IETF Logo Mail Archive

Re: [lamps] [EXTERNAL]Re: Call for Presentations at the LAMPS Interim Meeting on 28 Jan 2021

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 13 January 2021 20:02 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4A9B33A12EA for <spasm@ietfa.amsl.com>; Wed, 13 Jan 2021 12:02:14 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.101
X-Spam-Level:
X-Spam-Status: No, score=-2.101 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T1B_pUFnUQ46 for <spasm@ietfa.amsl.com>; Wed, 13 Jan 2021 12:02:12 -0800 (PST)
Received: from NAM10-BN7-obe.outbound.protection.outlook.com (mail-bn7nam10on2096.outbound.protection.outlook.com [40.107.92.96]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 71E1F3A1396 for <spasm@ietf.org>; Wed, 13 Jan 2021 12:01:23 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=YkMXKGnBBe453YQ7B0xvTCBQelLtr41iM02/+6E/IPliRYl8FAAbl4UJ/+DlsQF7q+zk0Addxa49boZKbMKSntnvTztm7LcLap7+C9XJ/qJUmPaQPOcHsC6fTLwAgRlKz/obM0yoYyY1DvQiMCSfhbYBvkCsHr0C63IOTdXq+UAYr5OSlQrb9OPW0yIDsIKoCyiXzKM45OSLbysrGcfc2qh3W+2Kttlpp8XV6OytFFW3vlMZSfXwk7y4sOE6koWvjmztoiBnroRe4GBUaJsp2uXjc8MP+mDaQeCdBxeCOxjubuiyG2TCCWVCZVIYDS89GgE5CNDuI8DqQxQ92A2OGg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qtyb5BbaxgQ9+LBMu8L1FY6Rjbfy7Qdcib1cHRVe9J0=; b=oTxUSGX3FVELsRkr8C+zIs6XysHHYd0Lk7YH8x9jIvamfXI8bpec1LIBggj1o/ewwDVbYdkXrLONzHAtG+yHgNpK+RdZ3GGaez2+QJOaD7zvwC7Eizgfn2bZUxCq3i9yArYhqoKMHHroZl7pcXOmo4074jkgBj84+Iu/0P3jX/VigqdCUyZ6MjwZECLivo8xvqagDyI1vYPVb8h1fvaRe/C6xZyW+T9wzObNzhZhvTTuVgCNJVqTNLxyW815fDlYYUp7iDj4t0FMjEUnjihnuk+ahKSVQH+9ssfspUqiWpTv0nhW3SmBl5gRiKdvniF3LUxmdUKVk6yxBHIF5yrZ0w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; s=selector2; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=Qtyb5BbaxgQ9+LBMu8L1FY6Rjbfy7Qdcib1cHRVe9J0=; b=K2JpW5+T4ZKWTCTffd3FGyfoKQRFwhUsMc+hwde35nSsdy7EF0pn0JZVCTrjrRBnkCfas7B45TOA39Y4KPlPUdpxT1kyQFedOg1Eih1olDMssdQ9ZidIapd5BQzyqdq2yTGRUWAi6Wa3Mm2OpKF1j7hdWIIyKHCGtGuc946URSgVHXhjc+8FmV9HuCG7CYDVxGBgH/yqJzTsP98GKeXTs+nsp7MA34K+6c/cU+xd9v4KeOotq3troOOriSe5MRkcAonjY1VKIgmMIhGW3BADOdx1CtlNzd4AO40hy8fZ2u08BKIPIAUZ20xgCN4gh01NFOb0aouzNdiED6Zu15ykDg==
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM6PR11MB4409.namprd11.prod.outlook.com (2603:10b6:5:1df::30) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3742.6; Wed, 13 Jan 2021 20:01:21 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::15ab:1cac:c06:c1f8]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::15ab:1cac:c06:c1f8%7]) with mapi id 15.20.3742.012; Wed, 13 Jan 2021 20:01:21 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, Michael Richardson <mcr+ietf@sandelman.ca>, LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] [EXTERNAL]Re: Call for Presentations at the LAMPS Interim Meeting on 28 Jan 2021
Thread-Index: AQHW6ebclr6lpPDytEOcWe8MTZ0juw==
Date: Wed, 13 Jan 2021 20:01:21 +0000
Message-ID: <DM6PR11MB4380B9B6B39A98DF192720B59FA90@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <2C7FE71D-D3DA-49CF-B133-EAC979309951@vigilsec.com> <D95BD95A-ED8C-4275-AE4F-463A41A6C85C@vigilsec.com> <BN7PR11MB254730455D173EB9769B6632C9A90@BN7PR11MB2547.namprd11.prod.outlook.com> <6452.1610560502@localhost> <DM6PR11MB4380C66B31D31C4B13912D859FA90@DM6PR11MB4380.namprd11.prod.outlook.com>
