IETF Logo Mail Archive

Re: [lamps] Proposed re-charter text for hybrid and dual crypto modes

Michael Richardson <mcr+ietf@sandelman.ca> Sat, 30 January 2021 22:39 UTC

Return-Path: <mcr+ietf@sandelman.ca>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D5EC53A11FA for <spasm@ietfa.amsl.com>; Sat, 30 Jan 2021 14:39:02 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cAtQ0hf4ar5k for <spasm@ietfa.amsl.com>; Sat, 30 Jan 2021 14:39:00 -0800 (PST)
Received: from tuna.sandelman.ca (tuna.sandelman.ca [209.87.249.19]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 64BBD3A11F9 for <spasm@ietf.org>; Sat, 30 Jan 2021 14:38:59 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by tuna.sandelman.ca (Postfix) with ESMTP id C1C4A389A0; Sat, 30 Jan 2021 17:41:35 -0500 (EST)
Received: from tuna.sandelman.ca ([127.0.0.1]) by localhost (localhost [127.0.0.1]) (amavisd-new, port 10024) with LMTP id wPDm0iT6rOy8; Sat, 30 Jan 2021 17:41:31 -0500 (EST)
Received: from sandelman.ca (obiwan.sandelman.ca [IPv6:2607:f0b0:f:2::247]) by tuna.sandelman.ca (Postfix) with ESMTP id D385B3899E; Sat, 30 Jan 2021 17:41:31 -0500 (EST)
Received: from localhost (localhost [IPv6:::1]) by sandelman.ca (Postfix) with ESMTP id D982C5E5; Sat, 30 Jan 2021 17:38:53 -0500 (EST)
From: Michael Richardson <mcr+ietf@sandelman.ca>
To: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
In-Reply-To: <E64102E4-AA88-4B87-814A-6C79F6655102@vigilsec.com>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <E64102E4-AA88-4B87-814A-6C79F6655102@vigilsec.com>
X-Mailer: MH-E 8.6+git; nmh 1.7+dev; GNU Emacs 26.1
X-Face: $\n1pF)h^`}$H>Hk{L"x@)JS7<%Az}5RyS@k9X%29-lHB$Ti.V>2bi.~ehC0; <'$9xN5Ub# z!G,p`nR&p7Fz@^UXIn156S8.~^@MJ*mMsD7=QFeq%AL4m<nPbLgmtKK-5dC@#:k
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-="; micalg="pgp-sha512"; protocol="application/pgp-signature"
Date: Sat, 30 Jan 2021 17:38:53 -0500
Message-ID: <6498.1612046333@localhost>
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/U1W4HY0Iaa6b-lfBCsvEjHsZmUM>
Subject: Re: [lamps] Proposed re-charter text for hybrid and dual crypto modes
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 30 Jan 2021 22:39:03 -0000

Russ Housley <housley@vigilsec.com> wrote:
    > full confidence in the PQC public key algorithms.  Therefore,
    > transition mechanisms that combine traditional algorithms with PQC
    > algorithms will be needed for "hybrid key establishment" and "dual
    > signatures".

    > NIST defines "hybrid key establishment" as any key
    > establishment scheme that is a combination of two or more components
    > that are themselves cryptographic key-establishment schemes.

To be clear for me, such a system would get a unique algorithm OID,
and would count as a single signature outside of the crypto function.

    > NIST
    > defines "dual signatures" as any signature scheme that consists of two
    > or more signatures on a common message.  The specifications developed
    > will enable PKIX and S/MIME protocols to support hybrid key
    > establishment and dual signature mechanisms.

Such as system would be visible as having two algorithmOIDs, and this would
be visible outside of the crypt function.  The length discussion about
matching the two identities, etc. deals with this side of things.

My understanding is that we might have situations where we have dual
signatures, and the second signature might be a hybrid signature.

RFC5280 only provides for one algorithmIdentifier (signatureAlgorithm) at the
top-level sequence, which is not contained under the signature.
We had some document a few years ago that dealt with coordinating this with
the section 4.1.2.3 Signature which *is* the signature. (I think Russ wrote that)

I know that some of the proposals (maybe all) put the second algorithm into
various extensions, and that is really the only way to do the dual-signatures
in a backwards compatible way.

I note that RFC5280 is only at Proposed Standard.
It was suggested it was more mature, but I can't find any evidence of that:
not in the DT nor on the rfc-editor page.

I believe that write a few "Updates" (Amends) RFC5280 documents is
appropriate, but I think that given that this is going to be a long
transition, that I think the charter should include text that would allow
RFC5280bis to be produced.  That might not be a near-term priority, but I
think that it needs to get done for a number of technical and marketing reasons.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide

v2.23.0 | Report a Bug | By Email