Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 17 March 2021 17:01 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 129263A0B12 for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 10:01:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6FOL-LA_hf_8 for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 10:01:51 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0F4903A0AFE for <spasm@ietf.org>; Wed, 17 Mar 2021 10:01:50 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12HH1eLL011487; Wed, 17 Mar 2021 12:01:48 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=H1oye5Ng5LcUZakNCSmASCXO+cv1b1pFBC/VmTKWcS8=; b=cx61EU4UKE0SNAa2QOf2k8hby8TE9H17ejh6Daz3bI2D6DCyjbwWnuJqmKUHi6xAo/ef jHtSURJZztoMseEAGqOHGtzbrXMNfqF4NBN2Lj30wKuYgI9Fi/G2R/29mMKw6+Lph8Py uIafDrfAfBr+gg3hWtSn2Tw4O/5JZTWpz9bIyhTV2oCuXKVsIxky+1nykBnWDagSfvrY YsDm/27BH3LA7eCpUV4orvpu2WEcSYkxj2Or96U8U9egegTPPZkzrmqtSQnBL+vuyN0S HKic5STJhb2bYES2THkQcto+M98Rb7IpIjSu/W38tXqNqAHbLa7hHuOmhJ8wzsytVD4X PQ==
Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11lp2169.outbound.protection.outlook.com [104.47.56.169]) by mx08-0015a003.pphosted.com with ESMTP id 378s8u16q5-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Mar 2021 12:01:48 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=SH1qyId2XnQx2DdU6Gwj/DV72QR2eYNVw1bQGwvwmQctWIKX5ed0jCCuWGQbiJO8QX3xhZPyb4bnIhgLZqstHaqjfEl/7KekAQO9yYzH5ExjxEedoaab0ZwAKv/juwWCBo0bec9PARs4IAd6cXSaQ9XKGfM0U+ot1svfZKb9VC0Ibj72Azc9jQUwuHXqf1ts3kuCQRDw/poXFtL2iRIyeVzD9kAo2ukOVZjymaHE+PDrQ1GG/9C99HTE0GDDNdrf9PKf5ZtZU/r4aug3NgvpQ52gDMWff3tPNNKg1CFmHALAUedy36+EIyiMa/v4yXvTdc3eo1/0P//yEmDEk6FN1g==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=H1oye5Ng5LcUZakNCSmASCXO+cv1b1pFBC/VmTKWcS8=; b=f5jY1L/BmZ6Qs9zDwlQTWho9epjmvoQf7WdQVoPugW8SacmA0QBlHiw1MOnRH2kmWrawyxf672gQhiCm9DKMIJvxV3ZrlC8bUpt/Y7EyriJRvVcuP4fBE0x+/BkMwc24tsLmoTnEO7QlOLGzo/yiJpsFgw0O4ModvMmUr8tHWXGN7rz0Bsy902zN3KESvyssThiRX6qtfqhEfiWfoR+4DWzcXK2YXpf5Sn5LSo83HNZVnWdHWK2lKMOPMTc8av7QgEddJfLOLLUU9nHMZ8D0Y0WyYobAkoH87OaExxtE4C1+ldFtkQz16DSsiI4gCL6L7pLo7kmI4EN7oAZUSykDeA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM4PR11MB5423.namprd11.prod.outlook.com (2603:10b6:5:39b::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3955.18; Wed, 17 Mar 2021 17:01:45 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13%4]) with mapi id 15.20.3955.018; Wed, 17 Mar 2021 17:01:45 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Nick Lamb <njl@tlrmx.org>
CC: "spasm@ietf.org" <spasm@ietf.org>, "hendrik.brockhaus@siemens.com" <hendrik.brockhaus@siemens.com>
Thread-Topic: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern
Thread-Index: AQHXG04b/FfPX5tJUEWuQMyBmKXxdqqIZkCw
Date: Wed, 17 Mar 2021 17:01:45 +0000
Message-ID: <DM6PR11MB43805D4858EAB2D3CD03B3099F6A9@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <20210316161932.6e2d2075@totoro.tlrmx.org> <DM6PR11MB43807A80242CC755A6AE06BF9F6A9@DM6PR11MB4380.namprd11.prod.outlook.com> <20210317165326.157d948b@totoro.tlrmx.org>
In-Reply-To: <20210317165326.157d948b@totoro.tlrmx.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: tlrmx.org; dkim=none (message not signed) header.d=none;tlrmx.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [206.214.228.99]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: a3249c7c-ec6e-4608-57dd-08d8e96658bf
x-ms-traffictypediagnostic: DM4PR11MB5423:
x-microsoft-antispam-prvs: <DM4PR11MB5423E3DBF2F3E11F820225109F6A9@DM4PR11MB5423.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:6430;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 1cOUiKR4YC5Kd6mOOS50TktR3BlgxUIvgktVMNlaeIYxnYjS3FZIYSSwAMDxnsdtwh6g6Sy4G21rJBu4zqIDQxRSvbttQXaAdxsic0fRT4vS7+O3xEyTj0cot8sp/caxEmd90cRGcOvUmBi7iPjEa2ueLzTVavGU0Vk22wSLm8EX4BtvRiFABs18t8UlhPksNS80D0+fP4BaSt5W5yXF4dQgFfX/ZGC6YtN3+rfBidzd+gH2xf8xhM524UAJ7/q7vb6FHb1kRzd3vDx697eHpJ6Fh1WmWHK7X7b1cwuKgnG27xokheCdwLaThE4sUB3S54iYXZ0apa5ffTqfn1NHbmgQb8IEdQO+1LdENgiF3enmgls7NRTaU2HF/SQYOzlcd3BAWrfqME0XELJKCloiL/m+2aY22xlUiZ9Mmifl3xZMQs1bKM2iFSPurpss+XzkvxCnlT8FbCj/E1Cov7yfIDRVlCtuCnSIU5gp/ynxDzdU+wSD564fB5UVbCfQOQEmOKcrX5+jum0mHcZPwN3Q4HebqqUanVHdgyHcyxX31l7ngUVPAHCpQ7AvfUR6sDy5BfCq7XhLVDl/O9gAt0H0jiep4CNiHhVQwvSC4uOh2NycuN3IqsOO1dkmhnC7xulk7qdWdVAxvL15evT5YDhzuw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(346002)(39850400004)(366004)(136003)(376002)(396003)(4326008)(71200400001)(55016002)(83380400001)(8676002)(8936002)(9686003)(86362001)(66946007)(478600001)(5660300002)(966005)(66476007)(26005)(186003)(66556008)(64756008)(66446008)(76116006)(6916009)(2906002)(54906003)(52536014)(33656002)(53546011)(7696005)(316002)(6506007); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: 5du+1dqFA2sy6zwfcF7kj8Ico0gDqf2mceO+zQfQbvSbWJppgLhgG2J7tQz9oFgzeu0YymFO3JeCUc/EzwRw+KceNbytNEeYdc0M5kGVqgM40bLGvHqZTar7e+eTTwQ/cLlDdgtBbyQPx0OpbM81FJSWErFmK+3tqSw8zyGuVfjKImdjWNADTAAb53+H7zlhuxj9J5wFZG/2PsW/sN5KHv3QW6zQrfPDoRo/jYegUstHOOESlUgASe2rpqYQpepGcGF59hmmEX/Q5reJb8Hqzk5iJRmK7cWIt65PHaUTfoJhPzM59fDA/27xLxSLcZNlY6yl6Y7exPO3G+aFIDAAp76ZAN3GJWpl6++IiVYQi09VB1zHR4+YAHcNsrDRS2/V0VkolsKLJAEtJ1OMRD3ruaZI+HLTIu1i6WTrxPVDWULyy8UJAdJsvA0bPqu3XUcIaTKQL4Q7WFMdo9Mt29CNmvhmQAucqK5uK3o5Lt1lFw4/xtXqoNDhElBcx1aRZ5bhNUQGWkVJlhSgONq6oR84NSxkrBwH/ZKs/ugrr+w/XAUh6aeppF+XYMlsqz6BzqU9osdpdZz04fLW7xExrDAtrkW0RyAoURU1JKemC3yJAAJ5iFmOxZxQuSuNY3OpbKqYHoLaCIkHh3XrUcl0DNdT7pC4kB6hZ4Z4WzV9B4FXOWI10ZynIP79oTG4k8V24sN5XNP58upC4KIpRaaRux0DrJo0DvaITuQQF/U+kRNqo7BAKTpG8CoMQ6xAc36K8IsZR+gh90HIvd7bmPJ/u0diyGDPtoIZKy0wrleZdOCigTuxP7UKFOoJB1nFQYn2ELehdmzi1gST0ugNcGcpP6l8w5NZmNwxzHD2ld8zsd8emAOfVcC56pRlMot0gigKjy95PHSKWOCfRRW4xAOlPpWeSCmCU05rhxxRHR+J+noHhKOaS/F8hqfKDE3+rFr4GvlFfLugssdGXWqoYG1fK4j1jARdWz9s1PX/U9nPz4vVwDdbsozeC4GlmP9bzW5TACthbul3J9H+dRvNIzN+Zjyu3TWhtti/KsUO1OUGevS0IZc/LcwbOOuT3j1mL304lxFr9jCftYq6e9VFHJaciZpyUbDJuE5UjMt03ACqGgqqZNJJUZdV5MqaW9PKoeCt7gHxquQCbll8PJxWhgp0AnaaFlVK/oiTmX7qjI8vOmGhsAgjWQBjWQDv5d7E5uFnhVXnpNQT8XjZNhGLMkcE2ed6waQTmJWrAe0Jj8g3x5VC75/1fuQQ+/XoJscXPVOVzSddPp9IkodXPldvMDbVKjI6WlnS/9rQV15ZFQP6s21afzuoDqLUbvnhD8FHaqSaiXaQ
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a3249c7c-ec6e-4608-57dd-08d8e96658bf
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2021 17:01:45.7066 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: AWfRIKLcbsYzrffu0/8GL9rwAB8XJ67mwCKlX6kbq/jG8TJrvXRWOBXN72wuCibWqxf8c5CapizxwEyBRgtyjrv5InrFcyXS5tnBL94nSAE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM4PR11MB5423
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-17_11:2021-03-17, 2021-03-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 lowpriorityscore=0 mlxscore=0 phishscore=0 adultscore=0 impostorscore=0 clxscore=1015 spamscore=0 suspectscore=0 malwarescore=0 bulkscore=0 mlxlogscore=999 priorityscore=1501 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103170116
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/aFlT_DIbdKAPZDbIj2aW1Nxj3R0>
Subject: Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 17:01:53 -0000

