IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 15 February 2023 20:15 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A33FDC14CE25 for <spasm@ietfa.amsl.com>; Wed, 15 Feb 2023 12:15:16 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.095
X-Spam-Level:
X-Spam-Status: No, score=-2.095 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ahzAD4PSN2Vk for <spasm@ietfa.amsl.com>; Wed, 15 Feb 2023 12:15:12 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0E984C14EB12 for <spasm@ietf.org>; Wed, 15 Feb 2023 12:15:11 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31FFcRej010438; Wed, 15 Feb 2023 14:15:05 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : mime-version; s=mail1; bh=uQUkHX/9QW1bvFykTX3NmGA41nouOxIc42Dp7Exuvzg=; b=BOoXAW/bLev3NP0x/2/qAcVUG6nAv2AtdM39mO9TALqdKCEFQeUDSi2PsgQPOmdLmPEG ggZKY8Em6CPh+Q7VDcUUvNeOwbb/qJRd3W3YoyJXje/egNnaPJcJHWwub7p6SyKZ21mZ FCZtDz0TlBZNdnIS8Vtn7ziGmK7jVnFdCR/Qe5xCYaJLeCM2sCtCtVnYMP+irnUFKD4/ 5S4kxCBEk7od1Oo41o1W5qBq78ER/dULmAZCyC9nqwX34auKOQBfwl7OTe7aiekvtPCs +9gHOiN0F45nGAEPHi4wPEEOGC1MlT02cnC6G5yRkwQDW1AFKyvOJnfXGc/43DZpJc9R nQ==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2174.outbound.protection.outlook.com [104.47.59.174]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3np8k7yf6x-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Feb 2023 14:15:04 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=RMITvfluoiAdXpyOeJPdYSPQfb9FUV53jcu09E2kMYPVUDEiDv6jSReMPAlIBc687fSX+uz87/Fy3v9jr4pKJhKoQy8w0ctT/yobppzlkxV9DXM5p3gE5i7LGsNgiodNK2U8q2yVUW2IsvpCwEjpdfIOUSlLOFW9k+ORDtdGcCGGmKZ9uHcKe2UaEXuGPfUFM3LF9wRsHJPH8vDKuNnROBMxTs2GoV740OXXP16pS4XOaKHMp602KnHesFjuodDU6l+YSd4oWkMp6jWQ2+pMufr7Qpa/OCAp2D+ngDmv+uEiratcLzS8QAa49p/j7tPTJJZUl/Oh1ro72Bs+H7bANA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=uQUkHX/9QW1bvFykTX3NmGA41nouOxIc42Dp7Exuvzg=; b=lTE6b9ZaSZdOrsdoZvzLPsdZRZ6vvRl15y3IbWRyfM0A172y8/bMmTMr7AUGP49N6jJDGrr87zXSy6PMZxwdfM+oScHEV8LOtvGN/0JCTs3j5Ut1XkLx1PuLFI8hrgp3b4fjMKBjLyvZEkxqkQF6+Npaje+HJfWFw8PwMUfjRfBQ9zlPh+HqOUbjPsjsh/GzpTbPRXT77b0seTWOS7EvspVlTad43mwDKWOs8MYJJdKaLGZHYhSot5eOWSmg4Ov+A3XbdZkQdPQ6yCoNl9wvQ+gTu6runwOTKzyF7eg0LqjFNH9vaYKhhpLX+Tqhj6ou+FRAXa3UJWS4WCkM3H30tA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DS7PR11MB7929.namprd11.prod.outlook.com (2603:10b6:8:e5::7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6086.26; Wed, 15 Feb 2023 20:14:59 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860%4]) with mapi id 15.20.6086.026; Wed, 15 Feb 2023 20:14:59 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: John Gray <John.Gray@entrust.com>, Russ Housley <housley@vigilsec.com>, Uri Blumenthal <uri@ll.mit.edu>
