IETF Logo Mail Archive

Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07

Roman Danyliw <rdd@cert.org> Wed, 27 October 2021 12:57 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6843A0EB2 for <spasm@ietfa.amsl.com>; Wed, 27 Oct 2021 05:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I711kU7akupx for <spasm@ietfa.amsl.com>; Wed, 27 Oct 2021 05:56:59 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0099.outbound.protection.office365.us [23.103.208.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9517D3A1183 for <spasm@ietf.org>; Wed, 27 Oct 2021 05:56:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=ndiJl47g9QV4ibQvZxU60Bm+lkT0nmnhZhB4YtuFPNORDQV2N/ERacZ27jxRmPwHHLG4uc0zd7kEiVzAZ7GWMuGm4i8r/QVBr26mzAx0B0mvNTt2q/MOJSHoyMhis8LYAGI72uB7J+8h4I2aeJuAJehRqqflbsoNT6xDSTQESCctKR2BTcndb5xMiGKdipLDlMBIhVyCFbYTvoCTgeLGL3uXAnS6kB7bCMz4d1SfYFKs8SQBGZQLbQ7lyfgnbM1Ct0gL1GjIC4ZBldNv8DyzIZlIUllgHrVYurTAtsiSxjLtiarqUu7So0lfxRp9Lt6+PXhMOOQOMX9o7f0+GWusqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KGu18GYLt98IwFqmminb1TV+d3P1EyXIYyiAu1u7Pl8=; b=bF4HoTWN+ZIrEkqqlTHCliBffpCwO/gHHEpNjQcOky/QiqTLHF6S7pW1quJPbHYY5gBm7g1Pz5dTKmef7zcA+EZFw85wT1/DpEBXbIapGG00NCV3o0Bl8rRmlJkhqXr+EqHfAhpaeba7n9ECGl8jBa5VUuiQ6j0oVV5YvOa2TsbWMxt+RENaCc5VbrwjfYa/YEvLsOVbVYpby8UK7WyEduC4tHVi3OkCmJCIViCOl8mVD65NlOClN7icYfIZN20ntyM1lrEXL0ZDdsvm7dYnQY9f6ifGovkCDlHszUvyqW7JPwpjD28Qw8BJ8Q1jg9FVwYtD6woutHIOrMd3CobOUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KGu18GYLt98IwFqmminb1TV+d3P1EyXIYyiAu1u7Pl8=; b=aAgPDqbgLwgTwHWjmp5jQaApsRvk47x3p+p9Hn4kQwEGVVnoyFG+keSClBqy1LFuoIZ+5pPd+XnMWswF+cJwX2hn2yGHLogCJ38Hy7cS4XDs+szQ0cLo/1IzhHb6Q/rye/7M48k64H8hq7hlTFY+adxyRuzNeQgnU7awJ/6AMoQ=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Wed, 27 Oct 2021 12:56:55 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4628.023; Wed, 27 Oct 2021 12:56:55 +0000
From: Roman Danyliw <rdd@cert.org>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD review of draft-ietf-lamps-cmp-algorithms-07
Thread-Index: AdfKsmHop5v82zipS+Kei9oAXI0KtQASAJCgAA3gy2A=
Date: Wed, 27 Oct 2021 12:56:55 +0000
Message-ID: <BN1P110MB0939FC59928A48533859FBFBDC859@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <AM0PR10MB2418FB05BFD40F22D5E8745EFE859@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AM0PR10MB2418FB05BFD40F22D5E8745EFE859@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 33c1402d-e21d-45d5-2404-08d999494119