> I see that page 9 explicitly refers to passwords - writing "We would like to specify suitable TLS cipher suite for use with pre-shared secret information, e.g., passwords"

> So it seems to me that in fact it does exactly what you've said it does not.

OOO, yeah, fair point. I missed that. 

See my last email: This seems like a lot of fuss over an optional TLS wrapper of an optional HTTP wrapper of a message that's already crypted using this shared secret / password / whatever.

If you want to challenge how this shared secret is generated and argue that it's in-scope for the CMP spec to put constraints on that, then that would be a fair discussion to have. Note that the original CMP (RFC 4210) just assumes the existence of this shared secret:

    5.1.3.1.  Shared Secret Information

   In this case, the sender and recipient share secret information
   (established via out-of-band means or from a previous PKI management
   operation).

    5.2.2 Encrypted Values
    
    Typically,
   this will mean that the sender and recipient have, or are able to
   generate, a shared secret key.

    Etc


Like, if you're gonna object to this shared secret, then you should object to it throughout the CMP protocol; only objecting to it in the optional TLS wrapper seems a bit bizarre.


---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Nick Lamb
Sent: March 17, 2021 11:53 AM
To: Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: spasm@ietf.org; hendrik.brockhaus@siemens.com
Subject: Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern

On Wed, 17 Mar 2021 15:42:40 +0000
Mike Ounsworth <Mike.Ounsworth@entrust.com> wrote:

> Hi Nick,
> 
> That's what PAKEs are for, right? If I'm following the TLS WG 
> properly, the TLS 1.3 PAKE draft (draft-barnes-tls-pake) expired in
> 2019 and PAKEs did not make it into 1.3. Is that right?

I have replied (and I see someone else also replied) mentioning the work to integrate OPAQUE. This may be too complicated for a "lightweight" profile or it might delay publication unacceptably but others will know better.


> Looking at Hendrik's slides and I-D, I see proposals for specifying 
> TLS 1.2 and 1.3 PSK cipher suites. I also see in the draft:
> 
>    *  The client MUST use its shared secret information for
>       authentication.
>    *  The server MUST use a suitable shared secret information for
>       authentication.
> 
> Nowhere does it refer to this shared secret as a "password".

When I examine these slides
https://urldefense.com/v3/__https://datatracker.ietf.org/meeting/110/materials/slides-110-lamps-lightweight-cmp-profile-updates-cmp-and-cmp-algorithms-00__;!!FJ-Y8qCqXTj2!M0SWNuT7Bi0EOo4JbSCfPLAyoFmNCsXICueBA0V_-eoDHDc42seJKkO31CRdsfhQnJTuPzCV1g$ 

Or I review the video on which I was commenting:
https://urldefense.com/v3/__https://youtu.be/DQQ4h_M1XYM?t=4453__;!!FJ-Y8qCqXTj2!M0SWNuT7Bi0EOo4JbSCfPLAyoFmNCsXICueBA0V_-eoDHDc42seJKkO31CRdsfhQnJStX5zA1A$ 

I see that page 9 explicitly refers to passwords - writing "We would like to specify suitable TLS cipher suite for use with pre-shared secret information, e.g., passwords"

So it seems to me that in fact it does exactly what you've said it does not.

It is a problem that so often a value envisioned as a 128-bit PSK - which would be safe for many purposes ends up implemented in real systems as a human readable password - which is much too fragile; and then actually used as a boilerplate value (ie users don't know why it's supposed to be a high entropy secret so they write the name of the company or something) and as a result a cast iron security guarantee in the design becomes so flimsy as to have no value in real usage.

Nick.

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!M0SWNuT7Bi0EOo4JbSCfPLAyoFmNCsXICueBA0V_-eoDHDc42seJKkO31CRdsfhQnJQFmFXU6g$