IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022

Mike Ounsworth <Mike.Ounsworth@entrust.com> Fri, 16 September 2022 16:45 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BB9CC14F737; Fri, 16 Sep 2022 09:45:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.107
X-Spam-Level:
X-Spam-Status: No, score=-2.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6dd75IlEuRMg; Fri, 16 Sep 2022 09:45:04 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E271CC14F718; Fri, 16 Sep 2022 09:45:03 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 28G9npq5016491; Fri, 16 Sep 2022 11:44:59 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=Woe1ZRRIxE3kYQULVAqI6VpCdk9yc1mPVgdi/qc1PtE=; b=XnozInshRspBQ34CbQm/7sMsRRmBiM3g+W22KrxNUHhb5z2SJyN7mK6Dbl1wRJM23UoX lvKtjYCSjM1OYp4enO9JngxP7mK52pGkR9XQRzQn9apK37a0WCiKhN7+oU0XwyOukYf2 QTDqSLbMqzISxRqN2px20EISLQpdndB+VgF4OL7PJ+cNxTFZZfuuTbkQ5ZQ+YR9XYj2f NYItPK0D/SpeJ9YOI5jNiXEoKP89kZ8HOnhd336WdIuGMGGXj1dz8dHmDKSZusqWb6Gg STpVNyBKtMCk0d95TYan23ae1j4nS0U5KyipgRSt1JVNm5Q0Gp75ZDb2MYJAkMgkGD8r 0w==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2169.outbound.protection.outlook.com [104.47.58.169]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3jm91nm32c-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Fri, 16 Sep 2022 11:44:59 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KeqdlQKtJ1QjdACbbDqxO6g8sFW3TPV76yyYwHU9MYd/+5sOpXzANu5oou5UodzUbX6t6w6EAffRmsuFrKcclv5WWVChnNtzyjj05rMjD7JC98+KPUHNZjmLOWBVFF3taYibOhXyVFAEK2ViDcdIuCFSdZa8uKtBMMflYWC7B1M4H1GcG3e3ehHxJzqNeurJG9bwLDXEp4E39s5PgE/VNKWMLhcSh01u5TC8pftbjtOKV1kF0Upb6buxQhFc6WJLIr74bLCF1lJXMuIpB1dqAnSX1rxs+ClJHgrUpVsEKIUj/Tc0xDnuEUnCgbP+5BL2xMsm6rawCnxwe43IRx0ftg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Woe1ZRRIxE3kYQULVAqI6VpCdk9yc1mPVgdi/qc1PtE=; b=YWOBwXtrECEiIXXRLZRUHv9d7w2WP6WBI15huv7FGysZelikuZu1MfXIkjmYl1gycq9kjASIe8f85IcD6ZNTKf6/3uraMo5KkMlygHmX/Wd2nmU8NMQCEq96bjNyI+C374bDz9L5jh3fSZEHLoKOWUjDoY4GsHSnuMwEnJRnqGuaM6oEt/tVOv/jhDtpa8tVBw2ez2OHWI6l7d1KtYeGEi099J0LauW87Ha97+XTIqPyBmpUFAfiLVOWJp3Nm7+1QAsPT3f9aqj9Kh9H1NLuLq5B0cCyP9rW7TDx3iWSBebcSCj3/Gq7n8rRv2M19Og3gQ/HNZptbs+PD6stO5WSOQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DM6PR11MB4691.namprd11.prod.outlook.com (2603:10b6:5:2a6::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5632.16; Fri, 16 Sep 2022 16:44:55 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9d8e:5cd6:89b8:244c]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9d8e:5cd6:89b8:244c%2]) with mapi id 15.20.5632.016; Fri, 16 Sep 2022 16:44:55 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
CC: Tim Hollebeek <tim.hollebeek@digicert.com>
Thread-Topic: [EXTERNAL] Re: [lamps] LAMPS Virtual Interim in Sept. 2022
Thread-Index: AQHYw8CHA5FqxfqBcEeyUbmHGfdkD63iTQgw
Date: Fri, 16 Sep 2022 16:44:55 +0000
Message-ID: <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <4026D3B2-9390-484F-8A10-43E135441998@vigilsec.com> <CADqLbzJjBpPF+6bZ2E2r_eXKFmzCcd5i8H_ZV7O0Dg9Kg+i1xw@mail.gmail.com> <AB126236-D280-4922-A711-CE4C2948C6B3@vigilsec.com> <CADqLbzJF1YYPMpHF3q4NfD-VMG6UM3QdtT33WcL7QE7D8mUvTA@mail.gmail.com> <CADqLbz+ZgNvynnOOH0g13GKMegKrgAghJmTJr=C2pAtYo45X5Q@mail.gmail.com> <02E791EC-13CF-4C23-9BAD-A29938C9B2CF@vigilsec.com> <CADqLbzJtuxY9wdPE1iC3O=NFS8JnojuspbJBXN_=FZ2=4dfg=Q@mail.gmail.com> <D49B24A7-10D1-424E-B1C6-6202343F99F3@vigilsec.com> <68F68C22-B0DC-452D-B8BC-CE4B8B53B664@vigilsec.com>
In-Reply-To: <68F68C22-B0DC-452D-B8BC-CE4B8B53B664@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DM6PR11MB4691:EE_
x-ms-office365-filtering-correlation-id: e53a850a-eb36-4d73-51cb-08da9802c8c2
