Re: [lamps] Can ML-DSA be used in CMS?
Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 13 February 2024 16:22 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B076C1CAF29; Tue, 13 Feb 2024 08:22:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6pOgUWsQLIq; Tue, 13 Feb 2024 08:22:45 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4438CC1CAF27; Tue, 13 Feb 2024 08:22:45 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41DDw4lH000658; Tue, 13 Feb 2024 10:22:41 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=X0VCXprI6ynyqzkDPepQ5eBq F7O+DA3FuGckzHUANiM=; b=PPXuYKaXI8H790uAkzKDWEuepzSQw1UjxBQmcJys vWu6uFIJlqzQrI7GBgeXxnairgynmbedsnUH84CLfkFv4g7g7Lhc+LaifOtlYed2 vibmxK1h67Vouq9copowVV7k8OOQIe3IzqiHrJMlfcqg8f2u54NHzba6TEHhKMnp pef5Ft3bIw79dr9CT+MZtd2+uNQ+vZqEyvRlCsGQLYe8iVEfLnSPElfQKkX8ujbu /Wh/mbQeoboNpt4V3/VvJ0Nk8feR+hpoofzj0qYvF3stj6xMC00H6FQm4D0Wqss7 E3qOxQ4cjstOaA0wVP8vhrWNHza9HxpobhNDNwxlzHLSAw==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2168.outbound.protection.outlook.com [104.47.57.168]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3w650q9jxg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Feb 2024 10:22:41 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JwLamcO1PZQCSqOvtGm2VprD9F2XTxfQPOViPVQSj0dUNgLpXNB2eEtfXfwrknYKcWQulwkCyNS99S/vwENb+vxYLo1n2G5lBQ9Ns3mEyGDKSVBUhg8CkWJ7e9ibN5pWvg4/65V+mcreBNJvrQIsOwgI9niS9pnrPMxQ8DR5THvU8qN9RKCz1Sv0lhj1gEzyXEjHoWhHdoFdfObQD0lfo8swjH04gFTiZoHqEEpuUT8qUe6N503VX8acJKUO0IOKI28QbNPUXEHT/lLtj4/l0ctIvNmmrBoqkuMcs/RziVMZo+r/F4453oELWuYXCv4dCWOXO2atcVAj4hxJwMiAFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=X0VCXprI6ynyqzkDPepQ5eBqF7O+DA3FuGckzHUANiM=; b=nNcJ4ll/lBkNrVKn0hiD8swYFMlRF+VjkKRwWVfHG4aeM0/NXuJh2ujn8VP7RhjF4lwu6N7dGD2KDCbjuyVV/YoJJqw0i9k1n486iNsNgNupRf0BICTCQZ51weHfl+21yuGVhVJk3TD6I1rGvQePEIMRS3ycn13LyH+NOnQAPapE3C6PzW5xE+N8uI9y0klxsP2RqzAqN/Ny92tsqU5Chh4SnqvXauWgF8uzY2SiQJ6Knk/IceYftYVp03+RLkFyG3xjDpE+bFq/dafXhxBaeFG98kU4NMcJjdP/+jX42qkiZ9Wqlqu+X1IkrEDahQI1IuHqyZxYkcH7YhIUGQr95g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH7PR11MB7002.namprd11.prod.outlook.com (2603:10b6:510:209::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.35; Tue, 13 Feb 2024 16:22:34 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8%6]) with mapi id 15.20.7270.033; Tue, 13 Feb 2024 16:22:33 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Wai Choi <wchoi@us.ibm.com>, "draft-ietf-lamps-dilithium-certificates@ietf.org" <draft-ietf-lamps-dilithium-certificates@ietf.org>
CC: 'LAMPS' <spasm@ietf.org>
Thread-Topic: [lamps] Can ML-DSA be used in CMS?
