IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: draft-ietf-lamps-lightweight-cmp-profile-05 concern

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 17 March 2021 16:54 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 14FA63A0A3D for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 09:54:27 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zKpqYC8nyEkD for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 09:54:25 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EFC4A3A0A38 for <spasm@ietf.org>; Wed, 17 Mar 2021 09:54:24 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12HGXTiZ028062; Wed, 17 Mar 2021 11:54:22 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=pf1vP0FPUp4jDfKsdIdiE0eWFq3Z4dPFDgHWoZsNa54=; b=Fcd7vZSO/8jhbu7C1yiO8aNS13dsIB5h0EneAknN9iBWFIORW/cJodH6Gqu3acyMh5pL +rw7rHujdfsSEaXBNd+sWtC+ORICid6Z7kNaYnNUrVvlV41DPtd94Ajb2xUStrebnltd Mx2YMWCU8Uc5vMPrHQfA1/glNai1B/pebAuVb1lH39yvIKey5UMy93I/JandVc6qcj/S VW1BC82mgt9A1ZXag59jklPtbw95AvPjJ4bX8udS+bOC5WeQ6+O0Wo+H+urv/5ppTUtj BHicwRQmImyhbCuOirwtL+W+c7FfGqncInHaZ4QwPpLqEhF/BFqjZt5l0yA3/SEwyVye nQ==
Received: from nam10-dm6-obe.outbound.protection.outlook.com (mail-dm6nam10lp2104.outbound.protection.outlook.com [104.47.58.104]) by mx08-0015a003.pphosted.com with ESMTP id 378s8u163k-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Mar 2021 11:54:22 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=bb2Z4qfpSuLT/yBMxB/t81IRzwW/EsknEVVYxu3q3m6diOorfHGLClVOIgFwpFi0kzGjGofweUPogycJNc6zahHinl4IcBdZw/5pMW2n97irxDeH9ypSXWNuBG3zXac877LJHmSzv3MKc/LrqjzJNPe5BAcGTGt1IEuc9vS1XN5P5XNPHnGhgbYMcF/+dMW8WV7NNT8Uktc9vrtqFMVx2SYI92VlK5u1F4hYdaGMDpDbT9W298izip4xmAswHpaxm+WTXMOE2sqT56la1OaW8s5Sar3QiOmMMZ7vIXVyuaf9t7qMmXKMCpLwRqC3a8c/lBNoW8ivFDBzcA8szm1Xqw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=pf1vP0FPUp4jDfKsdIdiE0eWFq3Z4dPFDgHWoZsNa54=; b=KbOperQQaPif+1jhTiaVofooI0hUy8+uQfyzrZlyrFNp8WAPHlLx1vtMI3GIF7yHBqKshWcYRJWn0h/zF3COOcGfILF+2C+T7kgcb4gxCuzH8Af1/8+mf64NO/SFUauj/Yp5bkjzlkzrJMnthvjhrGjVzHwp9z+brYxk96vVjJX/3EuHlu+pxeCqyRPWrDdoBzD9blHjv1DTYFGurUAEZhG7VKsE0fhh4x9docoLxXGZGebQOWsl/d+FDYSXk5fWbmaZsD4RDLl/pqZRivrocz8XQRKJskITjA9UjqaiTt5mpLDr/SPErobD47zhJIf898pbVDXrNHISmFIt+oP3hg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM6PR11MB3819.namprd11.prod.outlook.com (2603:10b6:5:13f::31) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 17 Mar 2021 16:54:18 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13%4]) with mapi id 15.20.3955.018; Wed, 17 Mar 2021 16:54:18 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Nick Lamb <njl@tlrmx.org>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
CC: "spasm@ietf.org" <spasm@ietf.org>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>
Thread-Topic: [EXTERNAL] Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern
Thread-Index: AQHXGoAwkx/9x+pYNEWcYdXgbguM+KqG3EwggAGBV4CAAALYMA==
Date: Wed, 17 Mar 2021 16:54:18 +0000
Message-ID: <DM6PR11MB438028463E2E0AD953BA60BF9F6A9@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <20210316161932.6e2d2075@totoro.tlrmx.org> <AM0PR10MB2418001C019DC5B21F814D95FE6B9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <20210317161935.04de0697@totoro.tlrmx.org>
In-Reply-To: <20210317161935.04de0697@totoro.tlrmx.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: tlrmx.org; dkim=none (message not signed) header.d=none;tlrmx.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [206.214.228.99]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 201d94c6-5a18-4b6a-fb8b-08d8e9654df2