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: eZt0TxewhgPCK3l6BpxqrciH2cTGOml1ty8v+VJdLUCLZOMhULAzVzeb2O13zGPuhi+9ACkG67R3T9pCRwlsADkQiqQH2Vf/FhjCyjdBofcPkU0NVqOknJNeCH9dNkwQyTBRDdMxGEd8PYgx4ZL7CBBYpytQNhtVNzSVck+emCYw2OoCl9MfWCZQL5d9R1W+WcJlIA1T4OEKitK8GVuhhIbc8Tlaizniy0goN/Z9tuP4Py0uek2c1GR3EooJa+3XVYXRcaWDVHYV2MSZPAzV8V3xC5KeaTxD7pz11Rz6GH0Evgh01sMI5IihiotDyU4qczoHdF6w8DWyIq/rus0FEemdFPNOYXlOObl2uuriSAJ/ERwEclivYw3690HOTnTmP6SfBA3kCHU3eh7YTyYlRkHWGpzNHV4ma8RTx02PROuuwIEUN1DT6vU17o6Sl9rNzm86GwpO729xywsWeeGdh4WFZBgL2RQDNLUas8GYlKZXAJd5F44pmeUmvx6uJZuhe73i/pB4dEKbQ4tCTLyM4b63RhrUDTIZ1wzLhg1Is/MKwnYdwaLekMSprAq/lL50Azluv4tz5TIiyenelgyjMXYkwGWkYlQy1ZyKxE2urSMdvsGerSTwFngjV4l0wJtgHuXw1hX6Py5oMd4AhrLfQa92RqXIOSSyQIbcpM6ywBexDIVK8LRFPLRlc8/59ABfGDygC9n+2IDQCc7Vx3H/025z0kqAVbj9p+Uw5mNgAF+ahso7HJKOJ30oDA/3m3mmFM7iQEE+nrGWuvhd23Jg7H5kmUl4aHTdv+q5ONhOIHk=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(396003)(366004)(136003)(39850400004)(346002)(376002)(451199015)(53546011)(38100700002)(8676002)(7696005)(478600001)(110136005)(71200400001)(122000001)(6506007)(316002)(966005)(38070700005)(9686003)(186003)(2906002)(83380400001)(4326008)(26005)(64756008)(66446008)(66476007)(66556008)(66946007)(52536014)(76116006)(8936002)(41300700001)(86362001)(55016003)(33656002)(5660300002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 7t6UAw5y1e/xgfkPKIvnHUc+pysrIg3qzZ9YhAU0amDQ8hl3xpKcRTm7eMqyuFuv7HWkMuOeVG/43qXyVurSKM2bfN0sheUbcSztIJ7zIEdmgf9oJrDt6UjmSagmH8QUx5N/IKdvN0a0rQLrvesvXWovWBwbCFz/0CaZVCWPZS2kaAeFe1MUsCqBvqkb0bAdpjv5PNcGMpTct6kBw5tlGp00newaH42c3ft/8RMCXDC7+0oiDQJXeIj/WLgFkLeEfp6zXFWM/Uhc58V14XS0auckEp/KLRf54IivfjDENiEW1eETURh2LdgU6hymygKsSanSjPizfPWbbRaLQk7ihOGVL0Ef3BmGQJN2yzHSeSQZoMSzI2DAEpBUaL9SvbTKfmhnXjWVXJnw8t8ONpxSOjJAUadCUihKWgyx3dAKFHmBwSJmIszuhbOUAMfl5XACUCHUrDkNrkXibj1yL1SaaLkQywtMXK8oTe0a0GHHN30Rbob/8BqWqHFWkn3ZhF/uGdehhl8E9a4WisyQ78ypKJsvkTCv3qDTYdDCDmGKgpAxpvYNanswTIclKCpLKSlA8UYfnRTvaPLCUz18uraF+4zExcB7l1pykCw+QEEqpDJwZEYBXgDa1NGp9ri4y3TGGXpI5vgXQE5cmainW9sQ0ZxfABZRZoo1Zzw2uNeL5XzemSnhwuSPW8zNvEexyAQWY7rmzI2XdNVDb8KALO90b1Vn5/+quwcAV7ji/vw8vPst3J3k2f88UqYW+Yth8WH9Yj16LZXZ0wfqWLWzzag4O01eTMYiiX+vBcQPw/frBKA07nyyE7JSWeiBslMLhCyfhfL6V3u7K8upJs1jjkeG4zhp+x+3cprWf5c918pwnscUnZofKPp0pxU/VtVY0rUM6gm6EB5TPj+gtk6HRGmbcVxLpUAxqXQIbUFho7/+haQh6RmC4MjcPPsago5XOfaXXH1a9whfMPkjyOSE2d8/CSpyHO2t+/+6XKrDr45AUN7xc3EATbE2jmrAehuJmXJYBuYrQv4cnmbJlNpmvdkedQegQB5uyMRTXgrodN8bvQrg8ILLsZHPd7pGc7pgkPVOT6wwoqGBukHLnxqj6okFmhLU87f78yvz75qQJU2cGIWhsCZUHeVRFqFzu/Kh8l56NBaCYFEJaFAEmUCx/NcF6zOKKj8+Hl6FegmG+dZC8mL1uQ1ongIQ4cnPxqHz+iGOCTm5uDeRMUVCQnCVuxDtP+dzlC+nj2UKUlaADBpYR2thxj59bzf8VQK3VmQeqTkwl5GT4c5Mu47ThC0STMhOCFSY3QkHT9jzZ93yIdwti1xEw9CzHO1DKqmKKPuBIzNCfuhpoE5jUufqdrMEW1ZUSQH8PAY6TTLVPKvgdLv3VyJXXEmPv0O5Lfb6htthkhB32FYy1y92GHtZ5IHWfLNlNqAazr8V0YkZI1mYpW2cALOFh5d3h1KbcFzuj0W80Vm0K9Nf5Dz4NfHLxpnMnviP4H/ba9uU+/D8gxV+hriyr/Q6jWQ0xMDZ+lDwZigG/7l6Hgvhygiva93MjpxMKKRhfjU8I1uTaA20NwqD1NHTbYTYYntLrFkCfFqNqr7FjYY8
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e53a850a-eb36-4d73-51cb-08da9802c8c2
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2022 16:44:55.1724 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: ijQ5dJemSt/79aZO5fKMe6XETmUyrEBeD50/wv3myhHMdWQ4vMgtXqgOJue8qmCmk3kC9lpJVKqs/aoR3uueCYD7choTNmcNYJNgSjc4RBk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4691
X-Proofpoint-ORIG-GUID: 2ruGc-bYWZYXk7WgftcwLQVnuZnQqnFH
X-Proofpoint-GUID: 2ruGc-bYWZYXk7WgftcwLQVnuZnQqnFH
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-16_10,2022-09-16_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 malwarescore=0 priorityscore=1501 clxscore=1015 lowpriorityscore=0 suspectscore=0 adultscore=0 spamscore=0 mlxscore=0 impostorscore=0 mlxlogscore=999 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209160123
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/NRagZ4OpuopbmM32Q05qTxxb9eQ>
Subject: Re: [lamps] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 16:45:08 -0000

