IETF Logo Mail Archive

Re: [lamps] CMS: selection of key management technique to use for EnvelopedData

Russ Housley <housley@vigilsec.com> Fri, 23 December 2022 16:59 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1F652C1516F0 for <spasm@ietfa.amsl.com>; Fri, 23 Dec 2022 08:59:54 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.899
X-Spam-Level:
X-Spam-Status: No, score=-6.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XQWl_lAnd9Dr for <spasm@ietfa.amsl.com>; Fri, 23 Dec 2022 08:59:52 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AB206C1516E9 for <spasm@ietf.org>; Fri, 23 Dec 2022 08:59:52 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id 7A5AE1626DE; Fri, 23 Dec 2022 11:59:51 -0500 (EST)
Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 4560516292C; Fri, 23 Dec 2022 11:59:51 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <CAB18899-660F-4BC5-92FB-9A3B7AF7290D@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_A7FCEA67-7ED0-4E56-A9EF-5D02DC4E9C58"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
Date: Fri, 23 Dec 2022 11:59:50 -0500
In-Reply-To: <c671f3550a3c422398ded9aa687432aabc9731e1.camel@siemens.com>
Cc: LAMPS <spasm@ietf.org>, "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: "von Oheimb, David" <david.von.oheimb@siemens.com>
References: <b8c681f4f7e6728ecec2cb848e43f2228c4cba7a.camel@siemens.com> <db687565617dde5cc08fcedf0f39241255bb5ac8.camel@siemens.com> <E3949494-08FA-4558-8FFA-1FA7143FD61E@vigilsec.com> <c671f3550a3c422398ded9aa687432aabc9731e1.camel@siemens.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.10 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/MpCvnvAMK6ShXOdDLLdxWuBYlfg>
Subject: Re: [lamps] CMS: selection of key management technique to use for EnvelopedData
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 23 Dec 2022 16:59:54 -0000

David:

> Since neither the original CMS RFC 5652 nor its update mention the topic how to select the key management technique to use, 
> the questions remains: was this on purpose?
> If not, I'd say this an omission to be sorted out.
> If yes, I'd expect some reasoning why, and a concrete pointer to, e.g., some other RFC (maybe, on specific uses like S/MIME) where concrete guidance is given.
I am sure you know this, but they can be mixed in the general case.  For example, one recipient could have a certificate with an RSA public key, and another recipient could have a certificate with an ECDH public key.  The sender would use KeyTransRecipientInfo for the first one, and the sender would use KeyAgreeRecipientInfo for the other one.  For this reason, I am not sure what guidance would be added to CMS.

RFC 2630 was published in June 1999.  This was the first version of CMS that included more that one flavor of RecipientInfo.  In the 20+ years since RFC 2630 was published, this is the first time that this has been a concern.  If an implementation supports a particular public key type (identified by the subjectPublicKeyInfo.algorithm in the certificate), then the implementation should "know" whether it is a key transport or a key agreement algorithm.  If the algorithm identifier is unknown or unsupported, then the implementation will throw an error.

Russ

v2.29.0 | Report a Bug | By Email | System Status