CC: Carl Wallace <carl@redhoundsoftware.com>, LAMPS <spasm@ietf.org>, David Hook <dgh@cryptoworkshop.com>, Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com>
Thread-Topic: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt
Thread-Index: AQHZQJceWsFZZGGCt0G9Rm9ilUxc+K7Orb/AgAArZUCAARqCgIAAJC8AgAALBoCAAAGYgIAAL3IAgAAeukA=
Date: Wed, 15 Feb 2023 20:14:59 +0000
Message-ID: <CH0PR11MB5739CEEE59E8E737B391590C9FA39@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <167605247376.27500.15893872363441408974@ietfa.amsl.com> <0C1190E4-A3D2-4502-ACA0-04C1173A4A1A@vigilsec.com> <CH0PR11MB57395C12457E3A0158587BC59FDD9@CH0PR11MB5739.namprd11.prod.outlook.com> <DDD4695E-9C6C-41FD-901B-89CF22494DE3@vigilsec.com> <CH0PR11MB57392A7F6AF05BD7FADE06C59FA29@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB57397D5CB5AAF387B45974459FA29@CH0PR11MB5739.namprd11.prod.outlook.com> <2955ECDB-7E35-43B5-A761-798A66048ABC@redhoundsoftware.com> <BYAPR11MB2582E8076543751748779DD2EAA39@BYAPR11MB2582.namprd11.prod.outlook.com> <54FE4BC5-C2A8-4D04-9514-7BCFE2B91AC8@ll.mit.edu> <4007EC18-6317-47D9-9603-8A83C1EAE891@vigilsec.com> <BYAPR11MB25828F1111B128C96608574AEAA39@BYAPR11MB2582.namprd11.prod.outlook.com>
In-Reply-To: <BYAPR11MB25828F1111B128C96608574AEAA39@BYAPR11MB2582.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DS7PR11MB7929:EE_
x-ms-office365-filtering-correlation-id: 6bb3ba63-e995-4c71-00bd-08db0f915063
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: d3SSfuF1/g3jWHJM3bAs1qNjM4M9k/ryP3fm54Jw0A7gJuT50XuwwX+ey4l6hPjTA2GpHncY9YgG3BpdX0UyVs04bf6Jw4lUIPGdj26fqRqxCN6ezk0u/JiIDUb/Vcb+N2qOP5oUncJZ779MHzRUm1WHxVMu1Jq7LjpUA34WOoqxtwV3IIzHq5McwPMRckk2oKBK/W/gsZQ54lyKSJc/cxm22XsWRauQs4e+UQinP7we/+YN8CEl316tDgfVoKo0Ym+pG8Gpj8IYNXSu7lcmKNCL4MdZKTlABTxPk/GFn7c6RKLaiUmvB6ujiQ8PVBuK+M3vlgBu0ktNsTOLyU2Mo5ACNhq9Bih6stNOKpkJELHs7LvQ/L9UxrplCoNl7uny9dkzQ2X4dsm26nQDbYfBUXypIjTZtBbnpBIPGVkUeFS2Dkfxf3fMYa2tDovzJoKJqVyl95us9weCUUZ66FaM6xymInFhc6jap50Ur9AswcSOZ8YFLKxKQLbv+QKK1aqsvfSzOH6STwckUwN+7i/2fhG200MB05k78Rr1Fpl1n3EjbB7bZ3rME+OyoE2vUa6h+Q0RD8IbZY/x1H+0uIJmUSul18U9pbuAuNhNuWUIOm02CIZvZc9+gWSJjQrfg8uyvcPimAFwShcw04z+J+87OyI3Q6jRSeFd3ZLf+ir5v0EU7N974mZBISLR9xuejoR2LeemYWVHYUhGf6ci/tYAN8fb7GfAp8+hIljMQLUhgTk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(136003)(396003)(39850400004)(366004)(376002)(346002)(451199018)(122000001)(38100700002)(2906002)(66899018)(166002)(15650500001)(66574015)(83380400001)(30864003)(86362001)(64756008)(66476007)(966005)(478600001)(66446008)(66556008)(52536014)(5660300002)(6506007)(41300700001)(53546011)(186003)(66946007)(33656002)(4326008)(54906003)(110136005)(55016003)(7696005)(76116006)(8676002)(316002)(8936002)(9686003)(26005)(38070700005)(71200400001)(559001)(579004); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