+ CFRG as this is request for crypto security review


Sorry for the late reply,

Could I get a slot at the LAMPS interim to discuss the hash-then-sign issue for Dilithium and Falcon?



Issue summary:

- Needing to stream your entire message to your crypto module is dumb (think streaming an entire firmware image to your network HSM for code-signing, or to your TPM for secure boot validation; yuck).
- You want to send just a hash.
- Both Dilithium and Falcon have, as their first internal step' a hash of the message prepended with a nonce (the pubkey for Dilithium, and a random r for Falcon), I assume in order to block pre-computed collision attacks.
- If you, for example, do SHA256(m) before calling Dilithium.sign(), then you have re-introduced that collision attack.
- You can externalize that first hashing step of the Dilithium / Falcon sign / verify algs outside of the crypto module without breaking interop, but doing so will need to be mentioned in the standards, and will need security review.

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
Sent: September 8, 2022 3:21 PM
To: LAMPS <spasm@ietf.org>
Cc: Tim Hollebeek <tim.hollebeek@digicert.com>
Subject: [EXTERNAL] Re: [lamps] LAMPS Virtual Interim in Sept. 2022

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
A few things for tomorrow have come up, which prevented us from picking that date.  So, we care going to hold the LAMPS Virtual Interim on 19 Sept. 2022 at 9:00 Eastern.

We already have two agenda items.  Please let us know if you want to present on another topic.

Russ & Tim


> On Aug 24, 2022, at 12:07 PM, Russ Housley <housley@vigilsec.com> wrote:
>
> Two agenda topics did not get covered at IETF 114:
> - draft-perret-prat-lamps-cms-pq-kem
> - draft-kario-pkcs12-pbmac1
>
> There may be other topics that have progressed enough to need some discussion.
>
> Tim and I think that 60 minutes will be enough to to cover these topics.
>
> Please fill out the following poll to help us find the best time for the meeting:
> https://urldefense.com/v3/__https://doodle.com/meeting/participate/id/dN9x14vb__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfYwZA0K4$
>
> Russ & Tim
>
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$
Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.37.1 | Report a Bug | By Email | System Status