IETF Logo Mail Archive

Re: [lamps] LAMPS Re-charter

Jonathan Hammell <jfhamme.cccs@gmail.com> Fri, 26 March 2021 13:44 UTC

Return-Path: <jfhamme.cccs@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D7A093A1F13 for <spasm@ietfa.amsl.com>; Fri, 26 Mar 2021 06:44:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ZKXUll5KOwUw for <spasm@ietfa.amsl.com>; Fri, 26 Mar 2021 06:44:24 -0700 (PDT)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E5C203A1F55 for <spasm@ietf.org>; Fri, 26 Mar 2021 06:44:20 -0700 (PDT)
Received: by mail-oi1-x22a.google.com with SMTP id d12so5703604oiw.12 for <spasm@ietf.org>; Fri, 26 Mar 2021 06:44:20 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=lJx7FMAeW/4y2JAVJSyXZsYFu2CbdHK2T70t8nVKGhE=; b=K1F5ref96EhpgwFOMI1/WjBWq8BGfenEJ1/A5KvDEYnC98em1LtwaXVN7zJ1NnkZ6Y hAEgFAtaEaoF4+TDjKTGUdJ2tOQXno6RcD31GT/ZftUOSiuSJHOx7cJai5yoP/osvonf kHQx65w7n/jvhqQxRnBaaPXDYZCTAJlTqGVVVN5n/FwHoJ5UbIBgwi/eV/D/WnkKwVcd iL6jBOUUQnlT7QDLqUa+bSLiOwUFBgTnUn6OfvR+6QUbTBnRGFnrL1X3stCfGIVfiRpc m62cgqFaGBXB9HX/3zb26Mey8UhzqmL6de+/Tw+K/3LJXkWUkHir5KSg4xFTiB2U20lN NH7A==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=lJx7FMAeW/4y2JAVJSyXZsYFu2CbdHK2T70t8nVKGhE=; b=aoLRzYO0uLUivXlK5M7lranYaCcl2KMTO0n8F9SsICZZNdwAdJwNsHEJtbkO6A6wwn BGcwAFz0K7UEi+HBpzm7vbkfTEYd1umoja24Chjt3QA+Ray9dXVnHPx3JxvD/hP5j0Ef j2AHFiooD0+mlnIME+JtPeneju5u1wmj9xqRabrKZOPPrPUZFoXf0CxfQwxgpFbSCPYR tFRbUdQPFbn8/EC0NiOGB9gmuyDO7vrxiZuJ7LmDOoZRWZkdfmzx6LsXG4+UIveeqhWQ ITfMFVqchfq4tolhs0TXxLfh9ONOGtmUiFtILy3iqinEgvR4cn2UCkwM/GxjTXjUeQ2M 7jnQ==
X-Gm-Message-State: AOAM532TYQN4yMAY0eksPjcNsJwKSy/GKHXVx1g3lUvM+m/y6YFsLvX2 OOOzNkOh+4NCyc2aNTNMY0T6o0Z2rMPuA5YulxExa9j0dbOOSg==
X-Google-Smtp-Source: ABdhPJzEO/mjSBwXYI/Z7Twdt5I6nn/rjZPhUgd41sln6NHY/1841aDd9vm+4moBsbK6LxMfqsam+KrLpTpVySScdxE=
X-Received: by 2002:aca:f48f:: with SMTP id s137mr9770053oih.101.1616766258020; Fri, 26 Mar 2021 06:44:18 -0700 (PDT)
MIME-Version: 1.0
References: <5A22DF7B-BCA5-42F6-BB95-D4F70FDB1996@vigilsec.com> <951CAF0F-7461-4057-B95E-D1F6CAE61D02@vigilsec.com> <4c18a9982cc94df2952d7b2cbae89d99@cert.org> <7B82765F-9C7A-4C4D-B115-A2835B44E6D6@vigilsec.com> <b3fdb1ac051b4ae0ad748782daebead2@cert.org> <ACE141CD-B0B7-45D3-B54F-BE25275A0D25@vigilsec.com>
In-Reply-To: <ACE141CD-B0B7-45D3-B54F-BE25275A0D25@vigilsec.com>
From: Jonathan Hammell <jfhamme.cccs@gmail.com>
Date: Fri, 26 Mar 2021 09:44:06 -0400
Message-ID: <CALhKWgjB_RVGaQriPbero6eWTdaD4JaVqmHLjHHsqsjrBHUrFA@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: LAMPS <spasm@ietf.org>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Djxz2c7IpLWmAcCj-IjOLv7i9Zw>
Subject: Re: [lamps] LAMPS Re-charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Mar 2021 13:44:29 -0000

I'm in favour of LAMPS working on the PQC items described in 5.*.

Will the changes to PKIX certificates to support hybrid key
establishment (5.b.i) and dual signatures (5.b.ii) also require
modifications to CMP or CMC/EST to support requesting such
certificates from CAs?  The text in 5.b.i and 5.b.ii includes that
LAMPS will specify "operational practices" to support hybrid/dual.  Is
that text intended to cover those aspects?