WR6pb782AT4KgzQQJqR9y4DJU9M5plaQZVz97znblosa8gZNTOMvIWulELTbJ1cXAHeVrLUa8gIXfQ+/Nrs/94oR4cBF/YBzSVCm6PpLURJSFBpId5drAQkv9FYglB7S94gUEUiA/w6Mrki0Zwa3wUx4vXhNfjAu+7NhlWJFhZWFwJ3szharmXQCgtm8fLz0XvTytsqakNmwuTQSFthybHed7NrgUmMAbtAhm8tY+YOuRVCzGvOymuJ+1D9AEnNGNFGmPW5PZUfh58mfjElDeM+DfEmt6W/neZfoGhAINbC5G/YVWBl5gIaHsje2of3Yd/DGVZJ2QZEiqvYuok3s47D4twH3F6I6tby/KhtZ5mO0j1R+Uawr0b/IIBcPIxQCroJ817YRPbHO5aqPLCwqa5Q+d+DubDpWbAH5RzHuYEu/G3uQzWYyLC/FVmlHtqJerle2SyxvMtq13J5v6EJdkM1XIdY4oKdhkcwFxRFvyWRn6ABHP3t9PbY3xxZkiFUE3gKAGP+yVaDusebqx25nM55AkwyFdf3he9IvRMIoeqTnXrysYaBIO0grd6BoKgXKJkjDostVUu0cNcnJCXbcGe0SixAsxUKrsA8exE0EziXvCH/aUINwLyxTitEcU820XiWZmuaEUn2LrnLSA8nbH3OH+GGIqVcgVGiRCfn7Obe70pEQf+5n0tUqriF7gnZWAIUooWSZLBNDePwz6UtyUaJgWC75m891ruqS2y7l5wVAYGjhwNR8Qzg22XCUsG593q1U5YAd1MZV0BqYnnFhYTDjBomPfjR1fad48bvzt3aldf7YsWCxzCFxOolwgbJZfbPKqXTrnz4qjgLISEOQvkMY92rrDDplMKcju5TsGL0uU+2RFHEPkcaPcVFXqvw5B1PMC00neYv9d5sCCdEhaF2XeSKPcwDECy96Ya52Z73xykL5WSylddWRXf0yLNRVn27gKi2ntjHJaXUOV5XG5ZBwdhzDGeL0I6Rw5s8+uNDKWeXLxHzW1/EiT26CEHFP8VQTNqlRvmsfeta9TWQr7ZnQBnJqnv7druvKfdxhRo8HHILdOl0uvbf3OGVeMXpZHhfGrpWgPrrPaVlks3+X1SmSas73OgQCDVBm/FtpD8H935WrxQnoZWCv05TD0d8kY2DhHZbPuy8PjC1OtXiMPU6Me9IB1qWZRcMYqcMnkgHN39rpnPuWCP6ptFrdrAum2rzlPLOkSHSu9DqKm9fxt5gmbemuoCj5SeaPcB2Ea4QSTOdb3j21D00CxLwKGUFxFDG7Po/00A/Gyxhqf4cmWEHpa9L3axklzpqdjResLDEjRuoAFkSgFhIZUhuNEGI+lUu139aJaDoUTSVhUqeT9AYZK8w446v4gTA0EiXzqWncb8g75qPABv6nEup6CmwDbMB8V3JcpfAwbqu87rdlzjEF3RjrXABGDE2+sOD0eEmg6Uw0dwV/8mM2r6748m87MHklXwV1FI4kaaxVxtB/3Kr35mxu3nN4wFbQmTavQALJDZ1O96E1f+uWm7tJcW5vzwLG+KiH88S0+a/m2z2NC5QXi9iCeyUYpGrp61rriZ4i3JnFDxyW7lT3+iNuxc0BoW6xGq7RnmeeD8nl9dj3Sw==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739CEEE59E8E737B391590C9FA39CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 6bb3ba63-e995-4c71-00bd-08db0f915063
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2023 20:14:59.6240 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 6Eq2EiLCuFRizDfwbAehIjAtdaWtatAyaOG+hw0uGl5gOOJ6Kc7bciKl9z7XUiSdPEco8KOGc6NucjVMsM2wxvy8jX/IZjXTwvMfuTr7jGE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB7929
X-Proofpoint-ORIG-GUID: iYxF0btZ1hQiqBsAJJFx3qFiNPdBnEms
X-Proofpoint-GUID: iYxF0btZ1hQiqBsAJJFx3qFiNPdBnEms
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-15_11,2023-02-15_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 adultscore=0 clxscore=1015 mlxscore=0 impostorscore=0 priorityscore=1501 lowpriorityscore=0 phishscore=0 suspectscore=0 spamscore=0 bulkscore=0 mlxlogscore=999 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302150175
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/HnayeSyisRimzmsEfGp5r3E4lzM>
Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 20:15:16 -0000

Thanks John. I will change CompositeCiphertextValue to SEQUENCE SIZE (2..MAX) of *OCTET STRING*.

Uri, I think I mistakenly said that KEMRecipientInfo.kemct was BIT STRING. As Russ says, it is in fact OCTET STRING in draft-housley-lamps-cms-kemri-01.

My mistake, sorry for that.

---
Mike Ounsworth

From: John Gray <John.Gray@entrust.com>
Sent: Wednesday, February 15, 2023 12:23 PM
To: Russ Housley <housley@vigilsec.com>; Uri Blumenthal <uri@ll.mit.edu>
Cc: Carl Wallace <carl@redhoundsoftware.com>; Mike Ounsworth <Mike.Ounsworth@entrust.com>; LAMPS <spasm@ietf.org>; David Hook <dgh@cryptoworkshop.com>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com>
Subject: RE: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

Sorry,  my bad.  The current kemct structure in KEMRecipientInfo is an OCTET STRING.  Didn’t mean to imply it was a BIT STRING and open up old wounds…   ☹


However, this discussion is also good input for the Composite KEM draft, meaning we should probably use

    CompositeCiphertextValue ::= SEQUENCE SIZE (2..MAX) OF OCTET STRING

Cheers,

John Gray



From: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Sent: Wednesday, February 15, 2023 10:33 AM
To: Uri Blumenthal <uri@ll.mit.edu<mailto:uri@ll.mit.edu>>
Cc: John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>; Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>>; Mike Ounsworth <Mike.Ounsworth@entrust.com<mailto:Mike.Ounsworth@entrust.com>>; LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>; David Hook <dgh@cryptoworkshop.com<mailto:dgh@cryptoworkshop.com>>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com>>
Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

Uri:

The new KEMRecipientInfo does not use BIT STRING.

We are not going to create X.509v4 in order to get rid of the BIT STRINGs that are in that structure.  Adding a format transition to the PQC algorithm is the topic o the CWP mail list.  That is not a topic for this mail list.

Russ


On Feb 15, 2023, at 10:27 AM, Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu<mailto:uri@ll.mit.edu>> wrote:

Why are we stuck on the archaic screwed-up misguided BIT STRING, when everything actually is OCTET STRING?

Reason for this comment: in my (extensive) experience of writing and dealing with parsers and codecs for different binary formats, BIT STRING often is conducive to implementation “issues” that negatively impact security.

<soap>IMHO, it was wrong to use BIT STRING then, it is crazy to keep using it now.</soap>
--
V/R,
Uri
There are two ways to design a system. One is to make it so simple there are obviously no deficiencies.
The other is to make it so complex there are no obvious deficiencies.
                                                                                                                                     -  C. A. R. Hoare

On 2/15/23, 09:48, "Spasm on behalf of John Gray" <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> on behalf of John.Gray=40entrust.com@dmarc.ietf.org<mailto:John.Gray=40entrust.com@dmarc.ietf.org>> wrote:

    Thanks for the input!

    I think I now understand why it is useful:   if there is a structure associated with the KEM Ciphertext (other than it just being a BIT STRING), then the VALUE would offer the compiler information about the structure of the block of data (as Mike pointed out).

    In the case of our composite KEM draft (which is currently being updated), there is structure associated with the BIT STRING(s) (though it is a very simple structure):

    CompositeCiphertextValue ::= SEQUENCE SIZE (2..MAX) OF BIT STRING

    Adding the VALUE in the information object would give the additional information to tell the compiler how to deal with the structure.     When it is not needed, then it just doesn't need to be picked up in concrete implementations.