Thread-Index: AdpegWJS6kfqw04TR4e1AUBBNJk9wgABOqaAAAQ7hZA=
Date: Tue, 13 Feb 2024 16:22:33 +0000
Message-ID: <CH0PR11MB57397A403786F929D27312B69F4F2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB5739AF8408E1669FB9EF912A9F4F2@CH0PR11MB5739.namprd11.prod.outlook.com> <MW3PR15MB404385AF5F6D6F86A030A200814F2@MW3PR15MB4043.namprd15.prod.outlook.com>
In-Reply-To: <MW3PR15MB404385AF5F6D6F86A030A200814F2@MW3PR15MB4043.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|PH7PR11MB7002:EE_
x-ms-office365-filtering-correlation-id: 27b64951-af2e-4bb1-687c-08dc2caffbf4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: o/H+rtjpy5MdPQfQg5bKA/UDS01kGvaktedjIll/fztOb81nTvI4SaB0TOtiJO0aiXX6NaEQw6vavkx/l5RhR/2GXWOcZpP3Njl3Z0Y5y+6R9mzFNPYo434XwoFEAAmKdZdl+9O0nnBJ5gNj1ftI9Zzz9xxoVOVK77OgPHNMeHhJfqFxvMr1W8wNjzPhg3waJ/vNMJbDih5INxSmFWU7hZ/Xm30s9sfAGAlNp8ulAm7BtWG07tgyBZ0K8fKB08UR1+fHZydwxcHobvd22PeAmamAaveHKKcgtvmOuPtjA4lo4sQkbIUcMHnnXwA/Bs1WtCn8225PA5yvVuwafuGCi48HXp5/0lkD6zAohrKGEvZqgqGsrsQIdWqZPn+H4W5QzBUcMSKrD41izoiUzcWSqjagJIDMHOb6jPtWcOPBsSAiLlD/eSmD33H1n74VMHzwJHRS3u4jgTrzi6tUead45vBO4ipaWN/au7+8YIvVWcxT/f+ARuTtqvS1QArMtjB7PApG5aAnAHb7n6q14ahfsnREBOKsbdj5XJx84myD77iFazz5ybf069MT1kZmt4clu1rAuvxDBuXCY9iPLJ7gW+IPMXE2tXL3arhudgEB1Ig=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(346002)(39860400002)(136003)(396003)(366004)(230273577357003)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(55016003)(66946007)(66556008)(316002)(110136005)(76116006)(64756008)(38070700009)(66476007)(38100700002)(66446008)(41300700001)(8936002)(8676002)(2906002)(5660300002)(4326008)(26005)(71200400001)(6506007)(99936003)(122000001)(33656002)(966005)(86362001)(7696005)(166002)(52536014)(83380400001)(53546011)(9686003)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WanukixClNa5b/Bu6TJi8JvAWRxhG+MuvKArgJrFCn0/4V/XDu+0ZNnib+XTvUbakbJOJjx0NE0JBMZ1I0I4yNnC17sU2KzUMd6Sn5lPzLtEDertWfsjg2BaLbjcH0jz7zvkv0K5b/9Ze4njZmcAXpUoWG8Fh2EArKknvfD1I368llrWxjfsomT4x4+U6fY3QRNhHOn1sdSi9wPprmg8Tjk4DcJDprDPQh67tDwPflasD5AK/FUH/7EW98Chd8wo0jHgufF4Yn9889dbrMN43xmnFAGs1sNrephDq3Tg8OqwKmCpdugWFbJbvaFt9b1MLGnuUtyG2D5BXBNLKWzFK6GSKiTTtbpfKBrMkaqO7/pAsO+bq68H2qn5KlhczKYEvDCbuvfnTKekADRTufK4vJwmKkUNe1mpg8m5pK7fucgyipICGuAgtT4NtpcPn5MwB/VGl+tHAhOR/F4H/DW2if880/jcnOiPbkb84yLJU0AMnL/S0bvEAl7fnjUrUbwCnVFHck9Gkh93Js6lV0AwpNGscZPrbS/Xwx+LYSiTJ3VuDas56hxexyzvVdbcV7WFwia70BoOEy4KTryxBGDsa/3sD0utfVZDspz9cWTYftxAGUC1ePKF2Njkt83IcMw5n/gitTry9H7dyfB4rIOPQ0kg/H2KGYIZv3gwEsfzgvEDUZYQ4bT0fvy9pki1MW4ui6Pf2t7sT9LbjxKFeVeYHi6x5mlMi2ISAhKoG4UdKDb/QIw0TIM3If/oJKtMBpUPDARciSyChd+rQYjWWssJikvEbod8uSHabiznDJzEOGUOSO8kSOAByr6AEIiUwNHK4A3Mwqm7zx3q9CU4Pgr1wfP4IAAhsqzsW3/BN8nJ2+uPolyBXiuKD+rXLwuzDhecmOfaI2NXPHFoRGQ+uavpum67yiBHYe2BJU0UFHntZWpcl9ZDvQe5NKYYlVvgIoVYTSyeZ8qtnri01W2rM5EE19rh9t0Bsg1LB8FYQw6JI/HA3XlVJCUUU5Z8vkqP1GJzCHh2WWgAECOLGcXL4vF/obGYF05aUJgBXXfCtOifyIeIfzSsUO09YqQ3DasrHsTs1OZGxZjkBL5EGDKnVTQJ/n1bfruDj7vZbRTdCt718kYHPL0ZVl4pqnv9c/4Lj14A+EAFENm/CTkOkXprYapfNg9aqC/7x5YWhM6s04Ii3oqJX/slmfxCr9TAAJOhLVlYqUtqyek+KLAjxamYhVizHbtGwyE2FMpksl8A5rDmj2K8W7oqe1ObLYC+lOHtAExy7KarhE5HCr9IW2RVMhW1U4hwWbxS+YfIw+3EA7Y1UHsY+MVCN0GQkpgy8LoyG5AITGUkihgD2kSlFoFygXlWQhi9rQaTE5kJpiF0rniWt0eulXz075xjtDpbtTCD5L4QG/uErzpSc9kHV6mKi8utTDRniESw93Q0oVOsy4Ii0+jnVcGjpdrIyGhNr2m0AMiC/iauIfqk1MFZoSREZ+sAssn+y4M5XbHhZOMwtw5cYYBS82gqskbBd+KDcM+9B7Z1z9x3D2iufnTw/m/g/Qs0r/EhsRAQRlmE67Z/Jjn/ZOaqy/JE6gA9GYfSSrEvYQBi
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_08AC_01DA5E66.8E15A7F0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 27b64951-af2e-4bb1-687c-08dc2caffbf4
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2024 16:22:33.7345 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FTy3XcbPoWHCx894TizwJqLaw9CKCUucOHInW0/yMVBMkiG/X13k7s5WfjombpD3YTor+ftCUK3B7Qgp3RlrFhyu3uUCXqh9rIqQcvuZ0zs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7002
X-Proofpoint-ORIG-GUID: XJEzHR__BEZ1Tnkra3HTXBOlq9YhFmKl
X-Proofpoint-GUID: XJEzHR__BEZ1Tnkra3HTXBOlq9YhFmKl
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-13_09,2024-02-12_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 clxscore=1011 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402130128