x-ms-traffictypediagnostic: DM6PR11MB3819:
x-microsoft-antispam-prvs: <DM6PR11MB3819D3EBD3CFADCAFF844D039F6A9@DM6PR11MB3819.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: AQ04dPox4QKihoKJir67PdFkj2Komuj4TTh/k1XZmUhruKlcT/s3yZ+wJ3YKpOtsrXXJf/td/S7nnpwfFRiBCRyGPDhEkXyIC95H307L/IQrZTGY6M5qJvy5vrwCSn2i1H+qoLLvq+2XXQHZdOg7DIVkJmsoP9W2lU5kB6Ovppl+kR2if0U7iSzZaTc/NzGbsouekBT+wrwud01JzhEwht7oAF9vcX16O9DUvgoFPpHfZELDmmitsuEa6jRBLkCPYRJai2X3xbsdpsX3GMN/yQ6LEcx3okkJE3KNfSkIgKbMkH2Gh+RCgyJuqEfwnjio6zZ89zrbbR6Vkljp6VhhoU8Y0egocrsHgOKxHQp147XkYol9+7QTYcWMFUyidZkOKHKha3JFx4KVwf45jhtYMnIUcD/6Ej7eJLsL/3DKmzBsFL/trg7ikpKVJJ59G3HOcpX4Q5PvFCD1neYBc3o9xP5dBhu5j8No2iltErripK1L3QZnhOXg2UZRqOJhrtc/5MFn5cG/gtxf5ydBLRwSniSuJiN0ERRjQCQn8vkwXx19dD3UqVqpH1K49vpx6tS9O/Ptzubx4bkaQbj99ShLaq7ZQITushlSdKyoYsHC0XYSCceCuUshR56R5kooyUx/wz89608FCjqx48uS+s2jvQ==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(136003)(39850400004)(366004)(396003)(346002)(376002)(478600001)(966005)(71200400001)(86362001)(7696005)(55016002)(26005)(66946007)(66556008)(66476007)(6506007)(53546011)(66446008)(64756008)(9686003)(76116006)(316002)(8936002)(2906002)(33656002)(5660300002)(8676002)(54906003)(4326008)(110136005)(83380400001)(52536014)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: X/WV+xMbAAO7On1+o7dul+wuGiQKmBeZwh6Tn8HU/Z8jGbquDigvM7iNbzV9selOOzhW+mpwJ3udBi51obcnnYU54tIvdi5fSW0A4E+RKKsGAFyqUjdBX7jVF4Rw999b65xFnZm8sDh8JdduadMvW8i3PQUutL4mYpRs3m3HD9PEOJjRenKwBOpmMopVMDEDalCauC1zbCOgc1m7+TiooBYBc027vpzLcpdRjDtl6XG2qKfo6mRTgbU2Gz26wol56DX2419Npgd0q2avkee03V3o+Xgb2ud8yeEEUoCKcE6NKZEN/36U7OJmdTIvkfD1wcjd5NFmR0zWbHc/tTim/2WQcO43Yl7N6OhVXi3eeADmwfQfSLpHSWhIy5wjSPrfLszHsOr1IGu/TRgwnbPo9cq2tMRprlM00D57Oliqco6uijNk1+hg290XUCSPKP8/LA4rPmXtDC0laHKFM9l1+xt9Tvjy8OHYOUdKnmiGeRnuEKUQpSsJGJ8vi/lmWSKvEoJ3pn4CnlFc2NhEhv9+MG/1fkCs+Y4Yzx62viDQlK1gM6pxPySJOiFTFeSrwXUxQV52a2AHmr7tRGPteq4qI0AbRoj8eE2rrAnz6FDpaATbn1lYkWUnhufYW0SA+qazKJQVJOH1TnkjdNo8UMlz9128obdNZvIOzIjHRVnuwMIRppAUsJ/4LLB7Biw0nRftYguVxmf17AT5UHa242NRVN1gmT7W6HDtLmMaNu7rRLQGiABT/ECj4NHjLMXUX8ASB15ZSjDv3311QxAApiDojH3+FwTkPKXLGhYu3NRPXQoKyAsJ/LX3/WYEgZQiaXFdnuVP1prJzaU2ONgaIyaZz8c1AUM9xSRW2Fe6a3jW3WKBUreXeCCrh2hjP1J9Kq2BOu1YmaH18RWNPfzUYIlXv/jrnnHGqT55R9Dv/8eNSYvT+cYsZbp5fno9zNEuI3GEtfk05Ees2/D0ZLyCw9AHiFsL841hCiSwmBqULWjUCRTTsee2jfPSP03Zmw2X7Lzo0SQN86xrS3QPY8JpR/BWdHSl4KZbJeBd572+ZEGhCP75t0MZklYqiUA6YYCmEEXD/OGSqRjoNNau2Q14/y7FHAqZiPEqcvi/MEtvIbSxD6dTynp+IxHOyC56QL42NmnVu+OfOjN6P//4iWYMwJrbm5rWX9dbZ/ep1ib6ccW0U3TElCpAZDfCUzAc82IJ72bFjeWsFwlqhtxMe6SljOD4GTwL1zqmQZSnbiqvtB1zYBP2kTJb3dUAW31CZ88TjKa3cJyLwo/tRz4uHTZLCZ3GkKl+7EuN2hbErRQnITQeq+7fjZwD4iXQWaI+HJk0AwdT
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 201d94c6-5a18-4b6a-fb8b-08d8e9654df2
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2021 16:54:18.0774 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3QDuetYhneii66P7cIRXacxZ3f9EHrxXNC9Lq6SGTRBPswLrxXbRaKkYPfympJK7CIyqj3ZkJVoHJHja+Ryxgw09677g8AJ0PbkJFOlTEkM=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB3819
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-17_10:2021-03-17, 2021-03-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 phishscore=0 adultscore=0 impostorscore=0 clxscore=1011 spamscore=0 suspectscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103170115
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Jm6Ig5bnREW_eShN7TRwc1Shh1M>
Subject: Re: [lamps] [EXTERNAL] Re: draft-ietf-lamps-lightweight-cmp-profile-05 concern
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 16:54:27 -0000

