4157578e86@cert.org> <DM6PR11MB43806CB904AD424D1B925E799F919@DM6PR11MB4380.namprd11.prod.outlook.com> <0CC020DD-215E-4B1A-BBB9-F849BE6F3A3C@akamai.com> <20210310145410.GX56617@kduck.mit.edu> <98b073fb1215410492e209ef4ca8833f@cert.org> <DM6PR11MB4380F5390EB5D37651A129129F919@DM6PR11MB4380.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB4380F5390EB5D37651A129129F919@DM6PR11MB4380.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.64.203.75]
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/D_wrP15l8rkOcaCMDv2W1lrnOB8>
Subject: Re: [lamps] Proposed recharter text
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Mar 2021 23:17:19 -0000

Hi Mike!

> -----Original Message-----
> From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
> Sent: Wednesday, March 10, 2021 6:03 PM
> To: Roman Danyliw <rdd@cert.org>; Benjamin Kaduk <kaduk@mit.edu>; Salz,
> Rich <rsalz=40akamai.com@dmarc.ietf.org>
> Cc: LAMPS <spasm@ietf.org>
> Subject: RE: [lamps] Proposed recharter text
> 
> Hi Roman,
> 
> That tightened scope works for me as it covers what I have already submitted
> (draft-ounsworth-pq-composite-sigs) as well as the drafts I'm currently working
> on a -00 of.
> 
> A couple nits:
> 
> 1. Worth a 5.b.0 about the format of public keys that can be used with the
> 5.b.1 and 5.b.2 mechanisms?

I can see that.  Others?  Perhaps that work is better framed with the current 5.a work which was (as currently written) about just identifiers (which we could expand to be formats too).

We will likely need to wordsmith all of the things in 5.x when we have it lined up side by side for consistency.

> One of the feedbacks I've received recently is to split composite public keys into
> its own draft and remove any keyUsage restrictions so that the composite
> public key format is separate from their usage in sigs, key exchange, public key
> encryption, etc (other than the restriction that a keyUsage applying to a
> composite key needs to apply to all component keys. No jamming a keyex and
> sig key into the same cert á la jumbo certs). This is currently in github here:
> 
> https://github.com/EntrustCorporation/draft-ounsworth-pq-composite-
> keys/blob/master/draft-ounsworth-pq-composite-keys.txt
> 
> 
> 2.
> > using algorithm(s) vetted by the NIST PQ effort
> 
> Hybrid and dual mechanisms will likely be used for {RSA, PQ}, or {RSA, PQ1,
> PQ2}, or even {PQ1, PQ2}. In theory you could also do {RSA2048, RSA4096} or
> {RSA, ECC}, though I don't know why you would. Point is that they are not only
> for NIST PQ algs, but to combine traditional + PQ together.

Exactly. I was being sloppy trying to emphasize the "new" input (PQ algs) would be and what the specs would focus on.  All of those combinations involving PQ makes sense.  Restated:

5.b.1 = Specification(s) for identifiers, formats and operational practices to enable dual signature operations using traditional algorithm(s) and those vetted by the NIST PQ effort

> 
> 3.
> > How confident are we that draft-ounsworth-pq-composite-sigs is the starting
> point we want (for just 5.b.1)?
> 
> I am also curious about this :P

I leave it to be discuss in the WG.

