Re: [lamps] Fwd: New Version Notification for draft-housley-cms-mix-with-psk-00.txt

"Panos Kampanakis (pkampana)" <> Mon, 13 November 2017 21:53 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 5AB7C126C2F for <>; Mon, 13 Nov 2017 13:53:48 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -14.519
X-Spam-Status: No, score=-14.519 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H3=-0.01, RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (1024-bit key)
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id SymOCSUdJvq4 for <>; Mon, 13 Nov 2017 13:53:46 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D7390120724 for <>; Mon, 13 Nov 2017 13:53:45 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple;;; l=11897; q=dns/txt; s=iport; t=1510610025; x=1511819625; h=from:to:subject:date:message-id:references:in-reply-to: mime-version; bh=2HnikNgIY/GuJ1cQR39nCl/w78ZXlxPZLe+7OO4BQPM=; b=lXNDM1qdqm9VllTAMaDSLz6ve25mw7GTt1A1OT+0+B3aWhMwBBOyEPbJ /yMnfseJhRxt6FFSjbGea6tMa49STYvxHm9RBq3qTy/Qx771Cds/4169N JhN65JlZEI2Hf2HhBvm9GRTPyrpzGAu7WovWs57yjmM7sgEtfovmWrbYh A=;
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.44,389,1505779200"; d="scan'208,217";a="102234696"
Received: from ([]) by with ESMTP/TLS/DHE-RSA-AES256-SHA; 13 Nov 2017 21:53:44 +0000
Received: from ( []) by (8.14.5/8.14.5) with ESMTP id vADLriss014839 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 13 Nov 2017 21:53:44 GMT
Received: from ( by ( with Microsoft SMTP Server (TLS) id 15.0.1320.4; Mon, 13 Nov 2017 15:53:44 -0600
Received: from ([]) by ([]) with mapi id 15.00.1320.000; Mon, 13 Nov 2017 15:53:44 -0600
From: "Panos Kampanakis (pkampana)" <>
To: Russ Housley <>, SPASM <>
Thread-Topic: [lamps] Fwd: New Version Notification for draft-housley-cms-mix-with-psk-00.txt
Thread-Index: AQHTXJJnvtwF0ibx70yqT6Xv0DHsVKMS2Tmw
Date: Mon, 13 Nov 2017 21:53:44 +0000
Message-ID: <>
References: <> <>
In-Reply-To: <>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: []
Content-Type: multipart/alternative; boundary="_000_0eb2dd1b4c9b477e8a7f032f98266ce2XCHALN010ciscocom_"
MIME-Version: 1.0
Archived-At: <>
Subject: Re: [lamps] Fwd: New Version Notification for draft-housley-cms-mix-with-psk-00.txt
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Mon, 13 Nov 2017 21:53:48 -0000

Hi Russ,
This is a useful doc. It resembles the IPSECME work for IKEv2 as a temporary solution until NIST comes up with new public key crypto algos. I would suggest to be more prescriptive on the KDFs, the entropy and the key sizes so they are long enough (at least 256-bits as you are suggesting with AES-256) to be resistant against a quantum computer.

From: Spasm [] On Behalf Of Russ Housley
Sent: Monday, November 13, 2017 10:16 AM
To: SPASM <>
Subject: [lamps] Fwd: New Version Notification for draft-housley-cms-mix-with-psk-00.txt

People on this list may find this new I-D interesting,


Subject: New Version Notification for draft-housley-cms-mix-with-psk-00.txt
Date: November 13, 2017 at 10:14:32 AM EST
To: "Russell Housley" <<>>, "Russ Housley" <<>>

A new version of I-D, draft-housley-cms-mix-with-psk-00.txt
has been successfully submitted by Russell Housley and posted to the
IETF repository.

Name:             draft-housley-cms-mix-with-psk
Revision:        00
Title:               Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
Document date:          2017-11-13
Group:             Individual Submission
Pages:             11

  The invention of a large-scale quantum computer would pose a serious
  challenge for the cryptographic algorithms that are widely deployed
  today.  The Cryptographic Message Syntax (CMS) supports key transport
  and key agreement algorithms that could be broken by the invention of
  such a quantum computer.  By storing communications that are
  protected with the CMS today, someone could decrypt them in the
  future when a large-scale quantum computer becomes available.  Once
  quantum-secure key management algorithms are available, the CMS will
  be extended to support them, if current syntax the does not
  accommodated them.  In the near-term, this document describes a
  mechanism to protect today's communication from the future invention
  of a large-scale quantum computer by mixing the output of key
  transport and key agreement algorithms with a pre-shared key.

Please note that it may take a couple of minutes from the time of submission
until the htmlized version and diff are available at<>.

The IETF Secretariat