Hi Nick,

TL;DR Unless I'm misunderstanding the draft, I don't believe that TLS is serving a security-critical purpose here as the inner CMP messages are already crypted. If I'm reading the draft correctly, you can send bare CMP messages, or you can wrap them in HTTP, or you can wrap them in HTTPS with client auth which is redundant with the crypto in the underlying CMP message. So this thread is debating an optional part (TLS) of an optional part (HTTP) of this draft.


The context here is important. We are talking about a mechanism for an end entity to bootstrap their first certificate from a PKI using a shared secret they were given out-of-band. In Hendrik's draft, we're talking about the following sections:

4.1.4.  Requesting a certificate from a PKI with MAC protection
4.1.6.  Generateing the key pair centrally at the PKI management entity
4.1.6.3.  Using password-based key management technique

It's important to note that the CMP message itself is already cryptographically protected using this shared secret. CMP has worked this way for decades.


Now, in section 6, they are proposing a new set of optional HTTP endpoints. Since the CMP messages are already crypted, the draft allows this over plaintext HTTP. And unless I'm missing something, there's no TLS in the non-HTTP parts of this draft anyway. If I'm understanding the draft properly, if you're using HTTPS, then you might as well do TLS client auth with the cert-based or PSK-based client keys that you're already using to crypt the underlying CMP message.

TLS is a freebie if you happen to use the HTTP version of this protocol, but TLS is not security-critical here. IMO, removing the HTTPS and only offering the HTTP neither adds nor removes any security from this draft. So why not leave it?

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Nick Lamb
Sent: March 17, 2021 11:20 AM
To: Brockhaus, Hendrik <hendrik.brockhaus@siemens.com>
Cc: spasm@ietf.org; steffen.fries@siemens.com
Subject: [EXTERNAL] Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
On Tue, 16 Mar 2021 17:43:03 +0000
"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> wrote:

> I struggled to provide some guidance on which cypher suites to use 
> with shared secret information together with TLS in the Lightweight 
> CMP Profile as presented during IETF 110. One option is also to drop 
> these recommendation, if there is no adequate cypher suite to be used 
> with shared secret information and TLS 1.3, as TLS is not required for 
> protecting CMP messages.

I can see several ways forward. One option would be as you say not to suggest TLS for this purpose at all. One benefit here is that it doesn't over-promise. TLS gives you confidentiality, but simple password-based schemes aren't going to achieve that and so probably shouldn't promise it.

It should I think be obvious that PBMAC1 does not protect against an offline attack by an adversary guessing your password, but without strong guidance it's unlikely to be obvious that using the password for TLS PSK (which is an online protocol) also does not protect against such offline attacks.

Another option would be to make clear that shared secrets for this purpose MUST NOT be human memorable passwords.  Someone more familiar with the deployed applications might have an insight into whether such applications might actually use say 128-bit random secrets rather than a short human memorable password or if this is never likely to be used in the real world.

Another option would be something like draft-sullivan-tls-opaque which provides an actual password based AKE for TLS 1.3 but this is quite complicated and may not meet your needs for a "Lightweight" profile, it is also of course a draft, and so depending on it would delay completion of the profile.

Nick.

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!PMS5xx0mkPb9vTOeWxYEoqY7liGb9xicnP_ZALAQnD1KM_g_JyupnHVcYhqe31wdPfJLJnN3MA$

v2.23.0 | Report a Bug | By Email