Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
Roman Danyliw <rdd@cert.org> Wed, 27 October 2021 12:57 UTC
Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F6843A0EB2 for <spasm@ietfa.amsl.com>; Wed, 27 Oct 2021 05:57:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I711kU7akupx for <spasm@ietfa.amsl.com>; Wed, 27 Oct 2021 05:56:59 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0099.outbound.protection.office365.us [23.103.208.99]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9517D3A1183 for <spasm@ietf.org>; Wed, 27 Oct 2021 05:56:59 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=ndiJl47g9QV4ibQvZxU60Bm+lkT0nmnhZhB4YtuFPNORDQV2N/ERacZ27jxRmPwHHLG4uc0zd7kEiVzAZ7GWMuGm4i8r/QVBr26mzAx0B0mvNTt2q/MOJSHoyMhis8LYAGI72uB7J+8h4I2aeJuAJehRqqflbsoNT6xDSTQESCctKR2BTcndb5xMiGKdipLDlMBIhVyCFbYTvoCTgeLGL3uXAnS6kB7bCMz4d1SfYFKs8SQBGZQLbQ7lyfgnbM1Ct0gL1GjIC4ZBldNv8DyzIZlIUllgHrVYurTAtsiSxjLtiarqUu7So0lfxRp9Lt6+PXhMOOQOMX9o7f0+GWusqQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=KGu18GYLt98IwFqmminb1TV+d3P1EyXIYyiAu1u7Pl8=; b=bF4HoTWN+ZIrEkqqlTHCliBffpCwO/gHHEpNjQcOky/QiqTLHF6S7pW1quJPbHYY5gBm7g1Pz5dTKmef7zcA+EZFw85wT1/DpEBXbIapGG00NCV3o0Bl8rRmlJkhqXr+EqHfAhpaeba7n9ECGl8jBa5VUuiQ6j0oVV5YvOa2TsbWMxt+RENaCc5VbrwjfYa/YEvLsOVbVYpby8UK7WyEduC4tHVi3OkCmJCIViCOl8mVD65NlOClN7icYfIZN20ntyM1lrEXL0ZDdsvm7dYnQY9f6ifGovkCDlHszUvyqW7JPwpjD28Qw8BJ8Q1jg9FVwYtD6woutHIOrMd3CobOUw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=KGu18GYLt98IwFqmminb1TV+d3P1EyXIYyiAu1u7Pl8=; b=aAgPDqbgLwgTwHWjmp5jQaApsRvk47x3p+p9Hn4kQwEGVVnoyFG+keSClBqy1LFuoIZ+5pPd+XnMWswF+cJwX2hn2yGHLogCJ38Hy7cS4XDs+szQ0cLo/1IzhHb6Q/rye/7M48k64H8hq7hlTFY+adxyRuzNeQgnU7awJ/6AMoQ=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Wed, 27 Oct 2021 12:56:55 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4628.023; Wed, 27 Oct 2021 12:56:55 +0000
From: Roman Danyliw <rdd@cert.org>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
CC: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD review of draft-ietf-lamps-cmp-algorithms-07
Thread-Index: AdfKsmHop5v82zipS+Kei9oAXI0KtQASAJCgAA3gy2A=
Date: Wed, 27 Oct 2021 12:56:55 +0000
Message-ID: <BN1P110MB0939FC59928A48533859FBFBDC859@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
References: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM> <AM0PR10MB2418FB05BFD40F22D5E8745EFE859@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <AM0PR10MB2418FB05BFD40F22D5E8745EFE859@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: siemens.com; dkim=none (message not signed) header.d=none;siemens.com; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 33c1402d-e21d-45d5-2404-08d999494119
x-ms-traffictypediagnostic: BN1P110MB0755:
x-microsoft-antispam-prvs: <BN1P110MB075522F7F91BF35A5FC77801DC859@BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:4125;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 5AYXMKdJu0sJWYI34KWjKr2chMQV4d/WNT6eBEOMajA7jKelnp+kHQ/m+752K7sLUIJyOkvlUN1E/x+VoiWNEPTHcWfliwx6B93ZQ9pVe5Gw2rWmC0+QC+iXMRWqfGh0H3JKlv/PaZASIuEnfRmxs3zbhwo1tzp71iTWAawqk6SsQi0uhbcqm6ZFIMGO+oAsGbmbqIABUFTCRad3kuX+YneJB/Lewa2qSCzWEz0aaVz2naY8DGQbcO1Ygs0ewLyICdHFCNC8ckQeYnulFS9okC7AszaEFcdpaj4nzJInw+WcHm+nA9HOgh2pee7Ew2okPYoUhVLGeJw7/tmDfzmcYcTU5yzabwSWjthZYJFL5kpag1GJ1WnhxyUCkKAyMh33htM58hVsAC5Z9EPZrWo9BcPHUMq4P3vMufxQMGGCgjWR9VCeFan3jecUpU/ZeC6jimPuxWirfw5xXSrNQhvlehfykA9JlpMgTf5hhsLngJXplEm9CyLjUUz4pGXpzOFchd5H3mfO9KE/KAJQP0lo7LeQyafSeWYxIByhwSI6Fd9wqfh13VRrFwWLPpFm3s1JeQgZR/nlKFL1M1cCGpg7OhT22R8FQaiEEFel2FOUcgkAzPJ+tddbBb/vSnr6Lv38cjavAaxwjWHIFX9Is4gVCH9v7YEPlnVlAVqUKG4pY9bPJqIE/A6xK1mye6YhriGDSYyjcO72pif4sR1Ryx2Bqw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(52536014)(966005)(186003)(26005)(8676002)(6916009)(122000001)(7696005)(5660300002)(2906002)(8936002)(45080400002)(82960400001)(38100700002)(498600001)(33656002)(83380400001)(66476007)(55016002)(64756008)(4326008)(38070700005)(76116006)(53546011)(71200400001)(6506007)(86362001)(9686003)(66946007)(66556008)(66446008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 