IETF Logo Mail Archive

Re: [lamps] Can ML-DSA be used in CMS?

Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 13 February 2024 16:22 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8B076C1CAF29; Tue, 13 Feb 2024 08:22:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.806
X-Spam-Level:
X-Spam-Status: No, score=-2.806 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id r6pOgUWsQLIq; Tue, 13 Feb 2024 08:22:45 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4438CC1CAF27; Tue, 13 Feb 2024 08:22:45 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.24/8.17.1.24) with ESMTP id 41DDw4lH000658; Tue, 13 Feb 2024 10:22:41 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=X0VCXprI6ynyqzkDPepQ5eBq F7O+DA3FuGckzHUANiM=; b=PPXuYKaXI8H790uAkzKDWEuepzSQw1UjxBQmcJys vWu6uFIJlqzQrI7GBgeXxnairgynmbedsnUH84CLfkFv4g7g7Lhc+LaifOtlYed2 vibmxK1h67Vouq9copowVV7k8OOQIe3IzqiHrJMlfcqg8f2u54NHzba6TEHhKMnp pef5Ft3bIw79dr9CT+MZtd2+uNQ+vZqEyvRlCsGQLYe8iVEfLnSPElfQKkX8ujbu /Wh/mbQeoboNpt4V3/VvJ0Nk8feR+hpoofzj0qYvF3stj6xMC00H6FQm4D0Wqss7 E3qOxQ4cjstOaA0wVP8vhrWNHza9HxpobhNDNwxlzHLSAw==
Received: from nam11-dm6-obe.outbound.protection.outlook.com (mail-dm6nam11lp2168.outbound.protection.outlook.com [104.47.57.168]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3w650q9jxg-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 13 Feb 2024 10:22:41 -0600 (CST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=JwLamcO1PZQCSqOvtGm2VprD9F2XTxfQPOViPVQSj0dUNgLpXNB2eEtfXfwrknYKcWQulwkCyNS99S/vwENb+vxYLo1n2G5lBQ9Ns3mEyGDKSVBUhg8CkWJ7e9ibN5pWvg4/65V+mcreBNJvrQIsOwgI9niS9pnrPMxQ8DR5THvU8qN9RKCz1Sv0lhj1gEzyXEjHoWhHdoFdfObQD0lfo8swjH04gFTiZoHqEEpuUT8qUe6N503VX8acJKUO0IOKI28QbNPUXEHT/lLtj4/l0ctIvNmmrBoqkuMcs/RziVMZo+r/F4453oELWuYXCv4dCWOXO2atcVAj4hxJwMiAFg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=X0VCXprI6ynyqzkDPepQ5eBqF7O+DA3FuGckzHUANiM=; b=nNcJ4ll/lBkNrVKn0hiD8swYFMlRF+VjkKRwWVfHG4aeM0/NXuJh2ujn8VP7RhjF4lwu6N7dGD2KDCbjuyVV/YoJJqw0i9k1n486iNsNgNupRf0BICTCQZ51weHfl+21yuGVhVJk3TD6I1rGvQePEIMRS3ycn13LyH+NOnQAPapE3C6PzW5xE+N8uI9y0klxsP2RqzAqN/Ny92tsqU5Chh4SnqvXauWgF8uzY2SiQJ6Knk/IceYftYVp03+RLkFyG3xjDpE+bFq/dafXhxBaeFG98kU4NMcJjdP/+jX42qkiZ9Wqlqu+X1IkrEDahQI1IuHqyZxYkcH7YhIUGQr95g==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by PH7PR11MB7002.namprd11.prod.outlook.com (2603:10b6:510:209::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.7270.35; Tue, 13 Feb 2024 16:22:34 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::d401:ba56:87f2:7eb8%6]) with mapi id 15.20.7270.033; Tue, 13 Feb 2024 16:22:33 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Wai Choi <wchoi@us.ibm.com>, "draft-ietf-lamps-dilithium-certificates@ietf.org" <draft-ietf-lamps-dilithium-certificates@ietf.org>
