Re: [lamps] Auditing HBS state usage
"Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com> Tue, 31 January 2023 18:10 UTC
Return-Path: <sfluhrer@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1DACAC1524B4; Tue, 31 Jan 2023 10:10:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.598
X-Spam-Level:
X-Spam-Status: No, score=-14.598 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIMWL_WL_MED=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b="EtaQm4vo"; dkim=pass (1024-bit key) header.d=cisco.com header.b="Jmc2NTLS"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lomszA7OCEOo; Tue, 31 Jan 2023 10:10:21 -0800 (PST)
Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9DB4CC151544; Tue, 31 Jan 2023 10:10:21 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=15908; q=dns/txt; s=iport; t=1675188621; x=1676398221; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=MjQd3baQI1tToDgQ9jQyer4Pm437pBV8jMShVfKh+Sk=; b=EtaQm4vo/2BFtBV/Y0nYgivwdG1hSI/WHNxUqZ/kYqxy595+6dzCoyGg nBnP/07P5a+Y3nrQjsPLDzBs0Pfa2qLAs/oSNS97SAvUf5h3pYW/2uzm5 7S6ZUJIURZWMJJOqYDxL6rwHLjSKQZLAsHhkaowxx8plwgj3N0njHO9U4 0=;
X-IPAS-Result: A0ADAADrWNljmIYNJK1aGgEBAQEBAQEBAQEDAQEBARIBAQEBAgIBAQEBQIE7BQEBAQELAYFaKiiBBgJZOkUDiBcDhFBfiCEDkQmLCYEsFIERA1YPAQEBDQEBLg0JBAEBgVQBPxeCXAKFIwIlNAkOAQIEAQEBAQMCAwEBAQEBAQMBAQUBAQECAQcEFAEBAQEBAQEBHhkFDhAnhTsGJw2GVQEBAQEDAQEQLgEBLAsBCwQCAQgRBAEBLycLHQgCBA4FCBEJglcEAQGCbgMxAwEPnwIBgT8CiWo1eIE0gQGCCAEBBgQEnEwDglADBoFAAYkLg2qDNXsnHIFJRIEVQ4FmgQE+gmIBAQKBHwUFARIBIyqDZYIugQyMXoYBE4gUCoE5doElDoFGgQ8CCQIRdHg3A0QdQAMLOzIKPzULC0orGhsHgQYqKBUDBAQDAgYTAyICDSgxFAQpEw0nJmkJAgMiYgMDBCgtCR8EHAcVESQ8B1Y3AQUCDx83BgMJAwIfT4EgJAUDCxUqRwQINgUGHDYSAggPEg8GJkQOQjc0EwZcASkLDhEDUIFOBC9EgR4CBAEpJp1QgSwBawUBGBoMGgEECwMKBwkLGxAgAQE5IQcCDAcHERUICgMTFQ0YBREiB5ImARsBARsXDwOPT558gTYKg3WLXZFugzwWg3mMYpd2XpdPII0wlFktLwaEXwIEAgQFAg4BAQaBYjoPXHBwFRohgmdSGQ+HRYZbCQIBDQmBBAECgkMGhRSNOnUCAQE3AgcBCgEBAwmGSoMCLYIqAQE
IronPort-PHdr: A9a23:MUaQuRRRQJCLkCUaOzrT2GDkbNpso7vLVj580XJvo75Nc6H2+ZPkM QSf4Ph2l1bGUM3d7O4MkOvZta3sGAliqZaMuXwPatpAAhkCj8hFkwkpGsXQD0r9IbbjZDA7G 8IXUlhj8jm7PEFZFdy4aUfVpyi57CUZHVP0Mg8mTtk=
IronPort-Data: A9a23:gTD52a5o/d6zAotQXsEf0gxRtKDHchMFZxGqfqrLsTDasY5as4F+v jEYXz2EaamNNGb9fNwkPI619koAsJPSz9ZgGQBu+HwzZn8b8sCt6fZ1gavT04J+CuWZESqLO u1HMoGowPgcFyOa/lH3WlTYhSEUOZugHtIQM8aZfHEuLeNYYH1500k7wrVg2tUAbeWRWmthh /uj+6UzB3f9s9JEGjp8B3Wr8U4HUFza4Vv0j3RmDRx5lAa2e0o9UPrzEZqMw07QGeG4KAIVq 9Hrl9lV9kuBl/sk50jMfrzTKiXmSZaKVeSCZ+Y/t6WK2nB/SiIOPqkTbsAQUx8IqAWwoJNs2 OlMqLqAYjkLF/iZ8Agde0Ew/yBWNKlC/vrMJmKy9JXJiUbHaHDrhf5pCSnaP6VBpb0xWj8Ir KdecWtRBvyAr7reLLaTUedom8Q5IdPDN4IEsXYmxjbcZRojac2bEvyUtIEGtNs2rpFoHNr4a O0cUCsxb0TQZBh1fRBQWJ1ryY9EgVGmI2EH9zp5v5Ef+3HY5A18zLarN8DaEvSGX8xbggOXr 3DK9mu8EkxCZZmfwCGFt2mtifSJlD7nWIUID5W5++JkxlqJyQQ7EwUfTl6ToPSlhAi5Qd03A 0US5i0orK906kWqVNDVRBy1pXOCpVgXXN84O+4i4QeK0f+Iuw+cD3oDSHhKb9kOuMo/Xzds1 1KVkZXuHzMHmJiUSn/b0aqStiy1IzQVeDNaaCkYVxYe/5/op4QbghfGVN0lEaOpgJvyAz6Y/ tyRhCE6g7NWhskR2uDipxbMgimnod7CSQtdChjrsnyNtDl1Xtb6RLyR1hvG/cpBMaCpZWejl S1R8ySB19wmAZaInS2LZewCGrC1+vqIWAEwZ3YyQ/HNEBzwpxaekZBsDCJWfxwwbptdEdP9S AqC5lsPtc470G6CMPcfXm6nNyg9IUEM//zJW/bIadwmjnNZK1HdpXkGiaJ9IwnQfKUEmKU7P 9KQdtyhSC9AT69m1zGxAewa1NfHJxzSJ0uNHPgXLDz+jtJygUJ5r59eaDNiichisMu5TP39q Yo3Cidz40w3vBfCSifW65UPClsBMGI2A5v7w+QOKLHee1I9RDpxVaGOqV/ER2CDt/kL/gsv1 izjMnK0NHKk7ZE6AVzQMys6OO+HsWhX9CtrbUTAwmpEK1B6Mdrws8/zhrM8fKIs86R43OVoQ vweE/hs8dwRIgkrDw81NMGnxKQ7LUzDrVvXY0KNPmNlF7Y+HFOhxzMRVla1nMX4JnDp5ZJWT nzJ/l6zfKfvsCwzVZmKOKL/nwrZULp0sLsaYnYk6+J7IC3EmLWG4QSr5hPrC6ng8Sn++wY=
