[lamps] WGLC for draft-ietf-lamps-samples?
Daniel Kahn Gillmor <dkg@fifthhorseman.net> Fri, 06 August 2021 01:04 UTC
Return-Path: <dkg@fifthhorseman.net>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02FD13A14BE for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 18:04:15 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (unsupported algorithm ed25519-sha256)" header.d=fifthhorseman.net header.b=wy3dxrEQ; dkim=pass (2048-bit key) header.d=fifthhorseman.net header.b=qWDXG3IT
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WO2McKRQRlSm for <spasm@ietfa.amsl.com>; Thu, 5 Aug 2021 18:04:10 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [IPv6:2001:470:1:116::7]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 41BDD3A14C8 for <spasm@ietf.org>; Thu, 5 Aug 2021 18:04:10 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019; t=1628211847; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=hoNaUM7VZS5ZREjYdbf9TIlionQF5BiG4ggo5QIvIJs=; b=wy3dxrEQprxic894iV5ot+EnRyJFW0HJJh7UrEi7REkA/igmV/cdQoCugd1052sWJSD6q TP9j72o4BRwkEgbBQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1628211847; h=from : to : subject : date : message-id : mime-version : content-type : from; bh=hoNaUM7VZS5ZREjYdbf9TIlionQF5BiG4ggo5QIvIJs=; b=qWDXG3ITOIXLf/VBcXZckU7WckPBgh4+UbLNiY8BLF4RTcWSVI7kKLey72D4WHAhhBy+n wEI+9owouN5uL0nokoY9TkzrQVU+rBuw9ioo2riYd+0BMlfAqSWrR7QsFugVVHstggKpAoH 4yRYGZJcGCB7BLsoC0PG/fz1aPvtACHJxjbhYBI7XkQpp6dZtZjXpr/cNaJ4LBrJIYb5t0L 0cNcMbydrbsyed0EVkm7CiXm+nvAUVCuUwKz0bcCCK3W1ZoR4FinLEnpDCQNWFzYztaIHaW yWpBRRWO4GaTyOFCWix3R/2aTeD0bzpVpyugnH4yUtOZyD3G644nq5yLAuMw==
Received: from fifthhorseman.net (lair.fifthhorseman.net [108.58.6.98]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by che.mayfirst.org (Postfix) with ESMTPSA id 2F2FCF9A5 for <spasm@ietf.org>; Thu, 5 Aug 2021 21:04:07 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000) id 7E7B120713; Thu, 5 Aug 2021 21:04:04 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: LAMPS WG <spasm@ietf.org>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata= mDMEX+i03xYJKwYBBAHaRw8BAQdACA4xvL/xI5dHedcnkfViyq84doe8zFRid9jW7CC9XBiI0QQf FgoAgwWCX+i03wWJBZ+mAAMLCQcJEOCS6zpcoQ26RxQAAAAAAB4AIHNhbHRAbm90YXRpb25zLnNl cXVvaWEtcGdwLm9yZ/tr8E9NA10HvcAVlSxnox6z62KXCInWjZaiBIlgX6O5AxUKCAKbAQIeARYh BMKfigwB81402BaqXOCS6zpcoQ26AADZHQD/Zx9nc3N2kj13AUsKMr/7zekBtgfSIGB3hRCU74Su G44A/34Yp6IAkndewLxb1WdRSokycnaCVyrk0nb4imeAYyoPtBc8ZGtnQGZpZnRoaG9yc2VtYW4u bmV0PojRBBMWCgCDBYJf6LTfBYkFn6YAAwsJBwkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3Rh dGlvbnMuc2VxdW9pYS1wZ3Aub3JnL0Gwxvypz2tu1IPG+yu1zPjkiZwpscsitwrVvzN3bbADFQoI ApsBAh4BFiEEwp+KDAHzXjTYFqpc4JLrOlyhDboAAPkXAP0Z29z7jW+YzLzPTQML4EQLMbkHOfU4 +s+ki81Czt0WqgD/SJ8RyrqDCtEP8+E4ZSR01ysKqh+MUAsTaJlzZjehiQ24MwRf6LTfFgkrBgEE AdpHDwEBB0DkKHOW2kmqfAK461+acQ49gc2Z6VoXMChRqobGP0ubb4kBiAQYFgoBOgWCX+i03wWJ BZ+mAAkQ4JLrOlyhDbpHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3Jnfvo+ nHoxDwaLaJD8XZuXiaqBNZtIGXIypF1udBBRoc0CmwICHgG+oAQZFgoAbwWCX+i03wkQPp1xc3He VlxHFAAAAAAAHgAgc2FsdEBub3RhdGlvbnMuc2VxdW9pYS1wZ3Aub3JnaheiqE7Pfi3Atb3GGTw+ jFcBGOaobgzEJrhEuFpXREEWIQQttUkcnfDcj0MoY88+nXFzcd5WXAAAvrsBAIJ5sBg8Udocv25N stN/zWOiYpnjjvOjVMLH4fV3pWE1AP9T6hzHz7hRnAA8d01vqoxOlQ3O6cb/kFYAjqx3oMXSBhYh BMKfigwB81402BaqXOCS6zpcoQ26AADX7gD/b83VObe14xrNP8xcltRrBZF5OE1rQSPkMNy+eWpk eCwA/1hxiS8ZxL5/elNjXiWuHXEvUGnRoVj745Vl48sZPVYMuDgEX+i03xIKKwYBBAGXVQEFAQEH QIGex1WZbH6xhUBve5mblScGYU+Y8QJOomXH+rr5tMsMAwEICYjJBBgWCgB7BYJf6LTfBYkFn6YA CRDgkus6XKENukcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmcEAx9vTD3b J0SXkhvcRcCr6uIDJwic3KFKxkH1m4QW0QKbDAIeARYhBMKfigwB81402BaqXOCS6zpcoQ26AAAX mwD8CWmukxwskU82RZLMk5fm1wCgMB5z8dA50KLw3rgsCykBAKg1w/Y7XpBS3SlXEegIg1K1e6dR fRxL7Z37WZXoH8AH
Date: Thu, 05 Aug 2021 21:04:03 -0400
Message-ID: <87im0j2xks.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha256"; protocol="application/pgp-signature"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Of8CAPrWZKd0bY3Ye6ta8ENUIgE>
Subject: [lamps] WGLC for draft-ietf-lamps-samples?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Aug 2021 01:04:15 -0000
With the switch from SHA512 to SHA1 for the MAC of the PKCS12 objects in
draft-ietf-lamps-samples, i believe that there are no major outstanding
concerns.
I personally consider this draft to be ready for working group last
call, though i recognize it's not my place to make that decision.
Here's my summary of the work on the draft:
- all implementations that i know of are capable of importing the Alice
and Bob pkcs12 bundles (though some might need manual conversion from
PEM to DER first). Implementations that lack curve 25519 can't
handle Carlos or Dana, of course. I don't think there's anything
else to do here.
- the PKCS12 bundles are still using 3DES internally to lock the
private keys. That raised some derision on the list recently. If
folks would prefer that we switch from that to, say, AES 128 or AES
256, i can spin one more revision to address it.
- the PBKDF2 parameters for the encrypted PKCS-8 objects embedded in
the PKCS12 bundles are relatively cheap/weak (~5000 cycles of a
simple hash) -- but then, the passwords chosen are terrible as well.
If folks would prefer, i can increase the cost for PBKDF2 for the
PKCS-8 objects. Let me know, though i think it's unnecessary. I
suppose if we increase the work factor for the PKCS-8 objects, we
should also increase the PBKDF2 work factor for the bags of x.509
certificates, though they contain nothing secret. But since the cert
bags in a PKCS12 object typically share the same password with the
encrypted PKCS-8 objects, if we increase the work factor of one
without the other, then cert bags can serve as a cheap oracle for
testing passwords that can then be applied to the PKCS-8 objects.
- During IETF 111 we briefly discussed the possibility of including an
appendix describing how to import the various objects on different
popular systems. The sense i got from the people engaged in the
discussion was that this kind of ephemera might not be appropriate
for a reference document.
Please let me know what y'all think the next steps for this draft should
be.
--dkg
- [lamps] WGLC for draft-ietf-lamps-samples? Daniel Kahn Gillmor