CC: 'LAMPS' <spasm@ietf.org>
Thread-Topic: [lamps] Can ML-DSA be used in CMS?
Thread-Index: AdpegWJS6kfqw04TR4e1AUBBNJk9wgABOqaAAAQ7hZA=
Date: Tue, 13 Feb 2024 16:22:33 +0000
Message-ID: <CH0PR11MB57397A403786F929D27312B69F4F2@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CH0PR11MB5739AF8408E1669FB9EF912A9F4F2@CH0PR11MB5739.namprd11.prod.outlook.com> <MW3PR15MB404385AF5F6D6F86A030A200814F2@MW3PR15MB4043.namprd15.prod.outlook.com>
In-Reply-To: <MW3PR15MB404385AF5F6D6F86A030A200814F2@MW3PR15MB4043.namprd15.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|PH7PR11MB7002:EE_
x-ms-office365-filtering-correlation-id: 27b64951-af2e-4bb1-687c-08dc2caffbf4
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: o/H+rtjpy5MdPQfQg5bKA/UDS01kGvaktedjIll/fztOb81nTvI4SaB0TOtiJO0aiXX6NaEQw6vavkx/l5RhR/2GXWOcZpP3Njl3Z0Y5y+6R9mzFNPYo434XwoFEAAmKdZdl+9O0nnBJ5gNj1ftI9Zzz9xxoVOVK77OgPHNMeHhJfqFxvMr1W8wNjzPhg3waJ/vNMJbDih5INxSmFWU7hZ/Xm30s9sfAGAlNp8ulAm7BtWG07tgyBZ0K8fKB08UR1+fHZydwxcHobvd22PeAmamAaveHKKcgtvmOuPtjA4lo4sQkbIUcMHnnXwA/Bs1WtCn8225PA5yvVuwafuGCi48HXp5/0lkD6zAohrKGEvZqgqGsrsQIdWqZPn+H4W5QzBUcMSKrD41izoiUzcWSqjagJIDMHOb6jPtWcOPBsSAiLlD/eSmD33H1n74VMHzwJHRS3u4jgTrzi6tUead45vBO4ipaWN/au7+8YIvVWcxT/f+ARuTtqvS1QArMtjB7PApG5aAnAHb7n6q14ahfsnREBOKsbdj5XJx84myD77iFazz5ybf069MT1kZmt4clu1rAuvxDBuXCY9iPLJ7gW+IPMXE2tXL3arhudgEB1Ig=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(376002)(346002)(39860400002)(136003)(396003)(366004)(230273577357003)(230922051799003)(1800799012)(186009)(64100799003)(451199024)(55016003)(66946007)(66556008)(316002)(110136005)(76116006)(64756008)(38070700009)(66476007)(38100700002)(66446008)(41300700001)(8936002)(8676002)(2906002)(5660300002)(4326008)(26005)(71200400001)(6506007)(99936003)(122000001)(33656002)(966005)(86362001)(7696005)(166002)(52536014)(83380400001)(53546011)(9686003)(478600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: WanukixClNa5b/Bu6TJi8JvAWRxhG+MuvKArgJrFCn0/4V/XDu+0ZNnib+XTvUbakbJOJjx0NE0JBMZ1I0I4yNnC17sU2KzUMd6Sn5lPzLtEDertWfsjg2BaLbjcH0jz7zvkv0K5b/9Ze4njZmcAXpUoWG8Fh2EArKknvfD1I368llrWxjfsomT4x4+U6fY3QRNhHOn1sdSi9wPprmg8Tjk4DcJDprDPQh67tDwPflasD5AK/FUH/7EW98Chd8wo0jHgufF4Yn9889dbrMN43xmnFAGs1sNrephDq3Tg8OqwKmCpdugWFbJbvaFt9b1MLGnuUtyG2D5BXBNLKWzFK6GSKiTTtbpfKBrMkaqO7/pAsO+bq68H2qn5KlhczKYEvDCbuvfnTKekADRTufK4vJwmKkUNe1mpg8m5pK7fucgyipICGuAgtT4NtpcPn5MwB/VGl+tHAhOR/F4H/DW2if880/jcnOiPbkb84yLJU0AMnL/S0bvEAl7fnjUrUbwCnVFHck9Gkh93Js6lV0AwpNGscZPrbS/Xwx+LYSiTJ3VuDas56hxexyzvVdbcV7WFwia70BoOEy4KTryxBGDsa/3sD0utfVZDspz9cWTYftxAGUC1ePKF2Njkt83IcMw5n/gitTry9H7dyfB4rIOPQ0kg/H2KGYIZv3gwEsfzgvEDUZYQ4bT0fvy9pki1MW4ui6Pf2t7sT9LbjxKFeVeYHi6x5mlMi2ISAhKoG4UdKDb/QIw0TIM3If/oJKtMBpUPDARciSyChd+rQYjWWssJikvEbod8uSHabiznDJzEOGUOSO8kSOAByr6AEIiUwNHK4A3Mwqm7zx3q9CU4Pgr1wfP4IAAhsqzsW3/BN8nJ2+uPolyBXiuKD+rXLwuzDhecmOfaI2NXPHFoRGQ+uavpum67yiBHYe2BJU0UFHntZWpcl9ZDvQe5NKYYlVvgIoVYTSyeZ8qtnri01W2rM5EE19rh9t0Bsg1LB8FYQw6JI/HA3XlVJCUUU5Z8vkqP1GJzCHh2WWgAECOLGcXL4vF/obGYF05aUJgBXXfCtOifyIeIfzSsUO09YqQ3DasrHsTs1OZGxZjkBL5EGDKnVTQJ/n1bfruDj7vZbRTdCt718kYHPL0ZVl4pqnv9c/4Lj14A+EAFENm/CTkOkXprYapfNg9aqC/7x5YWhM6s04Ii3oqJX/slmfxCr9TAAJOhLVlYqUtqyek+KLAjxamYhVizHbtGwyE2FMpksl8A5rDmj2K8W7oqe1ObLYC+lOHtAExy7KarhE5HCr9IW2RVMhW1U4hwWbxS+YfIw+3EA7Y1UHsY+MVCN0GQkpgy8LoyG5AITGUkihgD2kSlFoFygXlWQhi9rQaTE5kJpiF0rniWt0eulXz075xjtDpbtTCD5L4QG/uErzpSc9kHV6mKi8utTDRniESw93Q0oVOsy4Ii0+jnVcGjpdrIyGhNr2m0AMiC/iauIfqk1MFZoSREZ+sAssn+y4M5XbHhZOMwtw5cYYBS82gqskbBd+KDcM+9B7Z1z9x3D2iufnTw/m/g/Qs0r/EhsRAQRlmE67Z/Jjn/ZOaqy/JE6gA9GYfSSrEvYQBi
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="SHA1"; boundary="----=_NextPart_000_08AC_01DA5E66.8E15A7F0"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 27b64951-af2e-4bb1-687c-08dc2caffbf4
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Feb 2024 16:22:33.7345 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: FTy3XcbPoWHCx894TizwJqLaw9CKCUucOHInW0/yMVBMkiG/X13k7s5WfjombpD3YTor+ftCUK3B7Qgp3RlrFhyu3uUCXqh9rIqQcvuZ0zs=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH7PR11MB7002
X-Proofpoint-ORIG-GUID: XJEzHR__BEZ1Tnkra3HTXBOlq9YhFmKl
X-Proofpoint-GUID: XJEzHR__BEZ1Tnkra3HTXBOlq9YhFmKl
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.1011,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2024-02-13_09,2024-02-12_03,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 spamscore=0 mlxscore=0 lowpriorityscore=0 phishscore=0 priorityscore=1501 suspectscore=0 adultscore=0 impostorscore=0 mlxlogscore=999 bulkscore=0 clxscore=1011 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2401310000 definitions=main-2402130128
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/PnZEVV99GiqNIdp9kgKTLrhiXeU>
Subject: Re: [lamps] Can ML-DSA be used in CMS?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Feb 2024 16:22:49 -0000