IronPort-HdrOrdr: A9a23:a3ky5qs8XnKNM0OzhrQ2SO2l7skCwoMji2hC6mlwRA09TyXGra 6TdaUguiMc1gx8ZJh5o6H9BEGBKUmskaKdkrNhQotKOzOW9FdATbsSoLcKpgeAJ8SQzJ8k6U 4NSdkdNDS0NykGsS+Y2nj2Lz9D+qj9zEnAv463pB0BLXAIV0gj1XYCNu/xKDwQeOAyP+tBKH Pq3Lsgm9PPQwVzUu2LQl0+G8TTrdzCk5zrJTQcAQQ81QWIhTS0rJbnDhmxxH4lIn1y6IZn1V KAvx3y562lvf3+4ATbzXXv45Nfn8ak4sdfBfaLltMeJlzX+0eVjcVaKv2/VQIO0aOSAWUR4Z zxStAbToBOAkbqDyKISN3Wqk7dOXgVmjnfIBSj8AXeSITCNUMH4ox69Ntkmt+z0Tt6gDm6u5 g7h15x/qAnfS/ojWDz4cPFWAptkVfxqX0+kfQLh3gaSocGbqRNxLZvtH+9Pa1wah4S0rpXWd VGHYXZ/rJbYFmaZ3fWsi1mx8GtRG06GlODTlIZssKY3jBKlDQhpnFojvA3jzMF7tYwWpNE7+ PLPuBhk6xPVNYfaeZ4CP0aScW6B2TRSVbHMX6UI17gCKYbUki94KLf8fEw/qWnaZYIxJw9lN DIV05Zr3c7fwb0BciHzPRwg2fwqaWGLEDQI+1llu1EU+fHNcnW2AW4OSITr/c=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-AV: E=Sophos;i="5.97,261,1669075200"; d="scan'208";a="50916966"
Received: from alln-core-12.cisco.com ([173.36.13.134]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 31 Jan 2023 18:10:20 +0000
Received: from mail.cisco.com (xfe-rtp-001.cisco.com [64.101.210.231]) by alln-core-12.cisco.com (8.15.2/8.15.2) with ESMTPS id 30VIAJqh005282 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=OK); Tue, 31 Jan 2023 18:10:19 GMT
Received: from xfe-rcd-005.cisco.com (173.37.227.253) by xfe-rtp-001.cisco.com (64.101.210.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9; Tue, 31 Jan 2023 13:10:18 -0500
Received: from NAM11-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xfe-rcd-005.cisco.com (173.37.227.253) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.9 via Frontend Transport; Tue, 31 Jan 2023 12:10:18 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=LCOMgYT5dFOiPj3g9K/l1UzPPv7WMiMI4qC4nMDXHCU0x7LHfD9wR8P1HHdMfxTB0hnf0fyOw51auFFKnyvjcl+qr7uKafUMXEljP1Soew4rNo4YL/QEBuiZto+oZuk2OvSZ5kyzu4s5Bi4k/NEuEGqZvn8laVzT4agFr07fKbOFw9EO+qWUQZaxOT5WyxnXdCnmqGNyVBNKcVxofZUi4SPZYCscqqw9anTwsj22chc5Uad4v/GAjGm7cwJw2s28kJbkLl/nB4JzjJsBZBrV7aZPpB8a7r4GVJx6JNCsEWB5zgBTiHUgm82NK8ajt5HkFc3qxE6UU5o4pDV8xgBwfQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=Uvik+tRXhOj/j+LWv69ausU4scz/6ZlnhHnGnVg/7bM=; b=DzIjoiYVPzoWMKm42EEkrgCXnUSLJd0jy9V0PLgQYm5hGSGffqfiKzn8EjcgLg2jwTb907gJeBMwA207DhYRhi7FxfBvT/Qfc4r47laobIecrLVgnX3VJGK2vzxSDTxBNyzjCB81vF5Us4OKji4eN4p2Pjv0m6W6Vsb3iL9QybEWQ/iWZ7BTrFdARdalmGgLkdruOJ/W4GVjd6BJnjNqXhnFEzNz6+c74giPaJtzKHRzGiUhpBTsRiz5el9AYopb/dz0YueAxMcCMLADB/aqYhB5cQLDLbMbgYtOz5Ph/NvCzpCQI42N4EyzMJGBHtJkMCSvKvvBXEi99RK2tbhuYA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cisco.com; dmarc=pass action=none header.from=cisco.com; dkim=pass header.d=cisco.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Uvik+tRXhOj/j+LWv69ausU4scz/6ZlnhHnGnVg/7bM=; b=Jmc2NTLS93QDza29JToqVjRCjHLAlrQnvMgFuO7zd8ODJZbNi+z6nFa6wSvfSsgCrTkX08Ux+qsOTf3u9YCucW3i4VrV0kdnogpbTidxZjYDMWu65yyNI+n3ET+ti9HEXnxOhygr86++qCFC68e412+Ewn7/XNfx6fhUFP8QDCU=
Received: from DM4PR11MB5455.namprd11.prod.outlook.com (2603:10b6:5:39b::14) by CO1PR11MB4899.namprd11.prod.outlook.com (2603:10b6:303:6e::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6043.38; Tue, 31 Jan 2023 18:10:16 +0000
Received: from DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::af8d:b56c:ac88:7f3f]) by DM4PR11MB5455.namprd11.prod.outlook.com ([fe80::af8d:b56c:ac88:7f3f%8]) with mapi id 15.20.6043.030; Tue, 31 Jan 2023 18:10:16 +0000
