Re: [lamps] draft-housley-cms-mix-with-psk-03

Tim Hollebeek <tim.hollebeek@digicert.com> Thu, 22 March 2018 10:57 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BECBB124235 for <spasm@ietfa.amsl.com>; Thu, 22 Mar 2018 03:57:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NhV0JE5Yz7Hc for <spasm@ietfa.amsl.com>; Thu, 22 Mar 2018 03:57:49 -0700 (PDT)
Received: from mail1.bemta12.messagelabs.com (mail1.bemta12.messagelabs.com [216.82.251.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 86A3A1200C5 for <spasm@ietf.org>; Thu, 22 Mar 2018 03:57:49 -0700 (PDT)
Received: from [216.82.251.38] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-6.bemta-12.messagelabs.com id 0F/D6-27145-C2C83BA5; Thu, 22 Mar 2018 10:57:48 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WSeUgUYRjG95tjHcOJabzeFsXcqFRaUSMTSlT 8o+yAqKCyomZtcjf3kJ1VNrq0yEojTDTTNDvsEgMpMS3tsMxcO3DT0EgqVDKlUrMbqp39Vqv/ fvM+zzzv+368DMk7lCpGtFlFi0kwqJVTqO4ZtX6auUeuJUcU27mYocEej5hTz1PiiSWVld+JJ VUvx+mVRDKtN2nNti207tz5USq9bpnty+DOLFSzOBd5MhT3kYDfFUG5aArDc8cJKKk8SOGP1w ge2QdI2aXkIuB5Uyshsw8XBwVFhzxk9uai4WRnPY3rC+Di6E2EOQrqXsh1xtlhFrRmG+Uyy22 Egux9rhjeGdP+oICS2ZOLh7OX7C5GnB98tVe7PCTnDy/6K1wMnA+86WhXYvaFd32/aOzfCOWf mt11NbwfKKQxB4KjIg/JuwBXS0B3b507SAMjRUUk5hXQ2N5PY5MDwUhdvTspDKq/jVOY06DwW Zc7dSE8PNdD4R8qSeg4892dFACHBi67hQ80XBgqV+I9t0JhlTyfLPwkoKMHL+HNqaC38zDKR6 Gl/+xa6vSRXAWC4rL7VKnr0aZBW0k/hU0auHHrDok5CK6/L3PzQjjx464SczAU5r3xwDwfhlt G0WnEVKEQSbRkihZNVFS41qJP1VmNgt6giYyMCjeKkiSkigZBK4WnmI1XkfOy9ioUqB6VZS9t RtMZQu3Ljg1eTeanas1bd+gESbfZkmEQpWYUwDBqYGfkXUvmp1nEVNG2TW9wnueEDIyX2ofty XXKrJQuGCV9KpbsaB7TWfw2h2S6B4dzSJ4ymU2iyp+dIydxslWXYZoMmjh1BwpUebNIoVDwXu mixai3/q8PIX8Gqb3ZMbmhl95knew35ByFcI6SVlIjj2IV/kqqLOSTyKcsrp2rzUjc3hTKHz3 c+erj7ifrj9FBK+iQ8j4i3yzOSjs6sCauaF6DOXPD5x9HRtjVbWtDxyLX2aZvRw9vJ57UejYm IGNtwqbhx9EtEcFguxLzusv6dPm9TEXa2tbZuxa19ZYv3dPgCOaTZkYkHciKpS/2B19fFVuz/ 8Rl/5lqStIJkWGkRRL+AJjFUMHlAwAA
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-2.tower-163.messagelabs.com!1521716267!155376720!1
X-Originating-IP: [216.32.180.22]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 63517 invoked from network); 22 Mar 2018 10:57:48 -0000
Received: from mail-sn1nam02lp0022.outbound.protection.outlook.com (HELO NAM02-SN1-obe.outbound.protection.outlook.com) (216.32.180.22) by server-2.tower-163.messagelabs.com with AES256-GCM-SHA384 encrypted SMTP; 22 Mar 2018 10:57:48 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=zjGRmBqk10T8VNNy47sEaEBGOasyUWLihECVPxPYakc=; b=TnmsbY84MCf05/BdiJ2C02eyKbbyCzjB048g2U6zhGPXwPm1ATw7JsIeYg9IFTdkqgsYiGb+v49pq51p7YpTwQPEyohBSzCy5Br+lN4ZjraI6afghtYNkpI8Y9yu+kDC2kpxP89T5vWFAb9dCyTQeGSoSkkNhop7OX640crhx2E=
Received: from MWHPR14MB1376.namprd14.prod.outlook.com (10.173.232.139) by MWHPR14MB1678.namprd14.prod.outlook.com (10.171.146.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256) id 15.20.609.10; Thu, 22 Mar 2018 10:57:45 +0000
Received: from MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32]) by MWHPR14MB1376.namprd14.prod.outlook.com ([fe80::7929:3f48:4a4f:1e32%18]) with mapi id 15.20.0588.017; Thu, 22 Mar 2018 10:57:45 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Russ Housley <housley@vigilsec.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] draft-housley-cms-mix-with-psk-03