x-ms-traffictypediagnostic: BN1P110MB0755:
x-microsoft-antispam-prvs: <BN1P110MB075522F7F91BF35A5FC77801DC859@BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5AYXMKdJu0sJWYI34KWjKr2chMQV4d/WNT6eBEOMajA7jKelnp+kHQ/m+752K7sLUIJyOkvlUN1E/x+VoiWNEPTHcWfliwx6B93ZQ9pVe5Gw2rWmC0+QC+iXMRWqfGh0H3JKlv/PaZASIuEnfRmxs3zbhwo1tzp71iTWAawqk6SsQi0uhbcqm6ZFIMGO+oAsGbmbqIABUFTCRad3kuX+YneJB/Lewa2qSCzWEz0aaVz2naY8DGQbcO1Ygs0ewLyICdHFCNC8ckQeYnulFS9okC7AszaEFcdpaj4nzJInw+WcHm+nA9HOgh2pee7Ew2okPYoUhVLGeJw7/tmDfzmcYcTU5yzabwSWjthZYJFL5kpag1GJ1WnhxyUCkKAyMh33htM58hVsAC5Z9EPZrWo9BcPHUMq4P3vMufxQMGGCgjWR9VCeFan3jecUpU/ZeC6jimPuxWirfw5xXSrNQhvlehfykA9JlpMgTf5hhsLngJXplEm9CyLjUUz4pGXpzOFchd5H3mfO9KE/KAJQP0lo7LeQyafSeWYxIByhwSI6Fd9wqfh13VRrFwWLPpFm3s1JeQgZR/nlKFL1M1cCGpg7OhT22R8FQaiEEFel2FOUcgkAzPJ+tddbBb/vSnr6Lv38cjavAaxwjWHIFX9Is4gVCH9v7YEPlnVlAVqUKG4pY9bPJqIE/A6xK1mye6YhriGDSYyjcO72pif4sR1Ryx2Bqw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(52536014)(966005)(186003)(26005)(8676002)(6916009)(122000001)(7696005)(5660300002)(2906002)(8936002)(45080400002)(82960400001)(38100700002)(498600001)(33656002)(83380400001)(66476007)(55016002)(64756008)(4326008)(38070700005)(76116006)(53546011)(71200400001)(6506007)(86362001)(9686003)(66946007)(66556008)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4z8sQUsqEMrE/5flYY7h+u0UoAelVp6RDg4DVTpnu9O2KDAE2Efrce62HleerWD3wi1zLQv7GLnegGiAEaQ1HTu9xlpn5LhwOZOeJ4VImGkSXzyCw1D5KMOzGPCq1eXspuKOvYVnPnhSLeXHea3AmN37KOf9BF2fVSzbrr+5QyAgrDdLDXDgdXXkS6xFZOtac/a4SvBypRwhQ1i+Oc1QnIjxaBOCNFXWvvg0/BL/yEWc3SY+uT5vDXGOqaMma6OfPzuvwA6CSiEk7LF9Kp+F1/5dpBVfhYJ5iU/RBS9KUH9af4lVAfnNbSf/uRdGhMkQLlC7jl/sCBP3SDRLmJn/nrWP63nu3fpj5U83vBLx8BuvoGhMPwnkU7gQI8DybRPUm6Ng/T3Iuzgo3u52YlnlcbjsJiQR3Igtp3/Zo8A/rqB2J/p0Jbby7VwlukIu6emQ2vX8crPs2e/8HpfNoB1f37eZIU8fi4++5dR+VkhyqHX/DYDxUmMXfvz9fSvfVSPKH6BpiqSA5TtN8irDRvV84hCGSFZRfmZQ7w9DeIMUp6kNGYekRF4SrZCHpjZt3GJtgo1vZdrVV5KMfp7xMdMhas+4WFglFV0AsF4joJMJn9WMOHlQR5un2CLl98d2W6n1k9ZS9Vd6YmTiYdWRxykDPTYi5OGGNjKUqSUY5kIe8gpX7WOpdBdLomF856ZBVnfGhgTZDh7+RdonWnbbC+Q5PJJT5VgLkw1/c+B7LBIPHeA=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 33c1402d-e21d-45d5-2404-08d999494119
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2021 12:56:55.2305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0755
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HdxJRTk6dlzAFYPUCP5Nk5Y_msw>
Subject: Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2021 12:57:04 -0000

Hi Hendrik!

> -----Original Message-----
> From: Brockhaus, Hendrik <hendrik.brockhaus@siemens.com>
> Sent: Wednesday, October 27, 2021 2:26 AM
> To: Roman Danyliw <rdd@cert.org>
> Cc: LAMPS WG <spasm@ietf.org>
> Subject: AW: AD review of draft-ietf-lamps-cmp-algorithms-07
> 
> Roman
> 
> Many thanks for your valuable and detailed review.
> We will come back to each of your comments in detail later.

Sounds like a plan.

> > ** Section 2, 3, etc.  Editorial. When listing the places where digest
> > and signature algorithm identifies are found, consider if enumerating
> > them as a bulleted list might be easier to read.  For example:
> I like you suggestion using a bulleted list for the algorithm usage.
> 
> > -- I'm mentioning it here but it applies to the other uses, using
> > spaces to convey the nested CMS structure is confusing.
> I was thinking about a better delimiter to convey nested structures. What do
> you think about '-' or '/'?

I have a weak preference for "-" but can live with anything that isn't a space.

Thanks,
Roman

> Hendrik
> 
> > Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Roman Danyliw
> > Gesendet: Dienstag, 26. Oktober 2021 23:49
> >
> > Hi!
> >
> > I did an AD review of draft-ietf-lamps-cmp-algorithms-07 with my
> > comments below.  Thanks for this work to evolve CMP.
> >
> > ** Section 2, 3, etc.  Editorial. When listing the places where digest
> > and signature algorithm identifies are found, consider if enumerating
> > them as a bulleted list might be easier to read.  For example:
> >
> > OLD
> >    Digest algorithm identifiers are located in the hashAlg field of
> >    OOBCertHash, the owf field of Challenge, PBMParameter, CertStatus,
> >    and DHBMParameter, and the digestAlgorithms field of SignedData and
> >    the digestAlgorithm field of SignerInfo.
> >
> > NEW
> > Digest algorithm identifiers are located in:
> > * hashAlg field of OOBCertHash,
> > * owf field of Challenge, PBMParameter, CertStatus, and DHBMParameter
> > * digestAlgorithms field of SignedData
> > * digestAlgorithm field of SignerInfo.
> >
> > ** Section 2.
> > Note: Specific conventions are needed for CertStatus content in
> >    certConf messages when confirming certificates where the
> >    AlgorithmIdentifier of the certificate signature does not clearly
> >    imply a specific hash algorithm.  In such cases the hash algorithm to
> >    use to build certHash should be specified, e.g., as done in
> >    Section 2.1 and Section 2.2 for certificates signed using EdDSA.
> >
> > I'm confirming my understanding of the text.  Is the specific
> > convention being described here the second sentence (i.e., explicitly
> > specifying the hash algorithm)?  I ask because "conventions" was
> > plural suggesting that there was more than one.
> >
> > ** Section 3.  Editorial.  s/Section 7.2,RFC/Section 7.2, RFC/
> >
> > ** Section 3.1.  Editorial.
> > OLD
> > The algorithm identifiers for RSASAA-PSS signatures used with SHA2
> >    message digest algorithms is identified by the following OID:
> >
> > NEW
> > The algorithm identifier for RSASAA-PSS signatures used with SHA2
> >    message digest algorithms is identified by the following OID:
> >
> > ** Section 3.3.  Editorial. s/signature algorithm Ed25519
> > MUST/signature algorithm Ed25519 that MUST/
> >
> > ** Section 4.1.
> >
> > Key agreement algorithm identifiers are located in the EnvelopedData
> >    RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields.
> >
> > -- "keyEncryptionAlgorithm" is the type, the field name is
> > "KeyEncryptionAlgorithmIdentifier" per Section 6.2.1 of RFC5652.  It
> > should likely read "... KeyAgreeRecipientInfo
> KeyEncryptionAlgorithmIdentifier".
> >
> > -- why is "fields" plural? Isn't the cardinality here a single field?
> >
> > -- I'm mentioning it here but it applies to the other uses, using
> > spaces to convey the nested CMS structure is confusing.
> >
> > ** Section 4.1. Checking my understanding, is it accurate that both
> > the key agreement algorithm identifiers and the key encryption
> > algorithm identifiers are going to the same place in EnvelopedData?
> >
> > ** Section 4.1.
> >    Wrapped content-encryption keys are located in the EnvelopedData
> >    RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
> >    encryptedKey field.
> >
> > -- "encryptedKey" is also a type.  It should likely be "EncryptedKey"
> > per Section
> > 6.2.2 of RFC5652.
> >
> > -- My ASN.1 reading always needs help.  Should it be "...
> > RecipientEncryptedKeys RecipientEncryptedKey EncryptedKey" or