In-Reply-To: <DM6PR11MB4380C66B31D31C4B13912D859FA90@DM6PR11MB4380.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dmarc.ietf.org; dkim=none (message not signed) header.d=none; dmarc.ietf.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [72.139.200.247]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 48ff28ad-ef9d-410f-2842-08d8b7fdff6b
x-ms-traffictypediagnostic: DM6PR11MB4409:
x-microsoft-antispam-prvs: <DM6PR11MB4409533325513C61B66159639FA90@DM6PR11MB4409.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: H12JbY1j7VMVBr01iVMKvvffFcNMnvjcpzulTdsD9AdkeA1Dys38bOT9YrwhMkHRw+V7RNcxhtVmqYhSiAqQsCF2yJIzhCdq61WGHA6LHAhDOOfySRtU5XBkpo2KdcqpNohVjYxsNKk8ele1scO8umDJzTi+wz0YBA16MojDpnXhsvH8R82jPfcGFKaGqcyhYNzC86nTgjHXsxKxgKqyzrh7q/QRlyCIyEeJRsqPAwdImF5dldftnT2Nm05TnZLIDxF3S6VDu6tp8Yhsug6HvdnUmC139wpi10UxPVFhS50IYj9hbQFy/0ZQVxYiTBnrXdEq8jD5b/svsOeiJs053qIPcKi5aa6Vd8y2lFZb6M+6Mnf8fKOJc5k3X7r4VcQA0Qii6HuS6xQx7e5WrW2b388D65Mal+JdXi0L3z6u54iUWzuD2av9nSuYyXg/iZab3UH3wNJMy5RaBeIKA5zLvfXdpun8fV1QgbjNZz5EZ5r6AG4JrLq72p9nw6ZTWSQYCw0vHs6L4HNyQovL/nZL0A==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(396003)(376002)(39860400002)(346002)(366004)(136003)(26005)(316002)(186003)(6506007)(52536014)(55016002)(110136005)(2906002)(966005)(53546011)(83080400002)(86362001)(66476007)(66574015)(66446008)(478600001)(2940100002)(33656002)(5660300002)(66946007)(83380400001)(9686003)(7696005)(8676002)(66556008)(8936002)(71200400001)(64756008)(76116006); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: VRmmvtqGFIfCRgjFHFnmtwvEtqFlMpO26wnzzDXbl6LE+JnCm/azDLIWDN7zR0ji6k1a5LMJEBFZvoHDDKklWEJX2nkvb+v8EbKfs5mGwqI5hJ/vjq2f7ojGZ8rwL6N61oOYCAo9m9SWESGHSbxvHZi4YlkJH65xQWmT6rCs7fFb8tCuX9wl68c1UmTCdZa6ur3WKRfuWoMuuXD38QYBqagbdgDIFbxPaQ8Jc3lG2l2X2UPs3lJ0wbtOXxwfg1Qu2uyClJU1Pw62PpxYDdAwIk+23WNZsctQd6Ni2WP4t84U9DmrOOua7NhGnP1krITgu3XS4BYsdevIVbA91JzRyCQlGhTXu+H8gMtXOebvEREc3g/f6SqYtIFGQCwDaNQNEzjnb8IhhH1ZijrVFVDW9q2/RwKYY9uPIDPuCvxvmXn8ymhhXWuuW+w4vjjAunvtr2BiBOKQxz3qpw/jHY7TfZAEwKtUOonberDVIc5RM5RHyJoHAQeDy2D0jIPUzfK1Zy+Vwpfu3Z25ACnzEos2EvhlpfkcFugHJl2eeqxjl+fAnWu9jaVz8q4U0yaD2Jimx+yEGQyjSWEPtpAmjASTo9FDEpl11xbouP5JAmBsXEEoaRG8Cg1fqJ+FlEOsKB1ud+dHw/4I3kW4pYx6Y3Hl8N/m8wrerrW+zAa91F4prV2Y6Va+TxY3DSypDpdb6tqCJwiFYLqOoKzLQfiNMMa5OU+zR9Es8j7Ebzk51a0PhabiQhMHq7dgNfsNOFNEHH2lfSonNDppQYofibj6go42mfmtj93mQ40Y7l+6oOopcQe/CDZMoyiERhG5YNbtrH7DIP7iclgbJZVYVRXLX7A6Kwew4QMyE/rL6VJExgsTLZI1Nl9K0ZGO7AY+JDoqsZLL8OyW24hmQIgUCdge+T6dkwN5F7B1D2cvEuvpNsGjFi0x5X8I87h3iODA6zvG2qWSSVttfAvXWiFJPEJi7wt5AIRk54+nQGkPuSyvn6wk9kQ=
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 48ff28ad-ef9d-410f-2842-08d8b7fdff6b
X-MS-Exchange-CrossTenant-originalarrivaltime: 13 Jan 2021 20:01:21.1327 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: j1jqtiJq+yZ4gQ3NQGJpyK+Mhr8HR22WsdmQfwExYu44gqBio3dG3ifl8enXN7mdLygTT/dZJlnsvztsywK55BaWXs5qWgBIaO55VUfY1Y8=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM6PR11MB4409
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/uRm7I6_j7szLdcuZCZaBeJYtKDo>
Subject: Re: [lamps] [EXTERNAL]Re: Call for Presentations at the LAMPS Interim Meeting on 28 Jan 2021
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 13 Jan 2021 20:02:14 -0000

Another note: I am aware that LAMPS is a bit of an odd place for a draft that does not actually update any PKIX standards, but this has bounced a few times between LAMPS and SecDispatch (see thread "[Secdispatch] Can Composite sigs move back to LAMPS?"). There seems to be support for advancing this draft, and LAMPS is as good a home as any.

