[lamps] Can ML-DSA be used in CMS?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 13 February 2024 13:36 UTC

From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "draft-ietf-lamps-dilithium-certificates@ietf.org" <draft-ietf-lamps-dilithium-certificates@ietf.org>
CC: 'LAMPS' <spasm@ietf.org>
Thread-Topic: Can ML-DSA be used in CMS?
Thread-Index: AdpegWJS6kfqw04TR4e1AUBBNJk9wg==
Date: Tue, 13 Feb 2024 13:36:36 +0000
Message-ID: <CH0PR11MB5739AF8408E1669FB9EF912A9F4F2@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: aEfERqOWXL8QSWcX4a929V/zAQjVPivipz11gNX76geUPNkAUmtorbbxBx5Im/PoRxjKCyMbsyMT1lbn9h8793Qaf0dsryBZKaNnwYy5BAaIfcEGohoxTbL5NJk5xAvk31svG/8MxVghdtuP7Axu5P1yKGZm129ivrU2Ordf3clMqqlzZsGHq3YRGu5tc+PogFFCTT8PeJvq1nmwGr7DR9i9ZGpC80MQRwzv03dFSP5m6L8//NsOOJNHwxsHhKx4egVBG3cytVjOC03FNl38nPlAYKCFNg6wacua0LDubVewv+GrnkMmhovnU7TBqViDS3e1ES2eF88mFH/VKr05V3kYeaX/F8xczPkBQuRLzS4VUkecvQWMpaK+WxqNGSIq+FAZDpZJDgd8ySGbzegAKlAJIb5C0bVMIGxX/pjJtQh9+0GLczpMLAUy5t+f5eNIAR+rylY82TACJiIqxaXmgwD3s4YFs26dAvskEP6MnuTRWBSmx6y7t8fKTCf/keeJBFlKLVxjlVSzxRTQcftE4PSZUJNCq3KAhrkP3nZl/79VCJdyeDY/lEqTCZaiFkUtrzzk5D2x08S6+L/89ahtDvpUVjT26K5gA8iWTkWz/mV2Bao4EU0fp/cP1MY0wxz5021rDqZ0oguJZjH8F+Paprcb5Ovz1ofID+3Xe2OQQskXLB3gtH/GmNpUrgU4vKY9ndtY0Om5SoRYIHq45qzZB887XUyRoWuUIeXMgjHz0WhH6oaczdlP1sGUQ0JpvVXYkjAL2pw7iQ1s2epk7iOYvnIHpUMPk40oUbrERaFJwN11Ct+7lPQX4De7jHtou96WYGm2lXnYqY1QNs8e49pWBY5pYNwCnHZ/m1h6E9XGmlKk9YoFtCJ7f6IcOC/50945sSG71ksU/HeM94UgJenygtqZGOjd6gbaDiUiVMLTgnPg9ykbvkHgacH9ZhM5zIcsNtKYh0N7Sh2iO0hV2iXqDbGW74k6s43lrtBlIYK+Z1rl+Rr9/tW/fbWF4HJx1D2H6tRWrOSsmg5M3DuaUiuTI7cPBIHBcWUZIZkRKnMEpd4+qhrlgdM5GL7cyplICYfK4l02yLRLmo3Y18AQ2td+pFxciveoy8YXlnJ+jzNcfbKxaWKZHj6w69Qk8o7AYq0xtQke8hXrr/gzU5GwWf2c68kYTteMRaColY9txpobOf2dVlsi62nb+olJjT2+PnPsMRJXgpgZzgAm45uD1p37ydGChJRJaAZ5F/4tLqb2SmNjtsHRLlBB4fKJ95ooo4m9YROQ/sOQKj1wl1vgqJjBK3MWMRkcH2jBLrenZjnuiglp52jDiJil+lS2iQQTyKV+heVsDipXjjXigKlNtOBF/FSmlG4Nl6p8cJdaxTOP1sUCt9H6LvL0TRZ3Xc0CpScX4lEkpIojKQtviU8BsQ6p3VDaZH0F8eua5DO9BM/RFy0ACtlVvuy+4UAEVwGZz8AgxwUaMegMUpTXCG6OStD/w/pUOG1bC0aa0x7O6X2RtfIt2ygAWhNlbYCxCynvys6Lnw2AgOa3dbj80M7TqJZnz4UN+KGkP9HE6IV5iFRRstLdk5Y79Zw2RRgdzh+tv/EH
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_085E_01DA5E4F.5F27C480"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: bc4c0ada-5f57-4492-bf45-08dc2c98ccfb
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2024 13:36:36.5431 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 3gcZ3pjt08Ge66qzHUTXoC+5Wsoocw9HybvmALI4cyquXrgmjo+8jammvAp6OZahvqVjKXZkiGh3j5ygUiE8QwwwAsBgpl6CswSAlmXcC04=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS7PR11MB7950
X-Proofpoint-ORIG-GUID: 7QQqQnZS67usSKt_mEap57IQWceX5ek8
X-Proofpoint-GUID: 7QQqQnZS67usSKt_mEap57IQWceX5ek8
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-13_07,2024-02-12_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=1 lowpriorityscore=0 phishscore=0 clxscore=1011 suspectscore=0 adultscore=0 malwarescore=0 impostorscore=0 priorityscore=1501 bulkscore=0 mlxscore=1 mlxlogscore=196 spamscore=1 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402130108
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KwjXVY8sbs6kLhvb5KokM36xpuI>
Subject: [lamps] Can ML-DSA be used in CMS?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2024 13:36:49 -0000

The answer obviously is Yes, but draft-ietf-lamps-dilithium-certificates
does not actually say this.

 

I was reading a draft ICAO ePassport document yesterday that correctly
points out that IETF has a draft for how to use ML-DSA into X.509
certificates, but no draft for how to use ML-DSA in CMS.

 

Authors of draft-ietf-lamps-dilithium-certificates, if you add a section
"Signed-data Conventions" modelled after RFC8419, then I think that saves us
from needing a whole second ML-DSA draft.

 

---
Mike Ounsworth
Software Security Architect, Entrust

Attachment: smime.p7s

[lamps] Can ML-DSA be used in CMS? Mike Ounsworth
Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
Re: [lamps] Can ML-DSA be used in CMS? Sean Turner
Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
Re: [lamps] Can ML-DSA be used in CMS? Kampanakis, Panos
Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
[lamps] SLH-DSA in CMS/X.509 Daniel Van Geest
Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Mike Ounsworth
Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Ira McDonald
Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Kousidis, Stavros
Re: [lamps] SLH-DSA in CMS/X.509 Kampanakis, Panos
Re: [lamps] Can ML-DSA be used in CMS? Michael Prorock

[lamps] Can ML-DSA be used in CMS?

Attachment: smime.p7s