Jonathan

On Wed, Mar 17, 2021 at 6:26 PM Russ Housley <housley@vigilsec.com> wrote:
>
> After listening to the LAMPS re-charter comments, I think this captures a way forward.  The PQC milestones do not have a "send to the IESG" part.  The idea is that we would add those when NIST winners get announced.
>
> Thoughts?
>
> Russ
>
> = = = = = = = = =
>
> The PKIX and S/MIME Working Groups have been closed for some time. Some
> updates have been proposed to the X.509 certificate documents produced
> by the PKIX Working Group and the electronic mail security documents
> produced by the S/MIME Working Group.
>
> The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working
> Group is chartered to make updates where there is a known constituency
> interested in real deployment and there is at least one sufficiently
> well specified approach to the update so that the working group can
> sensibly evaluate whether to adopt a proposal.
>
> The LAMPS WG is now tackling these topics:
>
> 1. Specify the use of short-lived X.509 certificates for which no
> revocation information is made available by the Certification Authority.
> Short-lived certificates have a lifespan that is shorter than the time
> needed to detect, report, and distribute revocation information.  As a
> result, revoking short-lived certificates is unnecessary and pointless.
>
> 2. Update the specification for the cryptographic protection of email
> headers -- both for signatures and encryption -- to improve the
> implementation situation with respect to privacy, security, usability
> and interoperability in cryptographically-protected electronic mail.
> Most current implementations of cryptographically-protected electronic
> mail protect only the body of the message, which leaves significant
> room for attacks against otherwise-protected messages.
>
> 3. The Certificate Management Protocol (CMP) is specified in RFC 4210,
> and it offers a vast range of certificate management options.  CMP is
> currently being used in many different industrial environments, but it
> needs to be tailored to the specific needs of such machine-to-machine
> scenarios and communication among PKI management entities.  The LAMPS
> WG will develop a "lightweight" profile of CMP to more efficiently
> support of these environments and better facilitate interoperable
> implementation, while preserving cryptographic algorithm agility.  In
> addition, necessary updates and clarifications to CMP will be
> specified in a separate document.  This work will be coordinated with
> the LWIG WG.
>
> 4. Provide concrete guidance for implementers of email user agents
> to promote interoperability of end-to-end cryptographic protection
> of email messages.  This may include guidance about the generation,
> interpretation, and handling of protected messages; management of the
> relevant certificates; documentation of how to avoid common failure
> modes; strategies for deployment in a mixed environment; as well as
> test vectors and examples that can be used by implementers and
> interoperability testing.  The resulting robust consensus among email
> user agent implementers is expected to provide more usable and useful
> cryptographic security for email users.
>
> 5. Recent progress in the development of quantum computers pose a threat
> to widely deployed public key algorithms.  As a result, there is a need
> to prepare for a day when cryptosystems such as RSA, Diffie-Hellman,
> ECDSA, ECDH, and EdDSA cannot be depended upon in the PKIX and S/MIME
> protocols.
>
> 5.a. NIST has a Post-Quantum Cryptography (PQC) effort to produce one
> or more quantum-resistant public-key cryptographic algorithm standards.
> The LAMPS WG will specify the use of these new PQC public key algorithms
> with the PKIX certificates and the Cryptographic Message Syntax (CMS).
> These specifications will use object identifiers for the new algorithms
> that are assigned by NIST.
>
> 5.b. NIST and other organizations are developing standards for
> post-quantum cryptographic (PQC) algorithms that that will be secure
> even if large-scale quantum computers are ever developed.  However, a
> lengthy transition from today's public key algorithms to PQC public key
> algorithms is expected; time will be needed to gain full confidence in
> the new PQC public key algorithms.
>
> 5.b.i. The LAMPS WG will specify formats, identifiers, and operational
> practices for "hybrid key establishment" that combines the shared
> secret values one or more traditional key-establishment algorithm and
> one or more NIST PQC key-establishment algorithm or a PQC
> key-establishment algorithm vetted by the CFRG.  The shared secret
> values will be combined using HKDF (see RFC 5869) or a key derivation
> function vetted by the CFRG.
>
> 5.b.ii. The LAMPS WG will specify formats, identifiers, and operational
> practices for "dual signature" that combine one or more traditional
> signature algorithm with one or more NIST PQC signature algorithm or
> a PQC algorithm vetted by the CFRG.
>
> In addition, the LAMPS WG may investigate other updates to documents
> produced by the PKIX and S/MIME WG. The LAMPS WG may produce
> clarifications where needed, but the LAMPS WG shall not adopt
> anything beyond clarifications without rechartering.
>
> MILESTONES
>
> Task 1:
> Jul 2021 Adopt a draft for short-lived certificate conventions
> Mar 2022 Short-lived certificate conventions sent to IESG for BCP publication
>
> Task 2:
> DONE     Adopt a draft for header protection conventions
> Nov 2021 Header protection conventions sent to IESG for standards track publication
>
> Task 3:
> DONE     Adopt a draft for CMP updates
> DONE     Adopt a draft for CMP algorithm
> DONE     Adopt a draft for Lightweight CMP profile
> Dec 2021 CMP updates sent to IESG for standards track publication
> Dec 2021 CMP algorithms sent to IESG for standards track publication
> Dec 2021 Lightweight CMP profile sent to IESG for informational publication
>
> Task 4:
> May 2021    Adopt a draft for end-to-end email user agent guidance
> Jul 2022    End-to-end email user agent guidance sent to IESG for informational publication
>
> Task 5.a:
> Aug 2021    Adopt draft for PQC KEM public keys in PKIX certificates
> Aug 2021    Adopt draft for PQC KEM algorithms in CMS
> Sep 2021    Adopt draft for PQC signatures in PKIX certificates
> Sep 2021    Adopt draft for PQC signatures in CMS
>
> Task 5.b.i:
> Sep 2021    Adopt draft for public keys for hybrid key establishment in PKIX certificates
> Sep 2021    Adopt draft for hybrid key establishment in CMS
>
> Task 5.b.ii:
> Sep 2021    Adopt draft for dual signatures in PKIX certificates
> Sep 2021    Adopt draft for dual signature in CMS
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email