Therefore, I submit that LAMPS should look at standardizing mechanisms to meet the NIST call of carrying dual signatures in PKIX-like protocols. I would submit draft-ounsworth-pq-composite-sigs as one such mechanism, but likely not the only one. I think things will need to carry two signatures and LAMPS is in the right place to standardize an encoding. I believe standardizing "dual signatures" in general is independent from whether it's appropriate to use them on X.509 certificates.

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth
Sent: January 13, 2021 1:04 PM
To: Michael Richardson <mcr+ietf@sandelman.ca>; LAMPS <spasm@ietf.org>
Subject: Re: [lamps] [EXTERNAL]Re: Call for Presentations at the LAMPS Interim Meeting on 28 Jan 2021

At the risk of over-complicating everything, we see the One-Cert vs Two-Cert discussion as in some senses orthogonal to our composite keys and signatures draft (draft-ounsworth-pq-composite-sigs).

I think that shoehorning this into a "one-cert vs two-cert" discussion is missing some of the potential value of the Composite proposal.

In writing the composite draft, we were careful to not make it a certificates draft, and instead stick strictly to public key, private key, and signature OIDs and ASN.1 encodings. At present, we are just looking at composite key and signature formats so that there is an obvious and standardized way to meet the NIST call for putting dual signatures on <thing>; whatever <thing> is.

For example, someone way want to combine both approaches and have a Two-Cert ecosystem where one of the certs is Composite:

Cert1: {RSA}
Cert2: {RSA, PQ}


Another example of them being orthogonal is a case where you have separate certificates {RSA}, {PQ}, but for protocol simplicity you want to use the composite signature structure {RSA,PQ} on the wire.

Our draft (draft-ounsworth-pq-composite-sigs) is really trying to be orthogonal from the One-Cert vs Two-Cert question.

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Michael Richardson
Sent: January 13, 2021 11:55 AM
To: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL]Re: [lamps] Call for Presentations at the LAMPS Interim Meeting on 28 Jan 2021


Panos Kampanakis \(pkampana\) <pkampana=40cisco.com@dmarc.ietf.org> wrote:
    > I have been on both sides of the argument, Classical+PQ signatures or
    > parallel (classical, PQ). Recently I have been thinking that we probably
    > can't avoid keeping classical PKI for backwards compatibility which probably
    > makes the Classical+PQ sigs less appealing.

First, I think that we need better terms to explain the two options.
Russ has used "One Certificate" and "Two Certificate".

I think that in the "One Certificate" case, that the PQC and traditional (He said "traditional", and Panos said "classical", btw) CA signers would sign both BQC and traditional keys.  Right?


    > Especially for live protocols
    > like TLS, this argument is even more relevant especially since the big cert
    > would be penalizing the classical peer with unnecessary PQ sig data.

It seems that for live protocols we can negotiate, and the server can send only what is needed, so there are really no byte-size issues.

    > But I have heard some arguments for classical+PQ for non-TLS usecases. An
    > example could be SW Signing. I would argue that PKCS#7/CMS can include
    > multiple sigs (in SignerInfo) in the SignedData as clarified in RFC4853, so
    > even for SW Signing we may not need Composite or Hybrid Classical+PQ
    > Signatures.

That seems to be the parallel case, isn't it?

I have a different concern to ask as well:
  Are hash-based signatures in the classical or PQC category?

    > I gave this presentation at the NIST NCCoE Virtual Workshop on
    > Considerations in Migrating to Post-Quantum Cryptographic Algorithms:
    > https://www.nccoe.nist.gov/sites/default/files/10-Housley-NCCoE-Workshop-Tra
    > nsition-to-PQC-Certificates.pdf

    > This short presentation still captures my view.  Are there people with a
    > different view that would like time on the agenda at the LAMPS Interim on 28
    > Jan?  I would like to make sure that all point of view are heard.

Russ' preference is for "Two Certificate" case.
I think that it is equivalent to having RSA and ECDSA ecosystems alive, which I think we have managed reasonably well.
So I don't think that I have a diverging view.

--
Michael Richardson <mcr+IETF@sandelman.ca>   . o O ( IPv6 IøT consulting )
           Sandelman Software Works Inc, Ottawa and Worldwide _______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.23.0 | Report a Bug | By Email