IETF Logo Mail Archive

[lamps] Security Consideration for draft-turner-lamps-nist-pqc-kem-certificates

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 25 March 2022 11:17 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1BB273A107B for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 04:17:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.108
X-Spam-Level:
X-Spam-Status: No, score=-2.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0N43skgXst-a for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 04:17:38 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 512453A1124 for <spasm@ietf.org>; Fri, 25 Mar 2022 04:17:34 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.1.2/8.16.1.2) with ESMTP id 22P6qGkg013514 for <spasm@ietf.org>; Fri, 25 Mar 2022 06:17:31 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : content-type : mime-version; s=mail1; bh=qj7LsFrEiYYDRN+lKyFg0JHzA/QMUkpzYC8YBe6cSJM=; b=ITYcgGUSvUxzRSkZnHDSa4/xHEiPLI4HjVoge1nKYzpxPzuXNUCrkSfqUxKrxEA5UD8m 97/i+Cc/ZEXs4Vvo2O7aR8y27VxRGeJauEVsvaHlfpF9sReYwuowu+VHa7iu1VZizEKf +YeXH9c8mXUNygRWItyIWGiJae/VLD/VwQdf+EHqPr7FgKpfHo6xyHMcYjfa7NB2fXQT poTBdx/f2gCvD28wakRUcPAkoUshMXN8lSDfuYHu6Hbk+sSUerr+mzTyfo/UOwkdFgAU Adh93cqkcwtpgMWWyl0ht1kxISg12JL8f9C6X45LR52Pwmp8S3riywj0xvkesZafDZ1c Bg==
Received: from nam12-mw2-obe.outbound.protection.outlook.com (mail-mw2nam12lp2042.outbound.protection.outlook.com [104.47.66.42]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3ewbv1tts1-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for <spasm@ietf.org>; Fri, 25 Mar 2022 06:17:31 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YzUn7WV2oG1yJGup8l8SE7DbnrmlJwmECissPirV/c0HWQhT/WW07naBhRVhXdqU+fFuRq6OuAwmtrDSq62JdYIJCVduRVnCXIzZwnaRhq0sMNWF8gPhDJQUS3g02aFx1mIzm65yRKQAeduWHnehDhrh+NnkhJG+oIMubhvTBKPU6k88tjnL9Y+dcOQsgbwl+mB9WDOhXvp/h2QofrlVSaNMpTeinJtSWUVru3rZdLq78+GlxEuSIBwagw30NrJemrYkw59FIH5oA2dgmkEiVmJpUFHIPFNg7R6xaHIJ7AZmpuNhVljqyt2e7fpVCiRlGxEiHw7uiqkHpSQ74UtVtg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=qj7LsFrEiYYDRN+lKyFg0JHzA/QMUkpzYC8YBe6cSJM=; b=lMu5ANbvh+GckFWr5KBT/9RFGJ3V3PNfvNJJ+vVFNIGRx/WWWgRWeJ1B1zhnNq4kkzexKaY/nT+45FchsAmGVgtP2Umr1ghFSdPA6nFSuiuhv/x7vGkBRMhorNGyjb6dWJEGByvpQYbTAzo76da3vdybCKTC3MoguwYGBhD7PUbYw68/k8vEU/lwbuAOEFO21HJdg9EXn/RUnzzW7nEwolJy7azJtDkQFpFo7+eua0IMbl65ikraqLMR15CO/x8I5x4AufKkyAG7EPr1yzWnnPxi4mtd0JsVzn9SHyoGKJ6HTP5ERihXwithtff/fCduV2GN28qltjwwwkYvLh2zhw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by CY4PR1101MB2263.namprd11.prod.outlook.com (2603:10b6:910:19::23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5081.18; Fri, 25 Mar 2022 11:17:27 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::305d:3a11:c1f0:e5e8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::305d:3a11:c1f0:e5e8%7]) with mapi id 15.20.5102.017; Fri, 25 Mar 2022 11:17:27 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: 'LAMPS' <spasm@ietf.org>