Thread-Index: AQHTtL/TsNPJ4k4/i0OuWF00g3LM4qPcLsyg
Date: Thu, 22 Mar 2018 10:57:45 +0000
Message-ID: <MWHPR14MB137643C000A8D7641B492ABE83A90@MWHPR14MB1376.namprd14.prod.outlook.com>
References: <836CB2DA-9A82-4DEC-845A-15A7ED195C8A@vigilsec.com>
In-Reply-To: <836CB2DA-9A82-4DEC-845A-15A7ED195C8A@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [31.133.148.144]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; MWHPR14MB1678; 7:he7Su1xFnBhuboTSvafc+vtiwtoT6GgyQFfVS8t6i3vT1LBkCLVqwt+p5FJ8cS2f23PzSYu00SYHGuEuY1B0HraVnOebOaEZMDvNEFA26cumhAJj0p5iZOX+tu5+aFSaNfA40QhlOpd50ccmf57b4ggmfmeCmXp6w6Og2E5jVkJEGDHjHvI6AzF6r1VaBzL3e8ocsUJ97Zms7ugSiLpi9bIqfiBj7yWVuT0/CUQIun9Q5LL1lj/gCwS42xRMA0oc
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 87c23d57-c953-41dd-2dc1-08d58fe3be7b
x-microsoft-antispam: UriScan:; BCL:0; PCL:0; RULEID:(7020095)(4652020)(5600026)(4604075)(3008032)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020); SRVR:MWHPR14MB1678;
x-ms-traffictypediagnostic: MWHPR14MB1678:
x-microsoft-antispam-prvs: <MWHPR14MB16780DDA41EEC1BD9050CF1F83A90@MWHPR14MB1678.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(120809045254105);
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231221)(944501327)(52105095)(10201501046)(3002001)(6041310)(20161123560045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123564045)(20161123558120)(20161123562045)(6072148)(201708071742011); SRVR:MWHPR14MB1678; BCL:0; PCL:0; RULEID:; SRVR:MWHPR14MB1678;
x-forefront-prvs: 0619D53754
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39380400002)(396003)(346002)(366004)(39850400004)(376002)(377424004)(199004)(189003)(13464003)(99936001)(6436002)(6506007)(53546011)(2906002)(55016002)(6306002)(9686003)(316002)(446003)(110136005)(14454004)(3660700001)(2950100002)(3280700002)(76176011)(59450400001)(229853002)(6246003)(3846002)(6116002)(53936002)(7696005)(97736004)(966005)(105586002)(5250100002)(186003)(102836004)(66066001)(26005)(81166006)(25786009)(8676002)(81156014)(478600001)(8936002)(305945005)(2900100001)(7736002)(74316002)(33656002)(99286004)(106356001)(68736007)(86362001)(5660300001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1678; H:MWHPR14MB1376.namprd14.prod.outlook.com; FPR:; SPF:None; PTR:InfoNoRecords; A:1; MX:1; LANG:en;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: f8AqIMQnYB0dwKigTbOJX1lIekLglXkPqSeudb7NlJKDvrS8YB1GKExY+7+qXHZnDsiX4zvs192bVaC0rS+bAWxyo9dT6i0oJ8JHhL+74nd/92ZLDD3YeaWwHKz5ocyauKhBjDJlhOFEHDX3pc6348uWgtBQyIdF7Qs1lH7iCoqKy2XFolOcdL4tr13AEP8fjimFmPQTc4KhN5jV3aL4W7UI2xLFeq79wBXyW7DZbEB43fuS6sJxBlndCp3T/8auqx9UIyiwt/maRqhh8AcYg+Hpb6pSEaIMMYlPuGBIGFhz8D5RJ6PhwHxin2PSOko8PwQykWr3aUEvH3bH2AO7Ow==
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_08EC_01D3C1CC.9960E670"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 87c23d57-c953-41dd-2dc1-08d58fe3be7b
X-MS-Exchange-CrossTenant-originalarrivaltime: 22 Mar 2018 10:57:45.8103 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1678
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/JZvO-3B2S_DxS5Jk8glXj8Bwh_4>
Subject: Re: [lamps] draft-housley-cms-mix-with-psk-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 Mar 2018 10:57:52 -0000