     Cheers,

    John Gray


    -----Original Message-----
    From: Carl Wallace <carl@redhoundsoftware.com<mailto:carl@redhoundsoftware.com>>
    Sent: Wednesday, February 15, 2023 7:39 AM
    To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org>>; Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
    Cc: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>; David Hook <dgh@cryptoworkshop.com<mailto:dgh@cryptoworkshop.com>>; John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com>>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com>>
    Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

    Adding a Value field to the object class makes sense to me. As another example, RFC5912 includes a Value field in the SIGNATURE-ALGORITHM definition. The Value field is omitted for RSA instantiations but populated for DSA. This case is similar.

    On 2/14/23, 2:55 PM, "Spasm on behalf of Mike Ounsworth" <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> <mailto:spasm-bounces@ietf.org> on behalf of Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org> <mailto:40entrust.com@dmarc.ietf.org>> wrote:


    2a)


    Here's what I believe is an equivalent example from existing RFCs


    RFC 5280


    SubjectPublicKeyInfo ::= SEQUENCE {
    algorithm AlgorithmIdentifier,
    subjectPublicKey BIT STRING }


    Ok, fine, so the sPK will be a BIT STRING on the wire,


    But RFC 5912 gives this information class:


    PUBLIC-KEY ::= CLASS {
    &id OBJECT IDENTIFIER UNIQUE,
    &KeyValue OPTIONAL,
    &Params OPTIONAL,
    &paramPresence ParamOptions DEFAULT absent, &keyUsage KeyUsage OPTIONAL, &PrivateKey OPTIONAL


    with this example instantiation:


    -- pk-rsa-pss PUBLIC-KEY ::= {
    -- IDENTIFIER id-RSASSA-PSS
    -- KEY RSAPublicKey
    -- PARAMS TYPE RSASSA-PSS-params ARE optional
    -- CERT-KEY-USAGE { .... }
    -- }


    so if you happen to know that the `subjectPublicKey BIT STRING` will actually be a RSAPublicKey, then you can give that hint to the compiler via PUBLIC-KEY.KEY.




    I think the same should be true of the KEM-ALGORITHM; the kemct *IS* a BIT STRING, but if you happen to know what its internal structure is for a given instantiation, then you should be able to give that hint to the complier via the KEM-ALGORITHM class. I'm only 80% confident about this ASN.1-foo, so maybe I'm misunderstanding something?


    ---
    Mike Ounsworth


    -----Original Message-----
    From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> <mailto:spasm-bounces@ietf.org>> On Behalf Of Mike Ounsworth
    Sent: Tuesday, February 14, 2023 11:16 AM
    To: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com> <mailto:housley@vigilsec.com>>
    Cc: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org> <mailto:spasm@ietf.org>>; David Hook <dgh@cryptoworkshop.com<mailto:dgh@cryptoworkshop.com> <mailto:dgh@cryptoworkshop.com>>; John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com> <mailto:John.Gray@entrust.com>>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com><mailto:tomofumi.okubo+ietf@gmail.com>>
    Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt


    1) Good.
    2) Good.


    2a) Not a necessarily a problem, but maybe an opportunity to use the information object class to give the ASN.1 parser more info about the structure that it can expect to find in the KEM value field? Like if we're defining a kema and we know that the kemct value will be the BIT STRING representation of a structured ASN.1 object, you'd think you could express that in the information object?


    ---
    Mike Ounsworth


    -----Original Message-----
    From: Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com> <mailto:housley@vigilsec.com>>
    Sent: Tuesday, February 14, 2023 11:09 AM
    To: Mike Ounsworth <Mike.Ounsworth@entrust.com<mailto:Mike.Ounsworth@entrust.com> <mailto:Mike.Ounsworth@entrust.com>>
    Cc: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org> <mailto:spasm@ietf.org>>; David Hook <dgh@cryptoworkshop.com<mailto:dgh@cryptoworkshop.com> <mailto:dgh@cryptoworkshop.com>>; John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com> <mailto:John.Gray@entrust.com>>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com><mailto:tomofumi.okubo+ietf@gmail.com>>
    Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt


    Mike:


    1) I chatted with David Hook, and asked him to review the I-D. He did. He was more happy with "kemct" than "ciphertext". It would be good to hear from others on this topic.


