IETF Logo Mail Archive

[lamps] Fwd: [CMP Updates] Hash algorithm to us for calculating certHash

David von Oheimb <nl0@von-Oheimb.de> Tue, 15 June 2021 11:49 UTC

Return-Path: <nl0@von-Oheimb.de>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AA7183A2C98 for <spasm@ietfa.amsl.com>; Tue, 15 Jun 2021 04:49:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.895
X-Spam-Level:
X-Spam-Status: No, score=-1.895 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id t34fwct0E8ba for <spasm@ietfa.amsl.com>; Tue, 15 Jun 2021 04:49:01 -0700 (PDT)
Received: from server8.webgo24.de (server8.webgo24.de [185.30.32.8]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 248633A2CA9 for <spasm@ietf.org>; Tue, 15 Jun 2021 04:49:00 -0700 (PDT)
Received: from [192.168.178.115] (dynamic-095-118-012-088.95.118.pool.telefonica.de [95.118.12.88]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by server8.webgo24.de (Postfix) with ESMTPSA id 04B024200BA; Tue, 15 Jun 2021 13:48:52 +0200 (CEST)
References: <CANNx7D9H0tEN1ViV_zPWUiESOP-rL6y+AXu8rF8QOm7X_8=R7Q@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: LAMPS WG <spasm@ietf.org>, Hendrik Brockhaus <Hendrik.Brockhaus@siemens.com>
From: David von Oheimb <nl0@von-Oheimb.de>
X-Forwarded-Message-Id: <CANNx7D9H0tEN1ViV_zPWUiESOP-rL6y+AXu8rF8QOm7X_8=R7Q@mail.gmail.com>
Message-ID: <520cc9d9-cf88-4546-4418-831ebc6051e6@von-Oheimb.de>
Date: Tue, 15 Jun 2021 13:48:52 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.12.1
MIME-Version: 1.0
In-Reply-To: <CANNx7D9H0tEN1ViV_zPWUiESOP-rL6y+AXu8rF8QOm7X_8=R7Q@mail.gmail.com>
Content-Type: multipart/alternative; boundary="------------3DEABC2901700E837A355B77"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ZYjoK3wAD7v8mTM88L43R-a-UfA>
Subject: [lamps] Fwd: [CMP Updates] Hash algorithm to us for calculating certHash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Jun 2021 11:49:15 -0000

Russ, what do you think, also on Lijun's response quoted here?


-------- Forwarded Message --------
Subject: 	Re: [lamps] [CMP Updates] Hash algorithm to us for calculating
certHash
Date: 	Tue, 15 Jun 2021 13:17:58 +0200
From: 	Lijun Liao <lijun.liao@gmail.com>
To: 	David von Oheimb <nl0@von-oheimb.de>



I am fine with the ASN.1 discussed in this email thread.

Since the upgrade to CMPv3
will take much longer than the use of EdDSA, I prefer to fix the hash
algorithm for EdDSA if it is not specified explicitly. This allows the
use of EdDSA in CMPv2.

Lijun

David von Oheimb <nl0@von-oheimb.de <mailto:nl0@von-oheimb.de>> schrieb
am Di., 15. Juni 2021, 12:30:

    Yes, in case a certConf message is expected by the server and the
    client needs to positively conform a newly enrolled EdDSA cert, I
    think this cannot be avoided
    because the assumption of CMPv2 that a cert signature alg
    automatically implies/includes a cert hash alg does not hold anymore
    for EdDSA.
    So the client needs to specify which hash alg it uses, since for
    EdDSA in general (except for CMS) there is no clear/mandatory
    implicit hash alg defined.

        David

    On 15.06.21 12:18, Lijun Liao wrote:
>     Does this mean we need CMPv3 for the EdDSA certificates? 
>
>     Lijun
>
>     David von Oheimb <nl0@von-oheimb.de <mailto:nl0@von-oheimb.de>>
>     schrieb am Di., 15. Juni 2021, 12:00:
>
>         Russ, Lijun, et al.,
>
>         we have not yet heard back on our latest proposal how to
>         determine the hash alg to use for the certHash field in CMP
>         certConf messages.
>         Would be good to finalize this topic by the end of this week
>         in order to bring it into the next version of the CMP-related
>         drafts.
>
>         To summarize, our proposal is to add a hashAlg field to the
>         CertStatus structure as follows, which is binary backward
>         compatible:
>
>            CertStatus ::= SEQUENCE {
>
>               hashAlg [0] AlgorithmIdentifier OPTIONAL,
>
>               certHash    OCTET STRING,
>
>               certReqId   INTEGER,
>
>               statusInfo  PKIStatusInfo OPTIONAL
>
>            }
>
>         In case the signature alg identifier of the cert explicitly
>         contains a hash alg (which so far always was the case until
>         EdDSA came up),
>         then use that hash alg and the optional hashAlg field MUST be
>         omitted, which means the certConf message can keep version CMPv2.
>         Otherwise, the hashAlg field MUST be used to specify the hash
>         alg used and the version of the certConf message is CMPv3.
>         (In addition, we gonna specify in the CMP- Algorithms draft
>         that  SHA-512 SHALL be used for Ed25519 and SHAKE256 for Ed448,
>         like done for CMS in RFC8419).
>
>         Does this sound fine?
>
>             David
>
>

v2.23.0 | Report a Bug | By Email