It is unfortunate this dropped off the bottom of the schedule this week.

I think this is extremely important work, and well thought out
countermeasures
like this will give people the runway to wait until NIST and others get
post-quantum crypto figured out, and then all the related standards updated,
which will take some time.

I read the document and believe it is in pretty good shape, especially with 
the other comments that have been made.

-Tim

> -----Original Message-----
> From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Russ Housley
> Sent: Monday, March 5, 2018 8:23 PM
> To: SPASM <spasm@ietf.org>
> Subject: [lamps] draft-housley-cms-mix-with-psk-03
> 
> I would like to make people on this mail list aware of this
Internet-Draft.
> 
> Russ
> 
> = = = = = = = = = =
> 
> A new version of I-D, draft-housley-cms-mix-with-psk-03.txt
> has been successfully submitted by Russell Housley and posted to the IETF
> repository.
> 
> Name:		draft-housley-cms-mix-with-psk
> Revision:	03
> Title:		Using Pre-Shared Key (PSK) in the Cryptographic
Message
> Syntax (CMS)
> Document date:	2018-03-05
> Group:		Individual Submission
> Pages:		13
> URL:
https://www.ietf.org/internet-drafts/draft-housley-cms-mix-with-
> psk-03.txt
> Status:
https://datatracker.ietf.org/doc/draft-housley-cms-mix-with-psk/
> Htmlized:
https://tools.ietf.org/html/draft-housley-cms-mix-with-psk-03
> Htmlized:
https://datatracker.ietf.org/doc/html/draft-housley-cms-mix-
> with-psk-03
> Diff:
https://www.ietf.org/rfcdiff?url2=draft-housley-cms-mix-with-psk-03
> 
> Abstract:
>   The invention of a large-scale quantum computer would pose a serious
>   challenge for the cryptographic algorithms that are widely deployed
>   today.  The Cryptographic Message Syntax (CMS) supports key transport
>   and key agreement algorithms that could be broken by the invention of
>   such a quantum computer.  By storing communications that are
>   protected with the CMS today, someone could decrypt them in the
>   future when a large-scale quantum computer becomes available.  Once
>   quantum-secure key management algorithms are available, the CMS will
>   be extended to support them, if current syntax the does not
>   accommodated them.  In the near-term, this document describes a
>   mechanism to protect today's communication from the future invention
>   of a large-scale quantum computer by mixing the output of key
>   transport and key agreement algorithms with a pre-shared key.
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm