Re: [lamps] draft-housley-cms-mix-with-psk-03

Russ Housley <housley@vigilsec.com> Tue, 03 April 2018 19:07 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 642FA12D7FC for <spasm@ietfa.amsl.com>; Tue, 3 Apr 2018 12:07:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id djDO6whgU0CO for <spasm@ietfa.amsl.com>; Tue, 3 Apr 2018 12:07:13 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CAD041242F7 for <spasm@ietf.org>; Tue, 3 Apr 2018 12:07:12 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 7FE1B300670 for <spasm@ietf.org>; Tue, 3 Apr 2018 15:07:10 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 4UjjRPeTKLMB for <spasm@ietf.org>; Tue, 3 Apr 2018 15:07:08 -0400 (EDT)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id BB6D930044B; Tue, 3 Apr 2018 15:07:08 -0400 (EDT)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <B4849071-AFEE-40FC-BDC7-D0DE290E775A@isara.com>
Date: Tue, 3 Apr 2018 15:07:29 -0400
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <5C8D590D-F30B-4CD3-9785-69791FD35C15@vigilsec.com>
References: <836CB2DA-9A82-4DEC-845A-15A7ED195C8A@vigilsec.com> <B4849071-AFEE-40FC-BDC7-D0DE290E775A@isara.com>
To: Daniel Van Geest <Daniel.VanGeest@isara.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Fz4JRRFdhC8ZjtDDAky3724wSJs>
Subject: Re: [lamps] draft-housley-cms-mix-with-psk-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 Apr 2018 19:07:15 -0000

I am working on -04.  These comments will be addressed.

Regarding Section 6, I suggest:

   Implementations must protect the pre-shared key (PSK), key transport
   private key, the agreement private key, the key-derivation key, and
   the key-encryption key.  Compromise of the PSK will make the
   encrypted content vulnerable to the future invention of a large-scale
   quantum computer.  Compromise of the PSK and either the key transport
   private key or the agreement private key may result in the disclosure
   of all contents protected with that combination of keying material.
   Compromise of the PSK and the key-derivation key may result in
   disclosure of all contents protected with that combination of keying
   material.  Compromise of the key-encryption key may result in the
   disclosure of all content-encryption keys or content-authenticated-
   encryption keys that were protected with that keying materail, which
   in turn may result in the disclosure of the content.

Russ


> On Mar 8, 2018, at 7:24 PM, Daniel Van Geest <Daniel.VanGeest@isara.com> wrote:
> 
> Hi Russ,
> 
> I have a few minor nits and one (still minor) comment.
> 
> Section 2:
> 
> (nit) s/then all recipient obtain/then all recipients obtain/
> (nit) s/then key-derivation key is mixed/then the key-derivation key is mixed/ (x2)
> 
> Section 6:
> 
> “Compromise of the key transport private key or the agreement private key may result in the disclosure of all contents protected with that key. Compromise of the key-derivation key that is established with the key transport private key or the agreement private key may result in disclosure of the associated encrypted content.”
> 
> In this draft, disclosure of these keys would not result in the disclosure of the protected content unless the PSK was also disclosed.  I guess the “may” hedges those statements and makes them still technically true.  RFC 5652 says the same thing about the private keys, except in that case the disclosure of the keys would definitely allow disclosure of the protect content.  So maybe in this draft you want to qualify that if the private keys and the PSK are disclosed, the protected content may also be disclosed.
> 
> (nit) s/randomly generate key-derivation key/randomly generate key-derivation keys/
> (nit?) s/as well as the content-encryption key/as well as the content-encryption keys/
> (nit?) s/or content-authenticated-encryption key/or content-authenticated-encryption keys/
> (nit) s/If the key-encryption algorithm is different that/If the key-encryption algorithm is different than/
> (nit) s/Implementer should not/Implementers should not/
> (nit) s/send the same content in different in separate messages/send the same content in different/
> 
> Thanks,
> Dan
> 
> On 2018-03-05, 8:23 PM, "Spasm on behalf of Russ Housley" <spasm-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:
> 
>    I would like to make people on this mail list aware of this Internet-Draft.
> 
>    Russ
> 
>    = = = = = = = = = =
> 
>    A new version of I-D, draft-housley-cms-mix-with-psk-03.txt
>    has been successfully submitted by Russell Housley and posted to the
>    IETF repository.
> 
>    Name:		draft-housley-cms-mix-with-psk
>    Revision:	03
>    Title:		Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
>    Document date:	2018-03-05
>    Group:		Individual Submission
>    Pages:		13
>    URL:            https://www.ietf.org/internet-drafts/draft-housley-cms-mix-with-psk-03.txt
>    Status:         https://datatracker.ietf.org/doc/draft-housley-cms-mix-with-psk/
>    Htmlized:       https://tools.ietf.org/html/draft-housley-cms-mix-with-psk-03
>    Htmlized:       https://datatracker.ietf.org/doc/html/draft-housley-cms-mix-with-psk-03
>    Diff:           https://www.ietf.org/rfcdiff?url2=draft-housley-cms-mix-with-psk-03
> 
>    Abstract:
>      The invention of a large-scale quantum computer would pose a serious
>      challenge for the cryptographic algorithms that are widely deployed
>      today.  The Cryptographic Message Syntax (CMS) supports key transport
>      and key agreement algorithms that could be broken by the invention of
>      such a quantum computer.  By storing communications that are
>      protected with the CMS today, someone could decrypt them in the
>      future when a large-scale quantum computer becomes available.  Once
>      quantum-secure key management algorithms are available, the CMS will
>      be extended to support them, if current syntax the does not
>      accommodated them.  In the near-term, this document describes a
>      mechanism to protect today's communication from the future invention
>      of a large-scale quantum computer by mixing the output of key
>      transport and key agreement algorithms with a pre-shared key.
> 
>    _______________________________________________
>    Spasm mailing list
>    Spasm@ietf.org
>    https://www.ietf.org/mailman/listinfo/spasm
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm