Re: [lamps] SLH-DSA in CMS/X.509
"Kampanakis, Panos" <kpanos@amazon.com> Wed, 21 February 2024 04:24 UTC
Return-Path: <prvs=774ab6a95=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1341CC14F6ED; Tue, 20 Feb 2024 20:24:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.104
X-Spam-Level:
X-Spam-Status: No, score=-2.104 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id asJBYWwlZLjn; Tue, 20 Feb 2024 20:24:15 -0800 (PST)
Received: from smtp-fw-9105.amazon.com (smtp-fw-9105.amazon.com [207.171.188.204]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 401AFC151542; Tue, 20 Feb 2024 20:24:15 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1708489455; x=1740025455; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=kc4JwbF74ewYugpAcN+HamelZbX8MY2AGY8KT+ZFSug=; b=Wr1/WqAiTe3CEfJ0eyw5Yu2MjwroY2diWBfQENBfAeN9CsBaZSWA6qu5 KJbQAy0/+EPiSTprXeSdtST7wQSG2Idq/cBC+ypMosw6Msa+hRBVyDHQD s6SX4Ww5lG0V4h+WOPfLXuKh0Fthrb/O1nZ5sFcfgNpsVxUO+PG4tX7/U c=;
X-IronPort-AV: E=Sophos;i="6.06,174,1705363200"; d="scan'208,217";a="706338292"
Thread-Topic: SLH-DSA in CMS/X.509
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev) ([10.25.36.210]) by smtp-border-fw-9105.sea19.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 21 Feb 2024 04:24:10 +0000
Received: from EX19MTAUWA002.ant.amazon.com [10.0.21.151:53583] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.17.181:2525] with esmtp (Farcaster) id d80dc86f-a2a2-4077-81d5-be94884198b9; Wed, 21 Feb 2024 04:24:09 +0000 (UTC)
X-Farcaster-Flow-ID: d80dc86f-a2a2-4077-81d5-be94884198b9
Received: from EX19D001ANA003.ant.amazon.com (10.37.240.188) by EX19MTAUWA002.ant.amazon.com (10.250.64.202) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.40; Wed, 21 Feb 2024 04:24:08 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA003.ant.amazon.com (10.37.240.188) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.40; Wed, 21 Feb 2024 04:24:07 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1258.028; Wed, 21 Feb 2024 04:24:07 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Daniel Van Geest <daniel.vangeest.ietf@gmail.com>, "draft-ietf-lamps-dilithium-certificates@ietf.org" <draft-ietf-lamps-dilithium-certificates@ietf.org>
CC: 'LAMPS' <spasm@ietf.org>
Thread-Index: AQHaYAxCnSHvLXJr6ESvtny72DSCMLEUOzuQ
Date: Wed, 21 Feb 2024 04:24:07 +0000
Message-ID: <e83413d021104cb3842b523bc91c18b0@amazon.com>
References: <CH0PR11MB5739AF8408E1669FB9EF912A9F4F2@CH0PR11MB5739.namprd11.prod.outlook.com> <48348cdba84f4d93b9a1f67838f74201@amazon.com> <01a401da600c$3941d260$abc57720$@gmail.com>
In-Reply-To: <01a401da600c$3941d260$abc57720$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.172]
Content-Type: multipart/alternative; boundary="_000_e83413d021104cb3842b523bc91c18b0amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GbBdtTxXMzsdTWrt3r32oBcHg3k>
Subject: Re: [lamps] SLH-DSA in CMS/X.509
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 21 Feb 2024 04:24:16 -0000
+1 on separate HBS in PKI drafts. It makes them easier to consume by implementers. From: Daniel Van Geest <daniel.vangeest.ietf@gmail.com> Sent: Thursday, February 15, 2024 7:41 AM To: Kampanakis, Panos <kpanos@amazon.com>; 'Mike Ounsworth' <Mike.Ounsworth@entrust.com>; draft-ietf-lamps-dilithium-certificates@ietf.org Cc: 'LAMPS' <spasm@ietf.org> Subject: [EXTERNAL] SLH-DSA in CMS/X.509 CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Forking from "Can ML-DSA be used in CMS" because it's the same problem with a different subject. The question of separate drafts also applies to SLH-DSA. One line in draft-ietf-lamps-cms-sphincs-plus shouldn't be sufficient to say to the IETF world "And now you can use SLH-DSA in X.509!". draft-gazdag-x509-hash-sigs would do that work. At 118, Stefan kindly asked for adoption and there weren't any objections in the queue. But I haven't seen a call for adoption on the list. There was also no opinion on splitting the draft (SLH-DSA and XMSS/HSS). Since draft-ietf-lamps-cms-sphincs-plus is adopted, we should have something adopted at the X.509 level, whether it's draft-gazdag-x509-hash-sigs or a split draft for just SLH-DSA. Question for the chairs: Was there sufficient interest for adoption of draft-gazdag-x509-hash-sigs at 118, and it was just missed? Question for the WG: Should draft-gazdag-x509-hash-sigs be split into SLH-DSA and Stateful HBS drafts? My opinion: draft-ietf-lamps-cms-sphincs-plus shows demand for SLH-DSA in IETF protocols. A separate SLH-DSA in X.509 draft would progress faster because it's not weighed down by the concerns around stateful algorithms. If somehow draft-ietf-lamps-cms-sphincs-plus can progress without an associated X.509 draft I guess that's okay too. If they should be split, I can spin up the SLH-DSA draft. It'll be a lot of copy-paste, so if you think I'll be copying your text and can help with that, let me know. Daniel From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Kampanakis, Panos Sent: Wednesday, February 14, 2024 3:08 AM To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>>; draft-ietf-lamps-dilithium-certificates@ietf.org<mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> Cc: 'LAMPS' <spasm@ietf.org<mailto:spasm@ietf.org>> Subject: Re: [lamps] Can ML-DSA be used in CMS? Hi Mike, We could consider doing all ML-DSA in CMS and X.509 in one draft, but personally I would rather we kept them separate like we did with SHAKEs in CMS (rfc8702) and X.509 (rfc8692) or with EdDSA in CMS and X.509. They are more straightforward for implementers that way. We could change that if there was WG consensus. Note that draft-ietf-lamps-cms-sphincs-plus mentions about SLH-DSA in CMS "When this AlgorithmIdentifier appears in the SubjectPublicKeyInfo field of an X.509 certificate [...]" So, it includes how the SLH-DSA OID can be used in X.509 cert public keys as well, but it does not mention how to use the signatures. From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Mike Ounsworth Sent: Tuesday, February 13, 2024 8:37 AM To: draft-ietf-lamps-dilithium-certificates@ietf.org<mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> Cc: 'LAMPS' <spasm@ietf.org<mailto:spasm@ietf.org>> Subject: [EXTERNAL] [lamps] Can ML-DSA be used in CMS? CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. The answer obviously is Yes, but draft-ietf-lamps-dilithium-certificates does not actually say this. I was reading a draft ICAO ePassport document yesterday that correctly points out that IETF has a draft for how to use ML-DSA into X.509 certificates, but no draft for how to use ML-DSA in CMS. Authors of draft-ietf-lamps-dilithium-certificates, if you add a section "Signed-data Conventions" modelled after RFC8419, then I think that saves us from needing a whole second ML-DSA draft. --- Mike Ounsworth Software Security Architect, Entrust
- [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Sean Turner
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- [lamps] SLH-DSA in CMS/X.509 Daniel Van Geest
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Mike Ounsworth
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Ira McDonald
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Kousidis, Stavros
- Re: [lamps] SLH-DSA in CMS/X.509 Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Michael Prorock