IETF Logo Mail Archive

Re: [lamps] LAMPS Re-charter

Mike Ounsworth <Mike.Ounsworth@entrust.com> Thu, 18 March 2021 16:37 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C29583A2F1B; Thu, 18 Mar 2021 09:37:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1XkZNpnKt0he; Thu, 18 Mar 2021 09:37:00 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCECF3A10F5; Thu, 18 Mar 2021 09:36:59 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12IGY803018133; Thu, 18 Mar 2021 11:36:57 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=TdNTJ9ifGhquQLyJj5XVJJESa2O4iWP5MXkTdw4qDG0=; b=Ys7wxfj4ttbgIVZaF2EDHuPnXByw/rFx0NgKnuU4OU9sv7jYZxgt0WCYGaDGOSe5J6Xx hqYzI57f+c5ffFglYtoA5BBQwLaoZUGqFXFkNKmGvH4PnVCYCuJRYArtzijhDn5ExyYJ 2MPzdP8XmkYpBzwkWJnOXa51j9KvYoE0CI9vitRpo4NRzaxOciRxVDqxOCJYAQOJcmJc xKj3LIYk75ML75WhuF/PB00T3qOTgmJ/PpcTKwdS92xGTqhsLPDxUDRoPlqyGV/TMsTe xPsaJjK2SmeULR/ZTAA9yHQqhUFhMUVpiaEZSC8pXaFSl4UvZtoPcRsGVRosJNQDG7CQ WQ==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2174.outbound.protection.outlook.com [104.47.58.174]) by mx08-0015a003.pphosted.com with ESMTP id 378ty83mwc-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 Mar 2021 11:36:57 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=mLaBevuxEaYNB0hGAe+bzVwns1SuiDmURn2H06fVva5oCNLdTFewOwbIox0iC0X78CmdqQwuCWT6yQzbxZLwSg/9pk6MWy0qdKaE4tBLcRiYBI/FKwBKrVaYou1OZAVcLZV+evfegTQ4/KXdUUfg9jGWJlGMN50b9UI6SnSQoG4GzkpySCzf3ua+XzIG3njDHP7Mdg0uQfdliEl11Sz/dMfgaNXt87Edq8EkfzkkooXb2XLmdjXfaNF6W1W0OL7rbf+YRsGkNMh09EeaacCOxglQMIjZfyi2bPqJ4y/Q5IoPstJ5uM+kqErsASHcB6Bp2nWVid4+NXfZIcrjK1lTwQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=TdNTJ9ifGhquQLyJj5XVJJESa2O4iWP5MXkTdw4qDG0=; b=Yb4QQDXz8BPTJ8co9yfAqStNiNR2Bf1QRL06o+1oxbRLVG3DW9oYC4jXwpfIalkGZ8rT1nDLcRzSeZAs4DSanUoIjXgGHkf5XQjtcUY2yUd4Nlykx3eCX19aBqptwRIvNw8VP2451iJX4MA+4KD+UGhBt6Rmq7hN+bmkNsxrJ5X/3pMlOd04Je1QwfuM78kQqt4PLJR60cUa5lVMuR9FE8WZXXo0AE/nkYe5D5TyZ0opWnkp1DWVIHYCJAy7aEPhG7it8JuXI9e3hoL/vWiJYFmJRqzUOcBVlHtax10Vw2xKTahlwTAhekkNukia9YrG8oAxFCoCoGt2Juyw0WiBZw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM5PR1101MB2315.namprd11.prod.outlook.com (2603:10b6:4:53::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31; Thu, 18 Mar 2021 16:36:54 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13%4]) with mapi id 15.20.3955.018; Thu, 18 Mar 2021 16:36:54 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: "Salz, Rich" <rsalz=40akamai.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] LAMPS Re-charter
Thread-Index: AQHXHAXWeAZ1jo6vakWtCm/bBeMxy6qJ7SGw
Date: Thu, 18 Mar 2021 16:36:53 +0000
