Re: [lamps] CMS: selection of key management technique to use for EnvelopedData
Russ Housley <housley@vigilsec.com> Tue, 10 January 2023 18:56 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 23417C1BE87C for <spasm@ietfa.amsl.com>; Tue, 10 Jan 2023 10:56:59 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9HYZdAmgcw73 for <spasm@ietfa.amsl.com>; Tue, 10 Jan 2023 10:56:58 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 13EACC09F849 for <spasm@ietf.org>; Tue, 10 Jan 2023 10:56:55 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id B14A715EBD0; Tue, 10 Jan 2023 13:56:53 -0500 (EST)
Received: from [10.0.1.2] (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 809FE15F14A; Tue, 10 Jan 2023 13:56:53 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <GV2PR10MB6210C0E5B188ACFD762ABEF7FEFF9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
Date: Tue, 10 Jan 2023 13:56:52 -0500
Cc: "Roman D. Danyliw" <rdd@cert.org>, LAMPS <spasm@ietf.org>, "von Oheimb, David" <david.von.oheimb@siemens.com>, "John.Gray@entrust.com" <John.Gray@entrust.com>
Content-Transfer-Encoding: quoted-printable
Message-Id: <354195C9-09DE-4F55-9BD5-8D08E57A4EB8@vigilsec.com>
References: <b8c681f4f7e6728ecec2cb848e43f2228c4cba7a.camel@siemens.com> <db687565617dde5cc08fcedf0f39241255bb5ac8.camel@siemens.com> <E3949494-08FA-4558-8FFA-1FA7143FD61E@vigilsec.com> <c671f3550a3c422398ded9aa687432aabc9731e1.camel@siemens.com> <CAB18899-660F-4BC5-92FB-9A3B7AF7290D@vigilsec.com> <0aedcb9cef4436867986ae78baf64b56cd87c505.camel@siemens.com> <E81F066B-6541-4594-A35C-7553EA7B21CE@vigilsec.com> <GV2PR10MB6210C0E5B188ACFD762ABEF7FEFF9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.10 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/IP4yV3_hzy84MX82pOrHiZTdTqI>
Subject: Re: [lamps] CMS: selection of key management technique to use for EnvelopedData
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 10 Jan 2023 18:56:59 -0000
The proposed changes seem fine to me. Russ > On Jan 10, 2023, at 11:56 AM, Brockhaus, Hendrik <hendrik.brockhaus@siemens.com> wrote: > > Russ > > Thank you for this clarification on how to choose the right key > management technique. > As explained by David, we currently focus on the key usage in the > certificate used for protecting the certificate request message. As key > usage may be set wrongly in this certificate, this is not the best way to > specify which key management technique to use. > As explained in this mail thread we should point at the type of the public > key instead of the key usage extension. > Therefore, I propose the following clarification in the central key > generation section in draft-ietf-lamps-cmp-updates Section 2.7. > > OLD > The choice of the key management technique to be used by the sender > depends on the credential available at the recipient: > * Recipient's certificate that contains a key usage extension > asserting keyAgreement: The content-encryption key will be > protected using the key agreement key management technique, as > specified in CMS section 6.2.2 [RFC5652]. This is the preferred > technique. > * Recipient's certificate that contains a key usage extension > asserting keyEncipherment: The content-encryption key will be > protected using the key transport key management technique, as > specified in CMS section 6.2.1 [RFC5652]. > > NEW > The choice of the key management technique to be used by the sender > depends on the credential available at the recipient: > * Recipient's certificate with a public key that supports key agreement > and where any given key usage extension allows keyAgreement: The > content-encryption key will be protected using the key agreement > key management technique, as specified in CMS Section 6.2.2 > [RFC5652]. > * Recipient's certificate with a public key that supports key transport > and where any given key usage extension allows keyEncipherment: > The content-encryption key will be protected using the key > transport key management technique, as specified in CMS Section > 6.2.1 [RFC5652]. > > @Roman, I hope this clarification is OK to be implemented in AUTH48. > If not, please let me know. > > Implementing this change in draft-ietf-lamps-cmp-updates, we also > propose like to adapt draft-ietf-lamps-lightweight-cmp-profile Section > 4.1.6 accordingly. > > Hendrik > >> Von: Russ Housley <housley@vigilsec.com> >> >> David: >> >> I wonder why nobody brought this up before - >> maybe simply because cryptographically educated users of CMS know >> (and others should learn by failure) that RSA does not support key >> agreement and ECC does not support key transport. >> >> The CMS-related algorithm specifications make it pretty clear. For >> example, RFC 5753 tells ho to use ECC Algorithms in CMS. I do not see >> how an implementer would try to use KeyTransRecipientInfo after >> reading that document. >> >> Maybe some pointers are needed in CMP in the central key generation >> section. >> >> Russ >
- [lamps] CMS: selection of key management techniqu… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… von Oheimb, David
- Re: [lamps] CMS: selection of key management tech… Brockhaus, Hendrik
- Re: [lamps] CMS: selection of key management tech… Russ Housley
- Re: [lamps] CMS: selection of key management tech… Brockhaus, Hendrik