Regards,
Roman

> ---
> Mike Ounsworth
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Roman Danyliw
> Sent: March 10, 2021 4:32 PM
> To: Benjamin Kaduk <kaduk@mit.edu>; Salz, Rich
> <rsalz=40akamai.com@dmarc.ietf.org>
> Cc: LAMPS <spasm@ietf.org>
> Subject: [EXTERNAL] Re: [lamps] Proposed recharter text
> 
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the
> content is safe.
> 
> ___________________________________________________________________
> ___
> Hi!
> 
> > -----Original Message-----
> > From: Benjamin Kaduk <kaduk@mit.edu>
> > Sent: Wednesday, March 10, 2021 9:54 AM
> > To: Salz, Rich <rsalz=40akamai.com@dmarc.ietf.org>
> > Cc: Roman Danyliw <rdd@cert.org>; LAMPS <spasm@ietf.org>
> > Subject: Re: [lamps] Proposed recharter text
> >
> > On Wed, Mar 10, 2021 at 02:26:36PM +0000, Salz, Rich wrote:
> > > I am concerned about having to decide the hybrid/multi-signature
> > > issue NOW
> > during the rechartering.  It's way too soon.  I think we need to
> > discuss the approaches in a technical context (i.e., as part of WG
> > discussions).  What's the best way to do that other than put vague words into
> a charter?
> >
> > I think we've seen (other) WG charters that include discussion of a
> > topic to decide on an approach, with need to recharter to actually
> > produce spec documents on that topic.  Just one option of many, of course...
> 
> +1.  We don't need to have approved charter language to discuss a topic.  We
> can even discuss and work on drafts that might shape the plan or approach.
> We just can't adopt them without a charter change.  I noted in an earlier email
> [2], we may actually find that as we decompose this problem, not all of it is
> appropriate to tackle in LAMPS.  Given some of the expressed uncertainty, we
> may also need to charter "this scope" (whatever it might be) in iterative
> "chunks".  Certainly, this creates some administrative overhead, but this
> shouldn't be too high.
> 
> In rereading the discussion and trying to answer my own questions [1] on what
> a tighter scope would be, let me test it with some replacement text:
> 
> OLD 5(b)
> The specifications developed will enable PKIX and S/MIME protocols to support
> hybrid key establishment and dual signature mechanisms
> 
> TIGHTER SCOPE:
> 5.b.1 = Specification(s) for identifiers, formats and operational practices to
> enable dual signature operations using algorithm(s) vetted by the NIST PQ
> effort
> 
> 5.b.2 = Specification(s) for identifiers, formats and operational practices to
> enable hybrid key establishment using the algorithms vetted by the NIST PQ
> effort and hybrid key establishment constructions defined in a revised SP 800-
> 56C
> 
> For me "operational practices" could potentially cover generation, validation,
> verification, etc.  As written, what it would exclude is updating PKI-related
> protocols and getting into any work that modifies other protocols that might
> leverage this work.
> 
> How confident are we that draft-ounsworth-pq-composite-sigs is the starting
> point we want (for just 5.b.1)?  Not pointing to this document specifically, but
> if we had one we could point to as a starting point this would also help create
> the bounding box on the new work and satisfy the other LAMPS constraint of
> "and there is at least one sufficiently well specified approach to the update so
> that the working group can sensibly evaluate whether to adopt a proposal"
> 
> Regards,
> Roman
> 
> [1]
> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/spasm/rbcu
> fPA13VfSRLBw41Sbb5bO-J0/__;!!FJ-
> Y8qCqXTj2!Nn4lhE32xGtdDKZPmTkG7WHMu1RrVn765f53RX6p7P1T1MUCGhF
> 8qb-IOM5GHb5nHQ5baDe_rQ$
> [2]
> https://urldefense.com/v3/__https://mailarchive.ietf.org/arch/msg/spasm/jxm
> Wz7MxaShMEopwE-ZJfzsIbYY/__;!!FJ-
> Y8qCqXTj2!Nn4lhE32xGtdDKZPmTkG7WHMu1RrVn765f53RX6p7P1T1MUCGhF
> 8qb-IOM5GHb5nHQ5xgZqFUg$
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!
> !FJ-
> Y8qCqXTj2!Nn4lhE32xGtdDKZPmTkG7WHMu1RrVn765f53RX6p7P1T1MUCGhF
> 8qb-IOM5GHb5nHQ7jXlJoVg$

v2.23.0 | Report a Bug | By Email