From: "Scott Fluhrer (sfluhrer)" <sfluhrer@cisco.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, "Kampanakis, Panos" <kpanos=40amazon.com@dmarc.ietf.org>, "Vaira, Antonio" <antonio.vaira@siemens.com>
CC: LAMPS <spasm@ietf.org>, "draft-gazdag-x509-hash-sigs.authors@ietf.org" <draft-gazdag-x509-hash-sigs.authors@ietf.org>, "pqc@ietf.org" <pqc@ietf.org>
Thread-Topic: [lamps] Auditing HBS state usage
Thread-Index: AQHZNYvpEJXUuSYMvEWR3UCgZYYJn6640lzw
Date: Tue, 31 Jan 2023 18:10:15 +0000
Message-ID: <DM4PR11MB545523D89F48FB36083FD3E5C1D09@DM4PR11MB5455.namprd11.prod.outlook.com>
References: <08C331ED-453C-4812-955A-F2161B960329@vigilsec.com> <3439f87bb3bb4a199f706b791cba6b6a@bsi.bund.de> <6828097d5b5b4beabb0c4243b150077f@amazon.com> <99a43b5f4620438a9cb7ca539f70dbcb@bsi.bund.de> <DU0PR10MB5244B1BC5E40204EDBD0AFD1E0D09@DU0PR10MB5244.EURPRD10.PROD.OUTLOOK.COM> <d86eb6d6b0be4f58a51377bde590c521@amazon.com> <CH0PR11MB57396CB5F9341759B023A9309FD09@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB57396CB5F9341759B023A9309FD09@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=cisco.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: DM4PR11MB5455:EE_|CO1PR11MB4899:EE_
x-ms-office365-filtering-correlation-id: c1bb9fdd-d1e0-41a2-0a3a-08db03b667b0
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: S/Ga5OnHjJTait7f4ezOY6/lpeUFhosFk9weWDvkPM9GHEtpkvzZ3gDp2CPQfAJIKUNnvSjkI95dSRjo0janP2de9Du6IATLkbgH6lRnoV1k1lcpxaZcFcwDXy+qfkoe8KT0DkJJCVlMXvfJ14QLFCOdIuhK8OziR4YXxtoWjJK1kTRawlskAygFP/GEk23sxVPUDFgBY1NtFP+AOAqzQa+CTtox4bhqL/vNMt+wwfpMZOrqbfDe9kl4F/31srrj1Imo82kRcOcDUsFhvIVDrcRQLbjGLpWZ3GagSELAGwg5SYdiIHNqNsdmj+aEMO492ztZn3EfBvImMX9blFC2qicFxzV+p2olj+wnNSVr2kDnHXwmT3BABSmqk9ziV5CT1wRu61+ITOhK29b+bpOhn8Ed+eHvKXggLWHAhPwLlEleC1RZilFcZSofQr6hyW7+/r0SrOn3OHJA9PrEJfZBMFPm+rvj3h4xi+RFpuftUYSLAIu/RC6BJyI1Nlr5D/2awmbFpBL2eWnlShZqaF0mnzmAI/c7m6ZAQLkCY3XOhf3QMc6WxqdaUWOeRopyzn+MBw8h9OoIczmTvR0EEaf8jzr0YOqyaBU8VMC/P33Lp+7uiJlvthobDlWfpdzuOzAOHlirZiZoAw/+o2zGqcJG/rBAF0CeSX1wuRNqE9CiBJSHhmFoMS4NC2WcAS2M6yHQRcaOmo1++waI5tkHpb5nXAWLYfedQmiIw5cDFAZtZsmlCfmiR7t9WER6JvzluToCu2wXgt6Z7nwYW6bgKN7hdg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM4PR11MB5455.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(39860400002)(346002)(376002)(366004)(136003)(396003)(451199018)(2906002)(30864003)(38070700005)(66899018)(5660300002)(52536014)(8936002)(41300700001)(55016003)(4326008)(86362001)(316002)(66574015)(110136005)(45080400002)(83380400001)(8676002)(64756008)(66556008)(66476007)(76116006)(66946007)(66446008)(122000001)(38100700002)(71200400001)(7696005)(26005)(186003)(9686003)(33656002)(478600001)(6506007)(54906003)(966005)(53546011); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OemTTrHHRZ/R7bIqoLaZmnm/0MlKXl2JnhPY1RwGscgi5e6qSETeoV9dMM8M/MM3WpXzgNrN2kUlCplv8FSSyRGpJuy30UZe0yj1PnKkabPuymRcqHdVQ1DSkQYlo43siPPRkD3FLpovGzZUN6GafvjR7B2navA0TDQctHlt2KGFshGNJyMF6WyaQ+zmzZX6Kay75r3sUTqeI0FmNXhocfe9vrwo97wJJo7EgBRDBr6h7/Vl+nWof9ZWK/C2FrT0fw2Y9YKcoPd1VJHvN/kx6EvrjFtW2jvAcYeIQfv9LptYBWwJsXO89JDsy6nmC/jjfyftDelIQEh3DUAymumuRj6Eb04tYKlVtIbd+IIMRIzuzWfAjWc2gdZbw3dvqJIJoALiOG4ZNkBTEFzNXVhTFQQz4jsLcnxVjkd+7ymsKnvme1gLrGz9XwlHQdEpEkUyDhe3uStw2/pA3lMoPS9YVs/WWE1uLWO0Yf4tP273/9RkRCe3MOt4nW/dejdlYPbJpdF+0YRnXEJYvPY6fleFFtLKcMSfEtpitZTfQq3CQi1d/cYtPUPsMq9At6z9Hfit+opSQbknRVP023MpCCc3OJQcP2Z0UaT/prS01Dx4zdeeXFuLwDR9R0H0B4P0BViNsljw/+BG+1GdsYaX8GyFsh8Tyh512GeNuHE0rUPtcMDYNf1QgIWkH/wrYi6g1W6US1t66xQiBmRWvK/5WgWXZPAJR4LnNn4OK+1m8yhOvvfrM5kD5LF4S4wh+AsWYG3e+bpjKJ5+aI1uqB/FqX/+TX6qkC2Lag1ySY2sNEZ1ul7XE846YnhYzpisYEjb0Go7XcV6eBzaat7sOIHQqXWLUEPb4vuwq0BNF3gpRrFOil0XPy6K17CLfkG9UP+sVsY1BuFY/gMjVB9Ufsyo+Ubo5ua5Hwbwyj5PEprWEaxci85HCaEwZc+CuYAkVD6v1M9HEWmwedaC3cd+IMcYjukfSZ7cJmRVWv5JGcdg47K3NOixCAvyZ51Rea2ZIuLKZHnO+OdNDb183CfErPxWR9E4AjdeuMtbvNmUAKKjECdaVSvt0JR0Bl3muHkxrsl2F3GPpcnGMWXlqHnMxxHXTNVsWGkxilpCuO/7PonN+L/3uGHKQIEMFnm7/BtItUr6HCjwAWCBdVxU9pgHMuVs0KIq0eu1C65JYCyNmg1p+9MB/gzwh+Oy6+tKffgCYmDrmhoLedARqXDIYIrwRdOn2E+q8EEU1YZWRRJOSIHXmp2gkwkqso9jdydOYSQm0L6fSuLXo/+JxFrl8Hm7gjRtwPKI5p0ZC+Mzfzj0m1suMxYQxVdjYRZ9d6dXc5iUSP6qGgqfHAVihEZyu2DqzX2ZCbuAFbEjciMdNnlK0eojfx++q14QXvDlXL1uF7upGirBulj9ZV/zz0BnigQnkshKE0cIyb/pfc2lYa6lomUW3ARJPd4qB/HyIlEIW3qmNNk2QvG1TG/PKeQAQgHeE7mfWrJO9EkpRJzDOoIMFsAdmEaDSTPVOaaDE0f9NBGvR+ka0MSrj5+eD2pXUXiJh6PnkuQghIv8i4gTpVroaa2rwzQ9Isj9MSwkk8ZJ5MnDF6AiA/9c
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM4PR11MB5455.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: c1bb9fdd-d1e0-41a2-0a3a-08db03b667b0
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2023 18:10:16.0953 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: BYFtTRj4g5qddKG39wGhhdFUVbgzrNJeBYvbjbI2b1wtHVqVl+VXIV5GF0J2xPybTfXSYRqGeRtQQWIBYifq0A==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CO1PR11MB4899
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 64.101.210.231, xfe-rtp-001.cisco.com
X-Outbound-Node: alln-core-12.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ZpW3nVkZzwRUySwITW133766qjk>
Subject: Re: [lamps] Auditing HBS state usage
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 18:10:26 -0000
Actually, it's not that hard to extract the current state from either an XMSS(^MT) or LMS/HSS signature. For XMSS and XMSS^MT, the current state is at a fixed place in the signature. For HSS, the state is scattered in the signature; however it's not *that* hard to retrieve... So, expressing the current state explicitly in the certificate might make things a bit easier; however it doesn't fundamentally change anything > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth > Sent: Tuesday, January 31, 2023 10:51 AM > To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org>; Vaira, > Antonio <antonio.vaira@siemens.com> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org; > pqc@ietf.org > Subject: Re: [lamps] Auditing HBS state usage > > [changing title, and adding PQUIP list] > > > - my understanding of stateful HBS schemes is that the state of the private > key can be uniquely identified by the authentication path that is part of the > signature. Could we think to derive a unique value, out of this authentication > path and embed it into a certificate field? Maybe such certificate can be > further published, for example on CT, to allow public scrutiny of the CA > operations? > > Interesting idea! > Basically, explicitly put the private key state in the signature for easy auditing. > > > IMO the list of certificates issued by a CA is already well tracked and audited. > IMO if we're gonna get ourselves into trouble with over-using a HBS key, it's > gonna be uses of the CA key for things other than certificate signing; like a > stuck process that re-issues the same CRL 500 times, or a CA set up for direct > OCSP or CMP signing with the CA key, or .. who knows .. some CA software > that uses the CA key for backend TLS connections, or that uses the CA key to > sign audit records. All things that are completely not a problem today, so > developers and ops personnel might not even think about them when > moving to a HBS CA key. > > I like the idea of auditing signatures and private key states, but I think for it to > be effective you have to audit every signature performed by the HSM to > make sure you're catching "the weird stuff" that might not otherwise get > audited. In my mind, this is in the bucket of "quality of life features" that > HSM vendors will need to build in to their products that support HBS. > > --- > Mike Ounsworth > > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Kampanakis, Panos > Sent: Tuesday, January 31, 2023 9:28 AM > To: Vaira, Antonio <antonio.vaira@siemens.com> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org > Subject: [EXTERNAL] Re: [lamps] draft-gazdag-x509-hash-sigs-00 > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the sender and know the > content is safe. > > ________________________________________________________________ > ______ > Hi Antonio, > > > - my understanding of stateful HBS schemes is that the state of the private > key can be uniquely identified by the authentication path that is part of the > signature. Could we think to derive a unique value, out of this authentication > path and embed it into a certificate field? Maybe such certificate can be > further published, for example on CT, to allow public scrutiny of the CA > operations? > > Interesting. Indeed, Stateful leaf HBS certs (which will include the tree > verification path) could be published so auditors or verifiers could attest that > state was not reused. For the Web there is CT so that would be relatively > straightforward. But given these certs will not be used for the Web, it > probably does not help much. In a code signing case, a signer vendor that > signs its software would need to publish all HBS signatures basically for them > to be auditable to confirm state/OTS public key was not reused. It would be > operational overhead for vendors though to make all their signatures > available. > > There is the threat model that is important here as well. If I am the verifier of > company X created by company X to verify company X's software signatures, > do I need to audit company X's signing did not reuse SHBS state? Probably > not because I trust the signer who is probably auditing internally. But still, a > published code signing repo of all (Root signatures and ICA issued signatures > and software signatures) could provide assurance to 3rd parties that want to > be sure. It still is not perfect because someone could argue that some failure > scenario while signing may have reused state but the signature did not show > up in the published signatures, but it certainly raises trust. > > > > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Vaira, Antonio > Sent: Tuesday, January 31, 2023 7:33 AM > To: Kousidis, Stavros <stavros.kousidis=40bsi.bund.de@dmarc.ietf.org>; > Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org > Subject: RE: [EXTERNAL][lamps] draft-gazdag-x509-hash-sigs-00 > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > > Dear Stavros, Dear Panos, > > I hope I am not intruding this conversation, I would like to add a couple of > personal considerations: > > - I believe that we will also need to have "stateful HBS ICAs", to at least sign > "stateful HBS code-signing certificates". This would allow a relying party to > validate the code-signing certificates, and its associated certificate chain, by > verifying only one type of digital signatures, which in this case would be a > stateful HBS scheme. This type of ICAs may be handled as RootCA, so > probably there is not much to add to the security considerations. > - my understanding of stateful HBS schemes is that the state of the private > key can be uniquely identified by the authentication path that is part of the > signature. Could we think to derive a unique value, out of this authentication > path and embed it into a certificate field? Maybe such certificate can be > further published, for example on CT, to allow public scrutiny of the CA > operations? > - on a more generic note, the recent publication of CNSA 2.0, despite > applying only to NSS, may trigger other regulatory bodies, which may be > transversal to the scope of NSS, to adopt similar guidelines. Therefore I think > we might have to deal with stateful HBS sooner than later. > > - @Stavros: it would be very interesting to know more about how you plan to > handle the requirements from §7 of NIST SP 800-208. > > in my understanding, to fulfil the requirements set forth in this section > one would that initializing several hypertrees on different HSMs. One or > more HSMs may be used immediately and the remaining should be securely > stored for later use (as disaster recovery mechanism for example). I think > this approach might prove to be quite cumbersome, at least over a long > period of time (which is intended use of stateful HBS). > > do you see additional approaches that would allow to comply with the > requirements from §7 of NIST SP 800-208? > > > Many thanks > Antonio Vaira > > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Kousidis, Stavros > Sent: Monday, 23 January 2023 09:33 > To: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org > Subject: Re: [lamps] draft-gazdag-x509-hash-sigs-00 > > Dear Pano, > > thank you for your comments and suggestions, and sorry for the late reply. > > The typical use case we have in mind are root and (potentially also > subordinate) CAs which are using an HSM for cert signing that ensures the > secure handling of the state. When discussing this in the security > considerations we would also stress on NISTs proposal to use "Distributed > Multi-Tree Hash-Based Signatures" (see NIST SP 800-208 §7) as a design to > further ensure that states are handled appropriately. > > We have tracked the other use cases you mentioned as an issue in in our > repository. I think Stefan Gazdag has some experience here and we will > discuss how to incorporate your suggestions in the security considerations. > > Best > Stavros > > -----Ursprüngliche Nachricht----- > Von: Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> > Gesendet: Donnerstag, 29. Dezember 2022 18:23 > An: Kousidis, Stavros <stavros.kousidis@bsi.bund.de> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org > Betreff: RE: [lamps] draft-gazdag-x509-hash-sigs-00 > > One more comment regarding draft-gazdag-x509-hash-sigs. > > Stateful HBS had come up previously for X.509 and some participants voiced > serious concerns > https://urldefense.com/v3/__https://eur01.safelinks.protection.outlook.co > m/?url=https*3A*2F*2Fmailarchive.ietf.org*2Farch*2Fmsg*2Fspasm*2FDKP > DfaQZxF5_De9BYuoWsRKp4gM*2F&data=05*7C01*7Cantonio.vaira*40siem > ens.com*7C42f367be82dd413a64ae08dafd1c9a04*7C38ae3bcd95794fd4add > ab42e1495d55a*7C1*7C0*7C638100596561496300*7CUnknown*7CTWFpbG > Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6 > Mn0*3D*7C3000*7C*7C*7C&sdata=h25km8rodm9XTku1Chgjffe*2BEm9dOR > sXhMwrrDhcVzQ*3D&reserved=0__;JSUlJSUlJSUlJSUlJSUlJSUlJSUlJSUlJQ!!FJ- > Y8qCqXTj2!esBnp7Nl7B1z9kQbd2Cr_cAnMTdMiIqi4_tPkbBohCOjROZnG7We > Ocu5HmlSVFHnbif3t0MFYttHiFf4DUHO8hDBsvLpjr-H6OhAlgSN8g$ A > summary of the counter-arguments could be that CAs have messed up > before, how can we rest assured they will not reuse state. > > I think your argument for Stateful HBS in this draft is only for root CAs which > sign a few ICAs and then go to sleep and rarely wake up. Maybe another use > is for code-signing EKU certs where the signer controls its signing process and > the verifiers trust it. The draft also mentions subordinate CA certificates. I > don't think these are good use-cases for stateful HBS. I would suggest for the > draft to clearly stress the potentially use-cases for Stateful HBS. Also I suggest > for the security considerations section to stress the importance and how you > envision these use-cases will be able to address the state concern. For > example a Root CA uses an HSM and signs very few ICA certs and then goes > offline. Another example is a code-signer keeps track of all its signatures and > can go back and attest the state was not reused periodically and its verifiers > usually trust the signer. Another one could be the state look ahead where > you retrieve x states and change your pointer before you even start signing > anything. > > > > -----Original Message----- > From: Spasm <spasm-bounces@ietf.org> On Behalf Of Kousidis, Stavros > Sent: Saturday, December 24, 2022 12:11 AM > To: Russ Housley <housley@vigilsec.com> > Cc: LAMPS <spasm@ietf.org>; draft-gazdag-x509-hash-sigs.authors@ietf.org > Subject: RE: [EXTERNAL][lamps] draft-gazdag-x509-hash-sigs-00 > > CAUTION: This email originated from outside of the organization. Do not click > links or open attachments unless you can confirm the sender and know the > content is safe. > > > > Dear Russ, > > thank you for the information. > > In the next version we will adopt the "OCTET STRING" definition of RFC 8708 > for HSS and apply this also to XMSS/XMSS^MT. The same applies to > SPHINCS+ where we will adopt the definition of "draft-ietf-lamps-cms- > sphincs-plus-01". > > Best > Stavros > > -----Ursprüngliche Nachricht----- > Von: Russ Housley <housley@vigilsec.com> > Gesendet: Freitag, 23. Dezember 2022 18:12 > An: draft-gazdag-x509-hash-sigs.authors@ietf.org > Cc: LAMPS <spasm@ietf.org> > Betreff: [lamps] draft-gazdag-x509-hash-sigs-00 > > Dear I-D Authors: > > RFC 8708 has this definition: > > HSS-LMS-HashSig-PublicKey ::= OCTET STRING > > This will carry the bytes as defined in RFC 8554. > > draft-gazdag-x509-hash-sigs-00 says: > > HSS-HashSig-PublicKey ::= SEQUENCE { > levels OCTET STRING, -- number of levels L > tree OCTET STRING, -- typecode of top-level LMS tree > ots OCTET STRING, -- typecode of top-level LM-OTS > identifier OCTET STRING, -- identifier I of top-level LMS key pair > root OCTET STRING -- root T[1] of top-level tree > } > > This