    2a) Yes, I think that kema- is the right prefix.


    2b) I do not see how this is different than putting RSAPublicKey into the SubjectPublicKey BIT STRING. Please explain.


    Russ




    > On Feb 13, 2023, at 11:53 AM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org<mailto:Mike.Ounsworth=40entrust.com@dmarc.ietf.org><mailto:40entrust.com@dmarc.ietf.org>> wrote:
    >
    > I support adoption.
    >
    >
    > Technical feedback:
    >
    > 1) 'kemct' vs 'kemenc'
    >
    > I know this is "just terminology", but @David Hook (BouncyCastle) made the point during our last hackathon that he's runt into real-world issues with people who insist on using a KEM ciphertext as a drop-in for an RSA ciphertext, so changing the language to "encapsulated value (enc)" would help.
    >
    > I notice that "kemenc" would be in line with HPKE RFC 9810:
    >
    >> def Encap(pkR):
    >> return shared_secret, enc
    >
    >> def Decap(enc, skR):
    >
    >
    > 2) ASN.1 naming convention for KEM-ALGORITHMs?
    >
    > For example in the Composite-KEM draft, we're gonna need to instantiate your KEM-ALGORITHM, for example:
    >
    > kema-CompositeKEM KEM-ALGORITHM ::= {
    > IDENTIFIER id-alg-composite-kem
    > VALUE CompositeCiphertextValue
    > PARAMS composite-kem-params
    > PUBLIC-KEYS { pk-Composite }
    > SMIME-CAPS { IDENTIFIED BY id-alg-composite } } }
    >
    >
    > Is "kema-" an appropriate prefix?
    >
    > 2b) looking at my KEM-ALGORITHM vs yours; do you need a VALUE to indicate the type of the encapsulated value? In general it may not always be a BIT STRING as some may have ASN.1 structure (as in the case of composite).
    > ---
    > Mike Ounsworth
    >
    > -----Original Message-----
    > From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org> <mailto:spasm-bounces@ietf.org>>
    > On Behalf Of Russ Housley
    > Sent: Friday, February 10, 2023 12:12 PM
    > To: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org> <mailto:spasm@ietf.org>>
    > Cc: John Gray <John.Gray@entrust.com<mailto:John.Gray@entrust.com> <mailto:John.Gray@entrust.com>>;
    > Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com<mailto:tomofumi.okubo+ietf@gmail.com>
    > <mailto:tomofumi.okubo+ietf@gmail.com>>
    > Subject: [EXTERNAL] Re: [lamps] New Version Notification for
    > draft-housley-lamps-cms-kemri-01.txt
    >
    > WARNING: This email originated outside of Entrust.
    > DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
    >
    > ______________________________________________________________________
    > The biggest change is in the ASN.1 module. Many other documents will need to IMPORT the KEM-ALGORITHM CLASS, so we put it in a separate module. Since we were making edits, we also fixed the things that were reported during the call for adoption, including one comment that was recieved in private email.
    >
    > For the authors,
    > Russ
    >
    >
    >> On Feb 10, 2023, at 1:07 PM, internet-drafts@ietf.org<mailto:internet-drafts@ietf.org> <mailto:internet-drafts@ietf.org> wrote:
    >>
    >>
    >> A new version of I-D, draft-housley-lamps-cms-kemri-01.txt
    >> has been successfully submitted by Russ Housley and posted to the
    >> IETF repository.
    >>
    >> Name: draft-housley-lamps-cms-kemri
    >> Revision: 01
    >> Title: Using Key Encapsulation Mechanism (KEM) Algorithms in the
    >> Cryptographic Message Syntax (CMS) Document date: 2023-02-10
    >> Group: Individual Submission
    >> Pages: 16
    >> URL:
    >> https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-hou<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-hou>
    >> sley-lamps-cms-kemri-01.txt__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayX
    >> GJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV4LQImBN$
    >> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ho<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ho>
    >> usley-lamps-cms-kemri-01.txt__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Yay
    >> XGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV4LQImBN
   >> $>
    >> Status:
    >> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-ho<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-ho>
    >> usley-lamps-cms-kemri/__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJTAh
    >> pNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV3ltVJj5$
    >> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-h<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/draft-h>
    >> ousley-lamps-cms-kemri/__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJTA
    >> hpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV3ltVJj5$>
    >> Html:
    >> https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-hou<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-hou>
    >> sley-lamps-cms-kemri-01.html__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Yay
    >> XGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkVxo37jj9
    >> $
    >> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ho<https://urldefense.com/v3/__https:/www.ietf.org/archive/id/draft-ho>
    >> usley-lamps-cms-kemri-01.html__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Ya
    >> yXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkVxo37jj
    >> 9$>
    >> Htmlized:
    >> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/dra<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/dra>
    >> ft-housley-lamps-cms-kemri__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXG
    >> JTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-zTEbyf$
    >> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/dr<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/dr>
    >> aft-housley-lamps-cms-kemri__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayX
    >> GJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-zTEbyf$
    >> >
    >> Diff:
    >> https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url2<https://urldefense.com/v3/__https:/author-tools.ietf.org/iddiff?url2>
    >> =draft-housley-lamps-cms-kemri-01__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxv
    >> C6YayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV86
    >> eScLM$
    >> <https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url<https://urldefense.com/v3/__https:/author-tools.ietf.org/iddiff?url>
    >> 2=draft-housley-lamps-cms-kemri-01__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdx
    >> vC6YayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV8
    >> 6eScLM$>
    >>
    >> Abstract:
    >> The Cryptographic Message Syntax (CMS) supports key transport and key
    >> agreement algorithms. In recent years, cryptographers have been
    >> specifying Key Encapsulation Mechanism (KEM) algorithms, including
    >> quantum-secure KEM algorithms. This document defines conventions for
    >> the use of KEM algorithms by the originator and recipients to encrypt
    >> CMS content.
    >>
    >>
    >>
    >>
    >> The IETF Secretariat
    >>
    >>
    >
    > _______________________________________________
    > Spasm mailing list
    > Spasm@ietf.org<mailto:Spasm@ietf.org> <mailto:Spasm@ietf.org>
    > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spas>
    > <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spa>
    > s>
    > m__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJTAhpNavKSgHUYOIQzsQ1wkChs
    > UTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-_K9bBa$
    > Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
    >
    > _______________________________________________
    > Spasm mailing list
    > Spasm@ietf.org<mailto:Spasm@ietf.org> <mailto:Spasm@ietf.org>
    > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spas>
    > <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spa>
    > s>
    > m__;!!FJ-Y8qCqXTj2!czYUmWLEiQK9pa6Hm9U26Zo94lTEIDdU20UgwdNTwwLbBoFC4hf
    > M1QOX-yonT6eP8VriKkQf_Dg6P03mRfyjvQ$


    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org<mailto:Spasm@ietf.org> <mailto:Spasm@ietf.org>
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcSO4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcSO4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$><https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcSO4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcSO4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$>>


    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org<mailto:Spasm@ietf.org> <mailto:Spasm@ietf.org>
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZXNeGJSamE-8ZBpnRqofM-2AlZfbytN0tDXLPDqOXXTqIvl7RTweJGmzB3WHL7H3w-RKviLI3bqzl3wbxToK6g$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZXNeGJSamE-8ZBpnRqofM-2AlZfbytN0tDXLPDqOXXTqIvl7RTweJGmzB3WHL7H3w-RKviLI3bqzl3wbxToK6g$>  <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZXNeGJSamE-8ZBpnRqofM-2AlZfbytN0tDXLPDqOXXTqIvl7RTweJGmzB3WHL7H3w-RKviLI3bqzl3wbxToK6g$<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZXNeGJSamE-8ZBpnRqofM-2AlZfbytN0tDXLPDqOXXTqIvl7RTweJGmzB3WHL7H3w-RKviLI3bqzl3wbxToK6g$> >




    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org<mailto:Spasm@ietf.org>
    https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email