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/PnZEVV99GiqNIdp9kgKTLrhiXeU>
Subject: Re: [lamps] Can ML-DSA be used in CMS?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2024 16:22:49 -0000
Hi Wai Choi, We do already have a draft for Kyber in CMS. Please see: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-kyber/ (it is very out-of-date; we are working on a massive update and will have it published before 119). To your other questions: > 1. Although it makes sense to have PQ algorithms on both Signature Algorithm and Public key Algorithm, is it a MUST requirement? I think the approach that we are taking with the new PQC algorithms is to use the same OID for both the Public Key Algorithm, and for the Signature Algorithm. This approach worked will for Ed25519, E448, x25519, x448, and it avoids cross-protocol attacks where a single key can be used for multiple different cryptographic schemes. Was that your question? > 2. Does the whole chain of certificates need to use PQ algorithms? My personal opinion is that this is out-of-scope for IETF. I believe that IETF should specify the technical wire formats, and issue such as whether you are allowed to mix-and-match algorithms up a single certificate chain (and which algorithms are allowed to be mixed, and whether certificate lifetime comes into play, etc) are policy issues and thus outside the scope of IETF to specify. As an example, I could imagine PKI scenarios where the PKI as a whole has high value, but individual end entity keys have low value. For example smartcards serving as low-value gift cards for a restaurant chain, or a backend TLS deployment where TLS Client and Server certs renew every 7 days. In those scenarios, I think it could be totally reasonable to deploy a PKI as: Root: LMS, ICA: Dilithium, EE: ECDSA. So I don't think that the IETF should make any opinion here. --- Mike Ounsworth From: Wai Choi <wchoi@us.ibm.com> Sent: Tuesday, February 13, 2024 8:10 AM To: Mike Ounsworth <Mike.Ounsworth@entrust.com>; draft-ietf-lamps-dilithium-certificates@ietf.org Cc: 'LAMPS' <spasm@ietf.org> Subject: [EXTERNAL] RE: [lamps] Can ML-DSA be used in CMS? Do we need a draft to address how to use Kyber in X.509 certificate? While having a certificate used for signing is common, one used for email encryption is not rare. Wonder why all the discussion focuses on signing only. Other basic questions on PQ certificates: 1. Although it makes sense to have PQ algorithms on both Signature Algorithm and Public key Algorithm, is it a MUST requirement? 2. Does the whole chain of certificates need to use PQ algorithms? Wai Choi From: Mike Ounsworth <Mike.Ounsworth@entrust.com <mailto:Mike.Ounsworth@entrust.com> > Sent: Tuesday, February 13, 2024 8:37 AM To: draft-ietf-lamps-dilithium-certificates@ietf.org <mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> Cc: 'LAMPS' <spasm@ietf.org <mailto:spasm@ietf.org> > Subject: [lamps] Can ML-DSA be used in CMS? The answer obviously is Yes, but draft-ietf-lamps-dilithium-certificates does not actually say this. I was reading a draft ICAO ePassport document yesterday that correctly points out that IETF has a draft for how to use ML-DSA into X.509 certificates, but no draft for how to use ML-DSA in CMS. Authors of draft-ietf-lamps-dilithium-certificates, if you add a section "Signed-data Conventions" modelled after RFC8419, then I think that saves us from needing a whole second ML-DSA draft. --- Mike Ounsworth Software Security Architect, Entrust
- [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- Re: [lamps] Can ML-DSA be used in CMS? Sean Turner
- Re: [lamps] Can ML-DSA be used in CMS? Wai Choi
- Re: [lamps] Can ML-DSA be used in CMS? Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Mike Ounsworth
- [lamps] SLH-DSA in CMS/X.509 Daniel Van Geest
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Mike Ounsworth
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Ira McDonald
- Re: [lamps] [EXTERNAL] SLH-DSA in CMS/X.509 Kousidis, Stavros
- Re: [lamps] SLH-DSA in CMS/X.509 Kampanakis, Panos
- Re: [lamps] Can ML-DSA be used in CMS? Michael Prorock