4z8sQUsqEMrE/5flYY7h+u0UoAelVp6RDg4DVTpnu9O2KDAE2Efrce62HleerWD3wi1zLQv7GLnegGiAEaQ1HTu9xlpn5LhwOZOeJ4VImGkSXzyCw1D5KMOzGPCq1eXspuKOvYVnPnhSLeXHea3AmN37KOf9BF2fVSzbrr+5QyAgrDdLDXDgdXXkS6xFZOtac/a4SvBypRwhQ1i+Oc1QnIjxaBOCNFXWvvg0/BL/yEWc3SY+uT5vDXGOqaMma6OfPzuvwA6CSiEk7LF9Kp+F1/5dpBVfhYJ5iU/RBS9KUH9af4lVAfnNbSf/uRdGhMkQLlC7jl/sCBP3SDRLmJn/nrWP63nu3fpj5U83vBLx8BuvoGhMPwnkU7gQI8DybRPUm6Ng/T3Iuzgo3u52YlnlcbjsJiQR3Igtp3/Zo8A/rqB2J/p0Jbby7VwlukIu6emQ2vX8crPs2e/8HpfNoB1f37eZIU8fi4++5dR+VkhyqHX/DYDxUmMXfvz9fSvfVSPKH6BpiqSA5TtN8irDRvV84hCGSFZRfmZQ7w9DeIMUp6kNGYekRF4SrZCHpjZt3GJtgo1vZdrVV5KMfp7xMdMhas+4WFglFV0AsF4joJMJn9WMOHlQR5un2CLl98d2W6n1k9ZS9Vd6YmTiYdWRxykDPTYi5OGGNjKUqSUY5kIe8gpX7WOpdBdLomF856ZBVnfGhgTZDh7+RdonWnbbC+Q5PJJT5VgLkw1/c+B7LBIPHeA=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 33c1402d-e21d-45d5-2404-08d999494119
X-MS-Exchange-CrossTenant-originalarrivaltime: 27 Oct 2021 12:56:55.2305 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0755
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HdxJRTk6dlzAFYPUCP5Nk5Y_msw>
Subject: Re: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Oct 2021 12:57:04 -0000
Hi Hendrik! > -----Original Message----- > From: Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> > Sent: Wednesday, October 27, 2021 2:26 AM > To: Roman Danyliw <rdd@cert.org> > Cc: LAMPS WG <spasm@ietf.org> > Subject: AW: AD review of draft-ietf-lamps-cmp-algorithms-07 > > Roman > > Many thanks for your valuable and detailed review. > We will come back to each of your comments in detail later. Sounds like a plan. > > ** Section 2, 3, etc. Editorial. When listing the places where digest > > and signature algorithm identifies are found, consider if enumerating > > them as a bulleted list might be easier to read. For example: > I like you suggestion using a bulleted list for the algorithm usage. > > > -- I'm mentioning it here but it applies to the other uses, using > > spaces to convey the nested CMS structure is confusing. > I was thinking about a better delimiter to convey nested structures. What do > you think about '-' or '/'? I have a weak preference for "-" but can live with anything that isn't a space. Thanks, Roman > Hendrik > > > Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Roman Danyliw > > Gesendet: Dienstag, 26. Oktober 2021 23:49 > > > > Hi! > > > > I did an AD review of draft-ietf-lamps-cmp-algorithms-07 with my > > comments below. Thanks for this work to evolve CMP. > > > > ** Section 2, 3, etc. Editorial. When listing the places where digest > > and signature algorithm identifies are found, consider if enumerating > > them as a bulleted list might be easier to read. For example: > > > > OLD > > Digest algorithm identifiers are located in the hashAlg field of > > OOBCertHash, the owf field of Challenge, PBMParameter, CertStatus, > > and DHBMParameter, and the digestAlgorithms field of SignedData and > > the digestAlgorithm field of SignerInfo. > > > > NEW > > Digest algorithm identifiers are located in: > > * hashAlg field of OOBCertHash, > > * owf field of Challenge, PBMParameter, CertStatus, and DHBMParameter > > * digestAlgorithms field of SignedData > > * digestAlgorithm field of SignerInfo. > > > > ** Section 2. > > Note: Specific conventions are needed for CertStatus content in > > certConf messages when confirming certificates where the > > AlgorithmIdentifier of the certificate signature does not clearly > > imply a specific hash algorithm. In such cases the hash algorithm to > > use to build certHash should be specified, e.g., as done in > > Section 2.1 and Section 2.2 for certificates signed using EdDSA. > > > > I'm confirming my understanding of the text. Is the specific > > convention being described here the second sentence (i.e., explicitly > > specifying the hash algorithm)? I ask because "conventions" was > > plural suggesting that there was more than one. > > > > ** Section 3. Editorial. s/Section 7.2,RFC/Section 7.2, RFC/ > > > > ** Section 3.1. Editorial. > > OLD > > The algorithm identifiers for RSASAA-PSS signatures used with SHA2 > > message digest algorithms is identified by the following OID: > > > > NEW > > The algorithm identifier for RSASAA-PSS signatures used with SHA2 > > message digest algorithms is identified by the following OID: > > > > ** Section 3.3. Editorial. s/signature algorithm Ed25519 > > MUST/signature algorithm Ed25519 that MUST/ > > > > ** Section 4.1. > > > > Key agreement algorithm identifiers are located in the EnvelopedData > > RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields. > > > > -- "keyEncryptionAlgorithm" is the type, the field name is > > "KeyEncryptionAlgorithmIdentifier" per Section 6.2.1 of RFC5652. It > > should likely read "... KeyAgreeRecipientInfo > KeyEncryptionAlgorithmIdentifier". > > > > -- why is "fields" plural? Isn't the cardinality here a single field? > > > > -- I'm mentioning it here but it applies to the other uses, using > > spaces to convey the nested CMS structure is confusing. > > > > ** Section 4.1. Checking my understanding, is it accurate that both > > the key agreement algorithm identifiers and the key encryption > > algorithm identifiers are going to the same place in EnvelopedData? > > > > ** Section 4.1. > > Wrapped content-encryption keys are located in the EnvelopedData > > RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys > > encryptedKey field. > > > > -- "encryptedKey" is also a type. It should likely be "EncryptedKey" > > per Section > > 6.2.2 of RFC5652. > > > > -- My ASN.1 reading always needs help. Should it be "... > > RecipientEncryptedKeys RecipientEncryptedKey EncryptedKey" or > > "RecipientEncryptedKeys EncryptedKey"? Same thing would apply to > > "RecipientInfos" and "RecipientInfo". > > > > ** Section 4.2. > > Key transport algorithm identifiers are located in the EnvelopedData > > RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field. > > > > Similar to Section 4.1, keyEncryptionAlgorithm is the type. It likely > > should be KeyEncryptionAlgorithmIdentifier per Section 6.2.1 of > > RFC5652 > > > > ** Section 4.2 > > Key transport encrypted content-encryption keys are located in the > > EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey > > Field. > > > > Similar to Section 4.1, encryptedKey is the type. It likely should be > > EncryptedKey per Section 6.2.1 of RFC5652. > > > > ** Section 4.3. As before, > > s/keyEncryptionAlgorithm/KeyEncryptionAlgorithmIdentifier/ > > > > ** Section 4.3. As before, s/encryptedKey/EncryptedKey/ > > > > ** Section 4.4. As before, > > s/keyDerivationAlgorithm/KeyDerivationAlgorithmIdentifier/ > > > > ** Section 5. Editorial. s/Section 7,RFC/Section 7, RFC/ > > > > ** Section 5. As before, s/ contentEncryptionAlgorithm > > /ContentEncryptionAlgorithmIdentifier/ > > > > ** Section 6. Editorial. s/Section 7,RFC/Section 7, RFC/ > > > > ** Section 6.1.1. Editorial. s/andAlgorithm/and Algorithm/ > > > > ** Section 7. I would have benefit from a bit more clarity on the > > direction provided in this section. > > > > -- "The following criteria will help implementers choose appropriate > > algorithms for managing certificates" > > > > The bulleted list seems like only part of the criteria. As a > > non-exhaustive list, additional considerations might be the > > capabilities of the end-point (e.g., does the target deployment have > > hardware acceleration for some, are some algorithms simply out of > > reach due to available compute or expected software support); or perhaps > local policy or compliance requirements? > > > > -- "The cryptographic strength of the algorithm with the lowest security." > > > > It seems like some words are missing here. Is the intent here to > > guide the selection towards the algorithm that provides the minimum > > amount of strength relative to the needed security requirements? > > > > ** Section 7.1. The text in this section seems it should explicit say > > that it is updating RFC4210. > > > > OLD > > The following table contains definitions of algorithms used within > > > > NEW > > The following table updates the definitions of algorithms used within > > > > ** Section 7.1. If an algorithm is listed in the "Change from 4210" > > column, should it be considered the equivalent of being added to the > > "other" column (per Appendix D.2 of RFC4210? If so, please be explicit about > that. > > > > ** Section 7.1. Table 1. > > > > -- What does it mean for PasswordBasedMac to be in both the Mandatory > > and > > Change-from-4210 column for the MSG_MAC_ALG row? It was already the > > MTI in RFC4210. Same question and situation with D-H for the > PROT_ENC_ALG row. > > > > -- Should 3-DES be considered "other" in MSG_MAC_ALG and > PROT_SYM_ALG? > > > > -- Editorial. In PROT_SYM_ALG and SYM_PENC_ALG, the "3-DES > > (3-key-EDE), CBC Mode" should read "3-DES (3-key-EDE, CBC mode)" per the > text in RFC4210. > > > > ** Section 9. Can a reference be added for the theoretical weakness > > in PasswordBasedMac? > > > > ** Section 9. Editorially, the first paragraph ("RFC 4210 Appendix > > D.2 ...) and the two paragraphs of "In Section 7 ..." and "To keep the > > list ...", seem to be saying the same thing. Recommend a merge. > > > > ** Section 9. > > In such systems the weakened algorithms should > > be disabled from further use. > > > > Can this document make stronger recommendations about deprecating > > certain algorithms such as 3-DES SHA-1 with normative language rather > > than keeping it in the "other" category in the profiles? > > > > ** Normative References. [I-D.ietf-lamps-lightweight-cmp-profile] > > should be a normative reference given the use of normative language > > around it in Section 7.2. > > > > Regards, > > Roman > > > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://eur01.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww. > > ietf > > > .org%2Fmailman%2Flistinfo%2Fspasm&data=04%7C01%7Chendrik.brockh > a > > > us%40siemens.com%7C2394a26fac8b4a6b67b508d998ca7af2%7C38ae3bcd95 > 7 > > > 94fd4addab42e1495d55a%7C1%7C0%7C637708817695901864%7CUnknown > %7 > > > CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLC > J > > > XVCI6Mn0%3D%7C1000&sdata=5aRCZDwb1xqkuvlnErpd2w07Bktd3LjpA7 > IA > > xZClxLc%3D&reserved=0
- [lamps] AD review of draft-ietf-lamps-cmp-algorit… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Roman Danyliw
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Mike Ounsworth
- Re: [lamps] AD review of draft-ietf-lamps-cmp-alg… Brockhaus, Hendrik