Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk

Tim Hollebeek <tim.hollebeek@digicert.com> Wed, 29 May 2019 18:18 UTC

Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ED48A120158 for <spasm@ietfa.amsl.com>; Wed, 29 May 2019 11:18:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.71
X-Spam-Level:
X-Spam-Status: No, score=-2.71 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=CkRgz2Zw; dkim=pass (1024-bit key) header.d=digicert.com header.b=DtvHFBjU
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rGsEcp-cBMzx for <spasm@ietfa.amsl.com>; Wed, 29 May 2019 11:18:42 -0700 (PDT)
Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 9C79D12004F for <spasm@ietf.org>; Wed, 29 May 2019 11:18:42 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1559153921; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references:openpgp:autocrypt; bh=LxujELyLZ0KUxUGEv2iEwGBmTqjy/7rwdNX/u/vOwDE=; b=CkRgz2Zw+1+XRhvl5AQsB4FViY1c0SRmwl65K5uE2jUeUktV/j2dAeaSf/HiFKg6ss82RI TBgD4EOQRbTgaUID/cNVxDx5bA9ecz556Q18bWo4LqYOM28FkY+WueD3AX25uS0hcPExz7 wWYoQ0PiD78Z7ClOeKznjaRYJMVAqJA=
Received: from NAM05-CO1-obe.outbound.protection.outlook.com (mail-co1nam05lp2059.outbound.protection.outlook.com [104.47.48.59]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-173-b_sfHckyOie_2BHLRa2s-Q-1; Wed, 29 May 2019 14:18:38 -0400
X-MC-Unique: b_sfHckyOie_2BHLRa2s-Q-1
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=LxujELyLZ0KUxUGEv2iEwGBmTqjy/7rwdNX/u/vOwDE=; b=DtvHFBjU0DDOYzZkqMuEqfR5+jJKJjp5jemJmgjhulNMPhpQWumbHMx3Zwp0Ek7mqQqUdED9ePtjb/B4LKiuC5SEW4t48F9PWXAdI/UTwIyZ3lbGCTiJBmvJuYOhNX/t7GBhvjQezJqZ21daW5a320zp1o/DdamxDz9/x6DnAH8=
Received: from MWHPR14MB1533.namprd14.prod.outlook.com (10.173.233.145) by MWHPR14MB1216.namprd14.prod.outlook.com (10.173.101.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1922.20; Wed, 29 May 2019 18:18:36 +0000
Received: from MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::b9aa:dc2e:2670:8d4f]) by MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::b9aa:dc2e:2670:8d4f%7]) with mapi id 15.20.1922.021; Wed, 29 May 2019 18:18:36 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: "Hammell, Jonathan F" <Jonathan.Hammell@cyber.gc.ca>, "'spasm@ietf.org'" <spasm@ietf.org>
Thread-Topic: Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk
Thread-Index: AdUUjUhsTWU98srlTk2AlTzaw5oH1ABvY4hQ
Date: Wed, 29 May 2019 18:18:36 +0000
Message-ID: <MWHPR14MB15338D1A4686193E48C3D36D831F0@MWHPR14MB1533.namprd14.prod.outlook.com>
References: <20190527133129.7B27312001A@ietfa.amsl.com>
In-Reply-To: <20190527133129.7B27312001A@ietfa.amsl.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com;
x-originating-ip: [98.111.253.32]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: d57944dc-8a9a-43a6-0c88-08d6e4621112
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600148)(711020)(4605104)(1401327)(2017052603328)(49563074)(7193020); SRVR:MWHPR14MB1216;
x-ms-traffictypediagnostic: MWHPR14MB1216:
x-microsoft-antispam-prvs: <MWHPR14MB121650A59316E9C23416EAD7831F0@MWHPR14MB1216.namprd14.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:1923;
x-forefront-prvs: 0052308DC6
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(376002)(396003)(366004)(136003)(346002)(39860400002)(189003)(199004)(13464003)(110136005)(33656002)(966005)(14454004)(478600001)(305945005)(6506007)(53546011)(55016002)(9686003)(76176011)(6306002)(102836004)(66946007)(66616009)(76116006)(66446008)(64756008)(66556008)(66476007)(73956011)(7736002)(99286004)(7696005)(71190400001)(71200400001)(5660300002)(6436002)(66066001)(2906002)(68736007)(5024004)(14444005)(256004)(316002)(6116002)(3846002)(486006)(81156014)(476003)(86362001)(53936002)(186003)(11346002)(81166006)(229853002)(8676002)(26005)(25786009)(446003)(8936002)(44832011)(99936001)(6246003)(74316002)(52536014)(491001); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1216; H:MWHPR14MB1533.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: TRe1LOZxAseXDHJA74tK2Lv7FgCP1IKnonkL3Sfmx3A1eFSKH/YrJl/Xide3swdFoOCQBn8sLcuiXDb5hwCQJHbeU5C+nlEtSn2+9OF6eI+5lJTm84ammQ4FrPZZ5Pgf2mfNL52uxuFZsZG2XIpK8NfHZB2gzhgEVzY9advfkXE5ISE2JE+coWPnnVx7KNa24pa12pIz3oT/vh1uH+kwvSqO0CES4ZC8FMas7h+TgzYytc/Gfo8Aoqzjtddz9oMuGg1C7Er3NiEJbhYZ8LfPbBO3mxyCFeD9xg8uoR5fiOFSCT/iXgH5ph7OykYk0Ae9aqHESFY4fCEshQcuIPxcvdmbCZ/8i0J+ykgQpT/SL932RU/Gjbr8j1an3jeNEV6vRPPvR0F8+jS9GnkS4Brz+K3PWSzntfg20qstOm0yaeU=
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0327_01D51629.57243AC0"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: d57944dc-8a9a-43a6-0c88-08d6e4621112
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 May 2019 18:18:36.2966 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: tim.hollebeek@digicert.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1216
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/KLXwZhY4kpt7DWM3CkUTXvU6sF4>
Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 29 May 2019 18:18:47 -0000

Thanks for doing this, this is really interesting and useful.

-Tim

> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Hammell, Jonathan F
> Sent: Monday, May 27, 2019 9:31 AM
> To: 'spasm@ietf.org' <spasm@ietf.org>
> Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk
> 
> Classification: UNCLASSIFIED
> 
> Sorry for the late comment.  My colleagues and I did review the draft and
we
> have no suggestions for text changes.  We also produced a ProVerif model
> (attached) in an attempt to verify some of the cryptographic properties.
> Details are below.  Let me know if you have any questions or issues.
> 
> # Assumptions/limitations
> The model is limited to the Key Agreement algorithm and is bounded with
two
> hardwired originators and hardwired recipients.
> 
> We assume the DH key exchange is broken using a quantum computer such
> that the recipient private keys are known at the outset. We have modeled
this
> by revealing the recipient's DH private key on the channel.
> 
> All recipients have DH certificates signed by a trusted CA. These are
shared
> with all at beginning of the protocol.
> 
> In an effort to model configuration choices of key encryption and kdf
> algorithms, we included settings for using strong or weak algorithms (in
the
> quantum perspective). The model allows the attacker to modify the settings
to
> both the originator and the receivers' algorithm configuration to use
quantum-
> vulnerable algorithms.
> 
> # Security queries
> Our interpretation of the draft is that it is attempting to solve the
problem of
> maintaining the confidentiality of an encrypted cek from an opponent with
the
> ability to break the DH public keys with a quantum computer. Therefore our
> model is limited to proving confidentiality of the cek in the face of such
an
> attacker.
> 
> The model contains two types of queries:
> 
> 1. Sanity - Whenever a sender s sends an encrypted version of cek to an
> intended recipient r then recipient r receives the same cek from sender s
.
> 
> 2. Confidentiality-  An attacker cannot learn the cek during a protocol
run
> unless the sender uses weak crypto (in the quantum perspective).
> 
> # Running the model
> proverif -graph . Using_PSK_in_CMS_Keyagree.pv
> 
> ProVerif spits out a lot of info, but the important statements about the
queries
> are prefixed by the string "RESULT".
> 
> 
> 
> ---
> Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk Russ
Housley
> <housley@vigilsec.com> Fri, 10 May 2019 15:00
> UTChttps://mailarchive.ietf.org/arch/browse/spasm/?q=mix-with-psk
> The only comment that I received is to add <CODE BEGINS> at the top of the
> ASN.1 module and <CODE ENDS> at the bottom of the ASN.1 module.  I will do
> that now.
> 
> Russ
> 
> 
> > On May 10, 2019, at 10:52 AM, Tim Hollebeek
> <mailto:tim.hollebeek@digicert.com&gt; wrote:
> >
> > It appears no one has any further comments on this document, and it is
> ready to proceed.
> >
> > -Tim
> >
> > From: Spasm <mailto:spasm-bounces@ietf.org
> > <mailto:spasm-bounces@ietf.org>> On Behalf Of Tim Hollebeek
> > Sent: Friday, April 19, 2019 10:45 AM
> > To: SPASM <mailto:spasm@ietf.org <mailto:spasm@ietf.org>>
> > Subject: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk
> >
> > This is the LAMPS WG Last Call for "Using Pre-Shared Key (PSK) in the
> Cryptographic Message Syntax (CMS)" <draft-ietf-lamps-cms-mix-with-psk>.
> Please review the document and send your comments to the list by 6 May
> 2019.
> >
> > The datatracker page for the document is
> > https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/
> > <https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/%3
> > E
> >
> > Thanks,
> >
> > Tim
>