Re: [lamps] LAMPS Virtual Interim in Sept. 2022

Russ Housley <housley@vigilsec.com> Fri, 16 September 2022 17:53 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 728F8C14CF0E for <spasm@ietfa.amsl.com>; Fri, 16 Sep 2022 10:53:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.908
X-Spam-Level:
X-Spam-Status: No, score=-6.908 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TFKbdYMR776z for <spasm@ietfa.amsl.com>; Fri, 16 Sep 2022 10:53:55 -0700 (PDT)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EAC34C14F6E5 for <spasm@ietf.org>; Fri, 16 Sep 2022 10:53:54 -0700 (PDT)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id B98A312CA17; Fri, 16 Sep 2022 13:53:53 -0400 (EDT)
Received: from a860b60074bd.fios-router.home (unknown [96.241.2.243]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id A8A3B12C91E; Fri, 16 Sep 2022 13:53:53 -0400 (EDT)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.21\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
Date: Fri, 16 Sep 2022 13:53:53 -0400
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <92A94416-05EE-4962-A957-4A95E875CD14@vigilsec.com>
References: <4026D3B2-9390-484F-8A10-43E135441998@vigilsec.com> <CADqLbzJjBpPF+6bZ2E2r_eXKFmzCcd5i8H_ZV7O0Dg9Kg+i1xw@mail.gmail.com> <AB126236-D280-4922-A711-CE4C2948C6B3@vigilsec.com> <CADqLbzJF1YYPMpHF3q4NfD-VMG6UM3QdtT33WcL7QE7D8mUvTA@mail.gmail.com> <CADqLbz+ZgNvynnOOH0g13GKMegKrgAghJmTJr=C2pAtYo45X5Q@mail.gmail.com> <02E791EC-13CF-4C23-9BAD-A29938C9B2CF@vigilsec.com> <CADqLbzJtuxY9wdPE1iC3O=NFS8JnojuspbJBXN_=FZ2=4dfg=Q@mail.gmail.com> <D49B24A7-10D1-424E-B1C6-6202343F99F3@vigilsec.com> <68F68C22-B0DC-452D-B8BC-CE4B8B53B664@vigilsec.com> <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
X-Mailer: Apple Mail (2.3445.104.21)
X-Scanned-By: mailmunge 3.09 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ThvGcCpwy6UxHLwiGyp4gvny6Nk>
Subject: Re: [lamps] LAMPS Virtual Interim in Sept. 2022
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 17:53:59 -0000

Mike:

I've added a topic at the end of the agenda.  Please send slides.

Russ


> On Sep 16, 2022, at 12:44 PM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote:
> 
> + CFRG as this is request for crypto security review
> 
> 
> Sorry for the late reply,
> 
> Could I get a slot at the LAMPS interim to discuss the hash-then-sign issue for Dilithium and Falcon?
> 
> 
> 
> Issue summary:
> 
> - Needing to stream your entire message to your crypto module is dumb (think streaming an entire firmware image to your network HSM for code-signing, or to your TPM for secure boot validation; yuck).
> - You want to send just a hash.
> - Both Dilithium and Falcon have, as their first internal step' a hash of the message prepended with a nonce (the pubkey for Dilithium, and a random r for Falcon), I assume in order to block pre-computed collision attacks.
> - If you, for example, do SHA256(m) before calling Dilithium.sign(), then you have re-introduced that collision attack.
> - You can externalize that first hashing step of the Dilithium / Falcon sign / verify algs outside of the crypto module without breaking interop, but doing so will need to be mentioned in the standards, and will need security review.
> 
> ---
> Mike Ounsworth
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: September 8, 2022 3:21 PM
> To: LAMPS <spasm@ietf.org>
> Cc: Tim Hollebeek <tim.hollebeek@digicert.com>
> Subject: [EXTERNAL] Re: [lamps] LAMPS Virtual Interim in Sept. 2022
> 
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
> 
> ______________________________________________________________________
> A few things for tomorrow have come up, which prevented us from picking that date.  So, we care going to hold the LAMPS Virtual Interim on 19 Sept. 2022 at 9:00 Eastern.
> 
> We already have two agenda items.  Please let us know if you want to present on another topic.
> 
> Russ & Tim
> 
> 
>> On Aug 24, 2022, at 12:07 PM, Russ Housley <housley@vigilsec.com> wrote:
>> 
>> Two agenda topics did not get covered at IETF 114:
>> - draft-perret-prat-lamps-cms-pq-kem
>> - draft-kario-pkcs12-pbmac1
>> 
>> There may be other topics that have progressed enough to need some discussion.
>> 
>> Tim and I think that 60 minutes will be enough to to cover these topics.
>> 
>> Please fill out the following poll to help us find the best time for the meeting:
>> https://urldefense.com/v3/__https://doodle.com/meeting/participate/id/dN9x14vb__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfYwZA0K4$
>> 
>> Russ & Tim