Re: [lamps] Martin Duke's Discuss on draft-ietf-lamps-cmp-updates-20: (with DISCUSS and COMMENT)
Martin Duke <martin.h.duke@gmail.com> Thu, 02 June 2022 14:52 UTC
Return-Path: <martin.h.duke@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DDF60C14CF06; Thu, 2 Jun 2022 07:52:19 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.108
X-Spam-Level:
X-Spam-Status: No, score=-7.108 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gBXHNg7Q7bHI; Thu, 2 Jun 2022 07:52:19 -0700 (PDT)
Received: from mail-vk1-xa29.google.com (mail-vk1-xa29.google.com [IPv6:2607:f8b0:4864:20::a29]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 34D4AC14F6E7; Thu, 2 Jun 2022 07:52:19 -0700 (PDT)
Received: by mail-vk1-xa29.google.com with SMTP id d2so1117030vkg.5; Thu, 02 Jun 2022 07:52:19 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=y0wEtpunn51rwOukPtyTiVN9XTNl9HJTyhFqQUqoYt0=; b=qnM+dELcGgegMOuw0FWY+JYay2BUo4csFQ9FyWK9YQB96UqCHj6ZFmdlCBB5Zt8i8f bkcFpgfANFc7s5nlpspMabIMoc7YznT4ZQcp08ObLgwdbP6RXzw6aMmMCPpSrRKjcBah Sb5gxO+K7+ma1s+J4J3Jf7/ZcA3e1I4U3QYi0oIHT+RabKQJNEoSLNuITVKHNQMvrkDa 7HI8d3r8ICI38msKRO2xjxFAB3OGtiSUuVlE2KRXLq2EOO29wwZE2HpM/B22ecO5LEfQ HmqpspklG4iUuXoHiwA2/BXIgWeefu6H7P5LkjjIgv3mDyIxhroAvYeLYzsIRWSvQ3/Z A5xA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=y0wEtpunn51rwOukPtyTiVN9XTNl9HJTyhFqQUqoYt0=; b=0tYoyYgDSokNXIvwHPeWAj9FgiZZZ18so6rwtaBLc/ey6QhMDnHRPXsfCykWE9+FOu MpGy7tB8m9fZ/h/GOOlOZDWGTCb0C4E7BXc1t8MutgA6SVXruaqv4bj+IE+cxETnbGUw hvfBkcYrcYu9EEhx2DBwzWRlnt3Hypi6e0kLoaIK1sxocjmjnoxse39qvxERYPEn1BUH 9Myh914ZiWRWGIrgak+NAWPdE7rCVrh/WxGIQGvxptQTBYC0UTofko6Tu0TsC5yuvMQZ oMbN9qzpDqKv67hiRowQLo1NxsCQfo69Og/pcSISu7QiTa+BUlbwmPGADDhNic6dy0Bt KN/A==
X-Gm-Message-State: AOAM533F9YVF2dFy2uTQV097C4HXQh095kBDy31ez5OpMJbxLozbFVgG SnAJ+zH+naU6Dw0yoWZCAB6jZ6YA98zWvJtIvfM=
X-Google-Smtp-Source: ABdhPJx58WBcXNLGs6UBIaKnUpKpxAzZAk9TJvk81hPz6u2LThnCIoMkJUehgPaOfGqtwHo7434YWcPsu6YANBrvkS0=
X-Received: by 2002:a1f:43cc:0:b0:35c:c5cf:adcc with SMTP id q195-20020a1f43cc000000b0035cc5cfadccmr2145374vka.11.1654181536543; Thu, 02 Jun 2022 07:52:16 -0700 (PDT)
MIME-Version: 1.0
References: <165410326059.36213.15687292037240868456@ietfa.amsl.com> <GV2PR10MB62103F308D384905F55E1C38FEDF9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
In-Reply-To: <GV2PR10MB62103F308D384905F55E1C38FEDF9@GV2PR10MB6210.EURPRD10.PROD.OUTLOOK.COM>
From: Martin Duke <martin.h.duke@gmail.com>
Date: Thu, 02 Jun 2022 07:52:05 -0700
Message-ID: <CAM4esxSCe77QyJbu9RyBQ9AiYKmihKuS5kmL=HaFcYFfB71VhA@mail.gmail.com>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
Cc: The IESG <iesg@ietf.org>, "draft-ietf-lamps-cmp-updates@ietf.org" <draft-ietf-lamps-cmp-updates@ietf.org>, "lamps-chairs@ietf.org" <lamps-chairs@ietf.org>, "spasm@ietf.org" <spasm@ietf.org>, "housley@vigilsec.com" <housley@vigilsec.com>
Content-Type: multipart/alternative; boundary="000000000000e13bd005e07826c0"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/S813MuZqRglhqCWEpjS7rCNDyFQ>
Subject: Re: [lamps] Martin Duke's Discuss on draft-ietf-lamps-cmp-updates-20: (with DISCUSS and COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Jun 2022 14:52:20 -0000
Hendrik, Thanks for clarifying that the error messages are always authenticated. I agree that there is then no risk of downgrade, and I will clear my DISCUSS. Although it doesn't affect anything given the above, I disagree that a V3 -> V2 downgrade would have no consequences. IIUC V3 is about introducing crypto agility, so presumably at one point V3 will have more advanced algorithms, and downgrading to V2 would prevent use of those. But again, that's an academic discussion now. Martin On Wed, Jun 1, 2022 at 11:05 AM Brockhaus, Hendrik < hendrik.brockhaus@siemens.com> wrote: > > > > Von: Spasm <spasm-bounces@ietf.org> Im Auftrag von Martin Duke via > > Datatracker > > > > > > ---------------------------------------------------------------------- > > DISCUSS: > > ---------------------------------------------------------------------- > > > > As far as I can tell, CMP provides multiple optional levels of > encryption and > > authentication to protect its messages and components of that message. > > However, > > I gather that the transport substrate is allowed to be HTTP without TLS. > > > > Given that, how does this protocol defend against version downgrade > attacks? If > > an on-path attacker responds to a client message with an error message > > requiring an older version, do all configurations of CMP detect the > > intervention? > > There are only two changes to the ASN.1 syntax that require a V3 > indication. To offer maximum backward compatibility with existing > implementations the WG decided to go with an approach regarding version > handling like with CMS. Therefore, we only use V3 for EnvelopedData and > hashAlg filed in CertConf messages. The version handling is described in > Section 2.20. > > As CMP V3 does not resolve weaknesses of CMP V2, I do not see the risk of > downgrade attacks. In addition all CMP messages should be either signature- > or MAC-protected. > > Hendrik >
- [lamps] Martin Duke's Discuss on draft-ietf-lamps… Martin Duke via Datatracker
- Re: [lamps] Martin Duke's Discuss on draft-ietf-l… Brockhaus, Hendrik
- Re: [lamps] Martin Duke's Discuss on draft-ietf-l… Martin Duke
- Re: [lamps] Martin Duke's Discuss on draft-ietf-l… Russ Housley