> > "RecipientEncryptedKeys EncryptedKey"?  Same thing would apply to
> > "RecipientInfos" and "RecipientInfo".
> >
> > ** Section 4.2.
> > Key transport algorithm identifiers are located in the EnvelopedData
> >    RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.
> >
> > Similar to Section 4.1, keyEncryptionAlgorithm is the type.  It likely
> > should be KeyEncryptionAlgorithmIdentifier per Section 6.2.1 of
> > RFC5652
> >
> > ** Section 4.2
> >    Key transport encrypted content-encryption keys are located in the
> >    EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
> >    Field.
> >
> > Similar to Section 4.1, encryptedKey is the type.  It likely should be
> > EncryptedKey per Section 6.2.1 of RFC5652.
> >
> > ** Section 4.3.  As before,
> > s/keyEncryptionAlgorithm/KeyEncryptionAlgorithmIdentifier/
> >
> > ** Section 4.3.  As before, s/encryptedKey/EncryptedKey/
> >
> > ** Section 4.4. As before,
> > s/keyDerivationAlgorithm/KeyDerivationAlgorithmIdentifier/
> >
> > ** Section 5.  Editorial.  s/Section 7,RFC/Section 7, RFC/
> >
> > ** Section 5.  As before, s/ contentEncryptionAlgorithm
> > /ContentEncryptionAlgorithmIdentifier/
> >
> > ** Section 6. Editorial.  s/Section 7,RFC/Section 7, RFC/
> >
> > ** Section 6.1.1. Editorial. s/andAlgorithm/and Algorithm/
> >
> > ** Section 7.  I would have benefit from a bit more clarity on the
> > direction provided in this section.
> >
> > -- "The following criteria will help implementers choose appropriate
> > algorithms for managing certificates"
> >
> > The bulleted list seems like only part of the criteria.  As a
> > non-exhaustive list, additional considerations might be the
> > capabilities of the end-point (e.g., does the target deployment have
> > hardware acceleration for some, are some algorithms simply out of
> > reach due to available compute or expected software support); or perhaps
> local policy or compliance requirements?
> >
> > -- "The cryptographic strength of the algorithm with the lowest security."
> >
> > It seems like some words are missing here.  Is the intent here to
> > guide the selection towards the algorithm that provides the minimum
> > amount of strength relative to the needed security requirements?
> >
> > ** Section 7.1.  The text in this section seems it should explicit say
> > that it is updating RFC4210.
> >
> > OLD
> > The following table contains definitions of algorithms used within
> >
> > NEW
> > The following table updates the definitions of algorithms used within
> >
> > ** Section 7.1.  If an algorithm is listed in the "Change from 4210"
> > column, should it be considered the equivalent of being added to the
> > "other" column (per Appendix D.2 of RFC4210?  If so, please be explicit about
> that.
> >
> > ** Section 7.1.  Table 1.
> >
> > -- What does it mean for PasswordBasedMac to be in both the Mandatory
> > and
> > Change-from-4210 column for the MSG_MAC_ALG row?  It was already the
> > MTI in RFC4210.  Same question and situation with D-H for the
> PROT_ENC_ALG row.
> >
> > -- Should 3-DES be considered "other" in MSG_MAC_ALG and
> PROT_SYM_ALG?
> >
> > -- Editorial.  In PROT_SYM_ALG and SYM_PENC_ALG, the "3-DES
> > (3-key-EDE), CBC Mode" should read "3-DES (3-key-EDE, CBC mode)" per the
> text in RFC4210.
> >
> > ** Section 9.  Can a reference be added for the theoretical weakness
> > in PasswordBasedMac?
> >
> > ** Section 9.  Editorially, the first paragraph ("RFC 4210 Appendix
> > D.2 ...) and the two paragraphs of "In Section 7 ..." and "To keep the
> > list ...", seem to be saying the same thing.  Recommend a merge.
> >
> > ** Section 9.
> > In such systems the weakened algorithms should
> >    be disabled from further use.
> >
> > Can this document make stronger recommendations about deprecating
> > certain algorithms such as 3-DES SHA-1 with normative language rather
> > than keeping it in the "other" category in the profiles?
> >
> > ** Normative References.  [I-D.ietf-lamps-lightweight-cmp-profile]
> > should be a normative reference given the use of normative language
> > around it in Section 7.2.
> >
> > Regards,
> > Roman
> >
> >
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.
> > ietf
> >
> .org%2Fmailman%2Flistinfo%2Fspasm&amp;data=04%7C01%7Chendrik.brockh
> a
> >
> us%40siemens.com%7C2394a26fac8b4a6b67b508d998ca7af2%7C38ae3bcd95
> 7
> >
> 94fd4addab42e1495d55a%7C1%7C0%7C637708817695901864%7CUnknown
> %7
> >
> CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC
> J
> >
> XVCI6Mn0%3D%7C1000&amp;sdata=5aRCZDwb1xqkuvlnErpd2w07Bktd3LjpA7
> IA
> > xZClxLc%3D&amp;reserved=0

v2.23.0 | Report a Bug | By Email