will produce a different byte string than RFC 8554. I think this is a > problem. There should only be one way to encode the HSS/LMS public key. > > Russ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://eur01.safelinks.protection.outlook.co > m/?url=https*3A*2F*2Fwww.ietf.org*2Fmailman*2Flistinfo*2Fspasm&data= > 05*7C01*7Cantonio.vaira*40siemens.com*7C42f367be82dd413a64ae08dafd > 1c9a04*7C38ae3bcd95794fd4addab42e1495d55a*7C1*7C0*7C63810059656 > 1496300*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=BzfXk7I > kssXiXjWumPeivk5qXUsPP2tXjqRJZXx3QB8*3D&reserved=0__;JSUlJSUlJSUlJSU > lJSUlJSUlJSUlJQ!!FJ- > Y8qCqXTj2!esBnp7Nl7B1z9kQbd2Cr_cAnMTdMiIqi4_tPkbBohCOjROZnG7We > Ocu5HmlSVFHnbif3t0MFYttHiFf4DUHO8hDBsvLpjr-H6OirgtotNA$ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://eur01.safelinks.protection.outlook.co > m/?url=https*3A*2F*2Fwww.ietf.org*2Fmailman*2Flistinfo*2Fspasm&data= > 05*7C01*7Cantonio.vaira*40siemens.com*7C42f367be82dd413a64ae08dafd > 1c9a04*7C38ae3bcd95794fd4addab42e1495d55a*7C1*7C0*7C63810059656 > 1496300*7CUnknown*7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2l > uMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0*3D*7C3000*7C*7C*7C&sdata=BzfXk7I > kssXiXjWumPeivk5qXUsPP2tXjqRJZXx3QB8*3D&reserved=0__;JSUlJSUlJSUlJSU > lJSUlJSUlJSUlJQ!!FJ- > Y8qCqXTj2!esBnp7Nl7B1z9kQbd2Cr_cAnMTdMiIqi4_tPkbBohCOjROZnG7We > Ocu5HmlSVFHnbif3t0MFYttHiFf4DUHO8hDBsvLpjr-H6OirgtotNA$ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm_ > _;!!FJ- > Y8qCqXTj2!esBnp7Nl7B1z9kQbd2Cr_cAnMTdMiIqi4_tPkbBohCOjROZnG7We > Ocu5HmlSVFHnbif3t0MFYttHiFf4DUHO8hDBsvLpjr-H6OgQtC7kZg$ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm_ > _;!!FJ- > Y8qCqXTj2!esBnp7Nl7B1z9kQbd2Cr_cAnMTdMiIqi4_tPkbBohCOjROZnG7We > Ocu5HmlSVFHnbif3t0MFYttHiFf4DUHO8hDBsvLpjr-H6OgQtC7kZg$ > Any email and files/attachments transmitted with it are confidential and are > intended solely for the use of the individual or entity to whom they are > addressed. If this message has been sent to you in error, you must not copy, > distribute or disclose of the information it contains. Please notify Entrust > immediately and delete the message from your system. > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] draft-gazdag-x509-hash-sigs-00 Russ Housley
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kousidis, Stavros
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kampanakis, Panos
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kousidis, Stavros
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Vaira, Antonio
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kampanakis, Panos
- Re: [lamps] Auditing HBS state usage Mike Ounsworth
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Tim Hollebeek
- Re: [lamps] Auditing HBS state usage Scott Fluhrer (sfluhrer)
- Re: [lamps] Auditing HBS state usage Russ Housley
- Re: [lamps] [Pqc] Auditing HBS state usage Fregly, Andrew
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kousidis, Stavros
- Re: [lamps] [Pqc] Auditing HBS state usage Vaira, Antonio
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Vaira, Antonio
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Seo Suchan
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Tim Hollebeek
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 Kousidis, Stavros
- Re: [lamps] draft-gazdag-x509-hash-sigs-00 antonio.vaira@siemens.com