Thread-Topic: Security Consideration for draft-turner-lamps-nist-pqc-kem-certificates
Thread-Index: AdhAOJqF22Yc83vERA6womboPK5pig==
Date: Fri, 25 Mar 2022 11:17:27 +0000
Message-ID: <CH0PR11MB5739B640691C4692D6343E219F1A9@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: f81ac0b4-445b-4362-e6c3-08da0e510ba5
x-ms-traffictypediagnostic: CY4PR1101MB2263:EE_
x-microsoft-antispam-prvs: <CY4PR1101MB2263509D97CB055B334E7B9F9F1A9@CY4PR1101MB2263.namprd11.prod.outlook.com>
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: Jl7quDC7y4rFa0R5CRQZoVQDkcWnBIvDb8u5EWvsV0ZCX0h/JzOWG6mSYlMZVmkyDzkZackd8bInSGekgqNKXXR+o6fz2ozBlocOgJICt1SQCyGQrOs7Iu1Sxv+GfvxEGX/tVq9LkJxqc4XWUlzdUHeL3EbzBURQo8ujTH/3uMblMMAppUluud4ljhozY1Ml7Ues2zbiNaJKQgUZ1Z/AalRAWrL2QzfnXukx3pv80bp6YcxoHNO/8GXISlKKCepz/gHla4HQlF1SNjSx0bTPw7S3YPvS9j4pRUrFjOPDG/8SJf+Q2n+qs2e5CJnKzNW8yI+Fh65Ikvp3EC80Tc/M3ynm2baMwS0YGiQyXQ4WHnwJveL6YP2EJCe5ydsNr/dn5XGeryhFLrskuurTpZaD8pp7ltTlH61C9uKNWx7fBkxm65kuEeJI73vAND9yhSWn18ZUj3wJNHV9N+XpglStAcmNWKTWWrKxxzKzWtZi9orSQc1kA2UIWJuHzm7q1//XODLgeri29+IeZdS69STADbFdwee4oCE6n36JDmdxLyqDN6F32YC1vGbMx57Q2ZjCKrOMMUFJfHu4+DtKZqv5GdOIHp3Iy+S09FJEr0HZ4Ep0NR919uA/P9NBUJDks0enbLui+oASGN5OAG4V3X7Wz6J3lmbZr6s2d8v3sSUyD7ggL36rs8QXHm7Fs6esw9epnTHpnxKPooAxdx5qgLF1lw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230001)(366004)(83380400001)(5660300002)(6506007)(2906002)(9686003)(8936002)(52536014)(15650500001)(122000001)(38100700002)(66476007)(508600001)(64756008)(66946007)(7696005)(33656002)(8676002)(71200400001)(76116006)(66556008)(66446008)(86362001)(55016003)(38070700005)(26005)(186003)(316002)(6916009); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: U9ZssE8U97L7kpLxMwf4l9CEkVrOT4HnE6DRHXFKU0RYrVBhPmQaPeL5nHf1Z7H2O5y/JdZGBaiJ0sg/tVOrUE4iS1OHZwXye5Gl9eOiHW9YCjyn0DG949CMago1OfhmoSxedv9Vp0+qh0KgTCANZy0qhUrREjYP0D/tpWuTZLcc8MUTTCRbJB7Uw0hVXfELYLHFzBVNG5C/1+Fu1/nzYdrOG+vFxZYgeS6dLMi1KoyfvET+UPwBMheE6pgl50MKS1CEOa4ONXOmVb3re2gOZFw456Nf85Uc8sWwkzNqrmt5Q56dEfSDEjg+neTkYiLB4EZgjVvDfzUlrwQ+v85CGHGrJkrGthIgx43rUoSDcSodrkWRbVg2Zvctc63/1ft9ovga0pDgl0l7orQZH08aopgUEB64bJ1ZPqVui107lNTQMZAYGjdeN//dZg1krMr/x7Ms/z90bIHjgKG+T1exEB2LKHCL178giaD6uXpakCWJBTn9Uzd8goUHpV0Hhk44AnQJ2Pr3zrabZxnbrfI7NvHIj44susQjhMwuvldDvBAcrQNsEhsEnO2qoWCIjgxlBaG3gYnAg7Qpu4pzD4DxGoaRxN+R+kNed0cWUvTVJfZzUyyVFEftmNx5cvk1+3rDtGQ7B8OoL5kLpqJQmiplJOlrHTpLluhw/hD/ByFnx+zv3ILxD8YZmq7O0Arv4GUuILAHj89xPTfnWTDKTJ/twQwIReIKYsY44tcQJjXYvAsl76WwR/krUEWFSs2S9FTwxfyrXcQKMgHjJWgD9moCBYUL2gKlYRaicViPYhfFMXpXKqdmq8sM9Yu2P08QfXdVMBWv9Gm+gYiR2CP44SOde2LAMORR4mSc3n5yiUrTokOnJskVzRyENYdTWcP5WRA/Nl6svHlYD3dHPJYmCOO7rrSzxVzLg0u8y6eSW9PrULD21PQCGixdvjAZEnx6bsLk4QHMgcWZhtlQdGT1wYzoN/0tvFNxOsugts8gex6L0nxt8VzJ5Be0s3nXOQjPPZ19myGz4lb1oYD4RYxISRM3luv7qcGCqwAHVvYw2wMyE9H6/XIZtSiTXpolZfPXfvK83kjeBPsmejTKfe0N8pmErdknT2bTR/9mYj6XzoLTwAWzFJBXKXJCvZ9lPdmvP8dBP8/8Fk6/uExpRHDk2APVDC41wwG28ZSJhtnBI7tX9lI+8fgR6lQ+invMFyAqzgqIAlJzffh1+BCEvFJgMFWN9YPqYGFBnsN1WqZcI+NRlynkKeS49PBQzp5ktu9KwDqonK7MofReUOu4aDlhefEhpkZTXYHWMC7pocvLNrOtyxFaAlztZm9mjllEMvizKGEuzZPMFwThtNnfRvqVctFanOHNR5fMa6vJm/iNZBEkBtz95GfL/Bj4wpMBmG7blCPEAc5P3QPfutkQQtTEWFLVlDTAtN02CGoF2V5V/d3ZlNMJhbXmZO4HddKyyLPEtbZ3wUGQXWQ+EMaAHQ1rtuD5Uw==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB5739B640691C4692D6343E219F1A9CH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: f81ac0b4-445b-4362-e6c3-08da0e510ba5
X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Mar 2022 11:17:27.5970 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 0F+NG1X+K5RWJA1Do8icInCYijvtMswHViukK0bwljjghr3Cehd7JzYE3Qni9W9boYJEPkF3GiP1I4Ls2jAgJGARz0UPvXdGRakio4mOphs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR1101MB2263
X-Proofpoint-ORIG-GUID: 79IMFE4Cr__80xMORTyia1y7NSNs1Twu
X-Proofpoint-GUID: 79IMFE4Cr__80xMORTyia1y7NSNs1Twu
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.850,Hydra:6.0.425,FMLib:17.11.64.514 definitions=2022-03-25_02,2022-03-24_01,2022-02-23_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 impostorscore=0 bulkscore=0 mlxlogscore=761 mlxscore=0 priorityscore=1501 lowpriorityscore=0 adultscore=0 phishscore=0 suspectscore=0 clxscore=1015 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2202240000 definitions=main-2203250064
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/MYHcqpVvTH7Y9fzXlvM7htRATRA>
Subject: [lamps] Security Consideration for draft-turner-lamps-nist-pqc-kem-certificates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 11:17:43 -0000

The comment I was going to make at the mic:

At the TLS WG this week, Douglas Stebila presented on a known issue in the hybrid KEM combiner they're proposing for TLS (draft-ietf-tls-hybrid-design): it gets into trouble if the attacker gets to play with the lengths of the shared secrets at runtime. Obvious solution: KEM codepoints need to fix the SS length in the spec so that it's not variable at runtime.

We're putting together a draft which provides essentially the same combiner for hybrid CMS content encryption (yuck terminology hell. Florence D. please save us and write a terminology draft!).
For that combiner to avoid the attack, I think we need Sean's KEM OIDs draft to fix the shared secret length for each KEM that it specifies.

So for now I think I'm just asking @Sean to throw a Security Consideration into his draft so we don't forget that it's important.

---
Mike Ounsworth
Software Security Architect, Entrust

Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.41.0 | Report a Bug | By Email | System Status