Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern
Nick Lamb <njl@tlrmx.org> Wed, 17 March 2021 16:19 UTC
Return-Path: <njl@tlrmx.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C30673A045E for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 09:19:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=tlrmx.org
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id onWUdHUnic1R for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 09:19:47 -0700 (PDT)
Received: from bee.birch.relay.mailchannels.net (bee.birch.relay.mailchannels.net [23.83.209.14]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6F34D3A043E for <spasm@ietf.org>; Wed, 17 Mar 2021 09:19:46 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 19DF3321A93; Wed, 17 Mar 2021 16:19:45 +0000 (UTC)
Received: from pdx1-sub0-mail-a4.g.dreamhost.com (100-96-13-54.trex.outbound.svc.cluster.local [100.96.13.54]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 8B9AF3213A8; Wed, 17 Mar 2021 16:19:42 +0000 (UTC)
X-Sender-Id: dreamhost|x-authsender|njl@tlrmx.org
Received: from pdx1-sub0-mail-a4.g.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384) by 100.96.13.54 (trex/6.1.1); Wed, 17 Mar 2021 16:19:44 +0000
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|njl@tlrmx.org
X-MailChannels-Auth-Id: dreamhost
X-Robust-Tart: 3620a2444334c1a3_1615997984675_1917329036
X-MC-Loop-Signature: 1615997984675:3531844550
X-MC-Ingress-Time: 1615997984674
Received: from pdx1-sub0-mail-a4.g.dreamhost.com (localhost [127.0.0.1]) by pdx1-sub0-mail-a4.g.dreamhost.com (Postfix) with ESMTP id 4E7D88A2A4; Wed, 17 Mar 2021 09:19:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=tlrmx.org; h=date:from:to :cc:subject:message-id:in-reply-to:references:mime-version :content-type:content-transfer-encoding; s=tlrmx.org; bh=vCAXznh PQR+yJUgYdEkQcu31dTE=; b=UFS462BbB1D9j5CvQ04Szhc1+/6LtHp5qv9bYJC k1XtExDjzTouimpXYyvI/RzC9hSjVQLeGcWhhaHDuyvYL2zcKYevT++1N+fIBNBd bumoZHpzv1o59UGPO3u00ZCJxJd/3kP5RG+LMURvE4oWDLXtKBodVoHPp1RXPpBn 55eo=
Received: from totoro.tlrmx.org (124.89.2.81.in-addr.arpa [81.2.89.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: njl@tlrmx.org) by pdx1-sub0-mail-a4.g.dreamhost.com (Postfix) with ESMTPSA id 1B8FC7EEF0; Wed, 17 Mar 2021 09:19:39 -0700 (PDT)
Date: Wed, 17 Mar 2021 16:19:35 +0000
X-DH-BACKEND: pdx1-sub0-mail-a4
From: Nick Lamb <njl@tlrmx.org>
To: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
Cc: "spasm@ietf.org" <spasm@ietf.org>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>
Message-ID: <20210317161935.04de0697@totoro.tlrmx.org>
In-Reply-To: <AM0PR10MB2418001C019DC5B21F814D95FE6B9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <20210316161932.6e2d2075@totoro.tlrmx.org> <AM0PR10MB2418001C019DC5B21F814D95FE6B9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-redhat-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/TBnqABeEZO4k4V6bClgWyTGzqoY>
Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 16:19:49 -0000
On Tue, 16 Mar 2021 17:43:03 +0000 "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> wrote: > I struggled to provide some guidance on which cypher suites to use > with shared secret information together with TLS in the Lightweight > CMP Profile as presented during IETF 110. One option is also to drop > these recommendation, if there is no adequate cypher suite to be used > with shared secret information and TLS 1.3, as TLS is not required > for protecting CMP messages. I can see several ways forward. One option would be as you say not to suggest TLS for this purpose at all. One benefit here is that it doesn't over-promise. TLS gives you confidentiality, but simple password-based schemes aren't going to achieve that and so probably shouldn't promise it. It should I think be obvious that PBMAC1 does not protect against an offline attack by an adversary guessing your password, but without strong guidance it's unlikely to be obvious that using the password for TLS PSK (which is an online protocol) also does not protect against such offline attacks. Another option would be to make clear that shared secrets for this purpose MUST NOT be human memorable passwords. Someone more familiar with the deployed applications might have an insight into whether such applications might actually use say 128-bit random secrets rather than a short human memorable password or if this is never likely to be used in the real world. Another option would be something like draft-sullivan-tls-opaque which provides an actual password based AKE for TLS 1.3 but this is quite complicated and may not meet your needs for a "Lightweight" profile, it is also of course a draft, and so depending on it would delay completion of the profile. Nick.
- [lamps] draft-ietf-lamps-lightweight-cmp-profile-… Nick Lamb
- Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweig… Mike Ounsworth
- Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweig… Scott Fluhrer (sfluhrer)
- Re: [lamps] draft-ietf-lamps-lightweight-cmp-prof… Nick Lamb
- Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweig… Nick Lamb
- Re: [lamps] [EXTERNAL] Re: draft-ietf-lamps-light… Mike Ounsworth
- Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweig… Mike Ounsworth