[lamps] Murray Kucherawy's No Objection on draft-ietf-lamps-cms-kemri-08: (with COMMENT)
Murray Kucherawy via Datatracker <noreply@ietf.org> Thu, 07 March 2024 07:16 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id D87B7C14F5F3; Wed, 6 Mar 2024 23:16:41 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Murray Kucherawy via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-cms-kemri@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, tim.hollebeek@digicert.com, corey.bonnell@digicert.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Murray Kucherawy <superuser@gmail.com>
Message-ID: <170979580187.63516.11101857365652932121@ietfa.amsl.com>
Date: Wed, 06 Mar 2024 23:16:41 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/MwfXRGDrp9SqZuph_jcfsPDo6Pw>
Subject: [lamps] Murray Kucherawy's No Objection on draft-ietf-lamps-cms-kemri-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Mar 2024 07:16:41 -0000
Murray Kucherawy has entered the following ballot position for draft-ietf-lamps-cms-kemri-08: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-kemri/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- === >From Orie Steele, incoming ART Area Director: Thanks to Sean Turner for the ARTART review, and the PR. The security considerations mentions both AES-GCM and AES-CBC. Is there a need to comment on binding the CEK or CAEK to a specific symmetric encryption algorithm, similar to: https://datatracker.ietf.org/doc/draft-housley-lamps-cms-cek-hkdf-sha256/ Or the algorithm integrity protection comments in: https://www.rfc-editor.org/rfc/rfc9459.html#section-8 I am concerned about how cross mode attacks are or are not mitigated by this document, but I lack the CMS experience to be able to compare the security properties to COSE. """ In this environment, security depends on three things. First, the KEM algorithm must be secure against adaptive chosen ciphertext attacks. Second, the key-encryption algorithm must provide confidentiality and integrity protection. Third, the choices of the KDF and the key-encryption algorithm need to provide the same level of security as the KEM algorithm. """ It seems like there is possibly a missing criteria that assures that the same content encryption algorithm is used on both sides of the KEM interface, after the CEK or CAEK is decrypted?
- [lamps] Murray Kucherawy's No Objection on draft-… Murray Kucherawy via Datatracker
- Re: [lamps] [EXTERNAL] Murray Kucherawy's No Obje… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Murray Kucherawy's No Obje… Orie Steele
- Re: [lamps] [EXTERNAL] Murray Kucherawy's No Obje… Mike Ounsworth
- Re: [lamps] Murray Kucherawy's No Objection on dr… Russ Housley
- Re: [lamps] Murray Kucherawy's No Objection on dr… Orie Steele