Hi Wai Choi,

 

We do already have a draft for Kyber in CMS. Please see:
https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-kyber/

(it is very out-of-date; we are working on a massive update and will have it
published before 119).

 

 

To your other questions:

 

> 1. Although it makes sense to have PQ algorithms on both Signature
Algorithm and Public key Algorithm, is it a MUST requirement?

 

I think the approach that we are taking with the new PQC algorithms is to
use the same OID for both the Public Key Algorithm, and for the Signature
Algorithm. This approach worked will for Ed25519, E448, x25519, x448, and it
avoids cross-protocol attacks where a single key can be used for multiple
different cryptographic schemes.

 

Was that your question?

 

 

> 2. Does the whole chain of certificates need to use PQ algorithms?

 

My personal opinion is that this is out-of-scope for IETF. I believe that
IETF should specify the technical wire formats, and issue such as whether
you are allowed to mix-and-match algorithms up a single certificate chain
(and which algorithms are allowed to be mixed, and whether certificate
lifetime comes into play, etc) are policy issues and thus outside the scope
of IETF to specify.

 

As an example, I could imagine PKI scenarios where the PKI as a whole has
high value, but individual end entity keys have low value. For example
smartcards serving as low-value gift cards for a restaurant chain, or a
backend TLS deployment where TLS Client and Server certs renew every 7 days.
In those scenarios, I think it could be totally reasonable to deploy a PKI
as: Root: LMS, ICA: Dilithium, EE: ECDSA. So I don't think that the IETF
should make any opinion here.

 

---

Mike Ounsworth

 

From: Wai Choi <wchoi@us.ibm.com> 
Sent: Tuesday, February 13, 2024 8:10 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>;
draft-ietf-lamps-dilithium-certificates@ietf.org
Cc: 'LAMPS' <spasm@ietf.org>
Subject: [EXTERNAL] RE: [lamps] Can ML-DSA be used in CMS?

 

Do we need a draft to address how to use Kyber in X.509 certificate? While
having a certificate used for signing is common, one used for email
encryption is not rare. Wonder why all the discussion focuses on signing
only.

 

Other basic questions on PQ certificates:
1. Although it makes sense to have PQ algorithms on both Signature Algorithm
and Public key Algorithm, is it a MUST requirement?

 

2. Does the whole chain of certificates need to use PQ algorithms?

 

Wai Choi

 

From: Mike Ounsworth <Mike.Ounsworth@entrust.com
<mailto:Mike.Ounsworth@entrust.com> > 
Sent: Tuesday, February 13, 2024 8:37 AM
To: draft-ietf-lamps-dilithium-certificates@ietf.org
<mailto:draft-ietf-lamps-dilithium-certificates@ietf.org> 
Cc: 'LAMPS' <spasm@ietf.org <mailto:spasm@ietf.org> >
Subject: [lamps] Can ML-DSA be used in CMS?

 

The answer obviously is Yes, but draft-ietf-lamps-dilithium-certificates
does not actually say this.

 

I was reading a draft ICAO ePassport document yesterday that correctly
points out that IETF has a draft for how to use ML-DSA into X.509
certificates, but no draft for how to use ML-DSA in CMS.

 

Authors of draft-ietf-lamps-dilithium-certificates, if you add a section
"Signed-data Conventions" modelled after RFC8419, then I think that saves us
from needing a whole second ML-DSA draft.

 

---
Mike Ounsworth
Software Security Architect, Entrust

v2.23.0 | Report a Bug | By Email