Message-ID: <DM6PR11MB438011635C04A784326110019F699@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <5A22DF7B-BCA5-42F6-BB95-D4F70FDB1996@vigilsec.com> <951CAF0F-7461-4057-B95E-D1F6CAE61D02@vigilsec.com> <4c18a9982cc94df2952d7b2cbae89d99@cert.org> <7B82765F-9C7A-4C4D-B115-A2835B44E6D6@vigilsec.com> <b3fdb1ac051b4ae0ad748782daebead2@cert.org> <ACE141CD-B0B7-45D3-B54F-BE25275A0D25@vigilsec.com> <E21F9B2E-A269-48D9-ABDC-1B10CDBE44E8@akamai.com>
In-Reply-To: <E21F9B2E-A269-48D9-ABDC-1B10CDBE44E8@akamai.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [206.214.228.99]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4fdcd490-68f7-46b5-5b21-08d8ea2c0a0c
x-ms-traffictypediagnostic: DM5PR1101MB2315:
x-microsoft-antispam-prvs: <DM5PR1101MB23153E09098EFAA8084BF12C9F699@DM5PR1101MB2315.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:3826;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9bHrIEA4DxBME/AXQkie+UHy3taa796MVEkteoMpbCB3Nz88v0savaZA4syV3NYUXdo/kF2EzwYKzySLQZeCLdoIVcRt6yrUJsWQRQRBIqYDHfAutWLukk83iROEq1EbL4wPn0Qog5Akb29v1UsglUtFD7Yomxo0UoFQXm+O/tIkmh1SLzfTXGqpVnY8AWUPBC2IrpXZLs+lWZ41Msves5p+M+DD9bQGF9Salabmgw1EgAnK01Mr4IXQL6YVwdUCq0YIn6X7hvFoF1AyIZyCp+vLyLJ+Yjvfe1RDj0CMQhNFBFpGoDg9P1qfS+GBg/5WcvPFkjsdzbRgUvsQt6wJ3bvDJ8q+kye7thoat/278JPk8mJVsOLh80n1fvdGROuV+/cqHQqCadzNl8WHqIWhtMJ8OqziCj6irVig7koUOyg4re67xFlEy8YRPG+8fCnKEF4TlO6xV/VPr0WIaXqtfUQl4IRe1KWU6ayoAbvSuAzNYXqyRATtMO153xWkdY6Xe4SvGim+JGj9/hWtc4R4g7twXwhN7GjrMIcMhDYKVw9ZhCTBRbfohrvSF3j5tjFX7vUf3CxlKAiQ+mbznHEen48pNtGrhO/uAJW4hoeblmcD1Bt14D15MuPCGOce5W/q
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(366004)(346002)(136003)(376002)(396003)(2906002)(186003)(86362001)(33656002)(26005)(478600001)(9686003)(55016002)(76116006)(66446008)(83380400001)(66946007)(8676002)(7696005)(8936002)(5660300002)(64756008)(66476007)(53546011)(6506007)(52536014)(316002)(71200400001)(38100700001)(66556008)(110136005); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: CAeElC3Q/K98cEUFQVNYVJF1Uh2bR5iW1723mnkpqNefKb/pYO+GpkWFjMz/0ziqHSLJjEOyfOFNqhkL1IHM2zgcQXE2xCdugKpEUEYlcE5BKdpWsypXWSj46p2oYG2hvDRhtyDWI4QcIDXUCWBhwS8vcb3tZAVVwjq7Ew26Dq1rhjOFbVCROOiy7aR9lPKWxDjXoTDCmo3XQDIU9GIAnxK0FjXTmo6g7gAhpchBX+hyz3rkxXCJkssUat87SBWMKMjFEn0TUaJ8wmpIOCkResavSesmS8cZiil0yJAGFAYP1C/k60zBt3bTR+yWmTMBK5rTgZ9SDXGktxq7sH51lzDJszfn6w2mUNkOIkjWal1RsEmwoFiEZFKT9MV1IBJtL2T49Y35dTd3cRUK420Jh8Up6F1RTbWyl63P/kzHdNd53b4Y4L3+P0OBvkkSgiMkYIYV2tNOxYtQQy7K7jEG1Nyvf2/XvL+X9T4WAHfE1593/aLXH1jW5cX5meNAwQSvCNgzw4XDP/eU4MmQTqUxH+GVjnpUOMF1wkp69D3TTmNBEEGsiJ72JfrYGRYBy1hOywXzs6BExotgYY6N/0PtLQ+U8szTFqEZ+MIjxJFojPiT2HcIQiCT7m8HKFxYNe1RfiM2GlTPcbfHpoDczncVfk95imCbFs8cQDuUWji5d2YuryGLxkqXKUF2Xh90R8CCd3TO1J74Me6ZGalt1WupXAX4KXmiwcOMq1JHY8ptIuCHDf3p1igFwja6EJz3VWqYlowwVD56RNoNG0YdE5G99+lDMAqB/tS/0PwIcVXk4qqyg0lBBcYYD/iRClUBMKz9TLsFr+z6ilq7gmCD+PfStrbG/6qggK2e8JzasQYJB9j3zkX8wvGpJp8sgNnyAdlBNpiRU6mGZenC2Br9ekEGhu80mOjy3vn4WKk4CV4aG+axa7xFgga97qdK0J2cq7u2ruHWx/13KXQxNzSS33OCIwT3YBz4Iyi7h3gq6MVk8ypzpEJYitX2aQPX7zqts1V4EWBf9BAsKTwouJk58p1Jpgy5R8YgZ/+LGOtDnFNFYqymSDmbd8KiOQOlog3BIpPB5DvQ+jBCuGFRtPOACBERBE6RmGOYeEVytoOuv9gMdgDuKaeqCq/N4/KZoELDGxWPaArey4VMx3xjKNLjm8d63hSi2wwKL5d+oTrMdXDqy1slckm+6mkFdatF2zo99dFr+LUU0qWcKkn0CuQz0isMRn+NGQhsgaHfvdWmFuKjngbChXZpPbGoGKBzwyWnYiJ2PBdeI0ABKZkgDh7usmXF6Jx5EHCPVvEU4tTWbDXqdIS5WIDLiE0c/PLEAaZAT8GU
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4fdcd490-68f7-46b5-5b21-08d8ea2c0a0c
X-MS-Exchange-CrossTenant-originalarrivaltime: 18 Mar 2021 16:36:53.9638 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: hOEhOhYiNFvSjRcMacTSIoLMQ1A+dqMZTxU5i2j6AF/U0uzOP2oKdCp0NqyVR7gnPWa8zrGLOfFlwnrpUyqrADZFouMyF8QQer5hzPMBjzk=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2315
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-18_09:2021-03-17, 2021-03-18 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1015 spamscore=0 priorityscore=1501 mlxscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 adultscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103180117
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/Q2-d0jnr4Rvp1UkBVeY9hdsJaZ4>
Subject: Re: [lamps] LAMPS Re-charter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Mar 2021 16:37:03 -0000

5.* look great to me.

Musing out loud about 5.b.i) “hybrid key establishment that combines shared secret values”. I'm wondering if there's anything weird PKIX does with encryption primitives that would need to get hybridized but isn't strictly a "shared secret"? DH-style interactive keyEx and contentEncryption-style non-interactive keyEx are definitely good. Decrypting a challenge nonce as a PoP, probably also good to do that as multiple independent shared secrets that you combine at the other end. Any other weird use of encryption primitives?

---
Mike Ounsworth

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Salz, Rich
Sent: March 18, 2021 9:49 AM
To: Russ Housley <housley@vigilsec.com>; LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] Re: [lamps] LAMPS Re-charter

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
________________________________________
Maybe put 2&4 adjacent, but this looks like a nice charter.  I’ve never seen 5.b.ii levels  before.  Long live the Harvard Outline. :)

I don’t recall discussion of short-lived certs but I’m sure that flitted by when I was’t looking.

v2.23.0 | Report a Bug | By Email