IETF Logo Mail Archive

Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern

"Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com> Tue, 16 March 2021 17:43 UTC

Return-Path: <hendrik.brockhaus@siemens.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2127A3A152E for <spasm@ietfa.amsl.com>; Tue, 16 Mar 2021 10:43:08 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.901
X-Spam-Level:
X-Spam-Status: No, score=-1.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=siemens.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uKK-iqo8Tc-x for <spasm@ietfa.amsl.com>; Tue, 16 Mar 2021 10:43:06 -0700 (PDT)
Received: from EUR05-DB8-obe.outbound.protection.outlook.com (mail-db8eur05on2053.outbound.protection.outlook.com [40.107.20.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 09DF73A1514 for <spasm@ietf.org>; Tue, 16 Mar 2021 10:43:05 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=fhzwdN+YgoxvGRH5z7W8Fzm7qsYyFdplHubFBL6NPBE9PDq70ceNrd5nf5pw228fSNxiVgh1LZ+qwpvTrGWS0CrKQwHUPYCEU9AVcAizboeXglHFN+q8oDhhizlCprXzZKn+/ye93eLT6FvvAB73Tcu3Jmr8h3UCjafzHKSI5hbv1mihpOLHjM1b7WVpSmfMTLApnE4bEtAB+BoP+Llw4VAHA1Sc9rBwSrpo8ZlJ8a404lr6TnQ4I2a357dNR3cXhmN6JsOfffe2D8LmesTG5zQDosndoQdfvEtVXAVX48Q48E4cReOQaRZCenBKtDmPKn/TLJ+9etPfDFnCCkBqZQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eNQTtq6BcnfFldRvIeHFytDy4XOg9EMGXX8vP+mZyBE=; b=Bo5moi5oohzTX9SxYtz3BnvxYZsWHRCpa0GIz54JPNEBdDeVGbNCho67dIrWATg7YW0fPvmECm0PpR3++lIV9+mkoh0s1Pb9uBw6ucdobJUupeuIVKDU0I5CBDnrEKwqmXcGZrkF8VdEQzra+wkNoEx2lMb8sz4RhQe6zhrBTes72Pfi2O9kaYIdncvlfgCY5MXCg6yDSfdhN5z2zMeufFJL2eNln0nFdbgmOB2gFSDZx7Wl9I/9fCtyV/DA0OGV1GtfNoOCGiObEfHMaVqWhPReht8oSqVnTcraAEFwYIjm+UMT5eF01YrcT1cGNwnl6stFYrTnGDD8BK/8g4+4eg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=siemens.com; dmarc=pass action=none header.from=siemens.com; dkim=pass header.d=siemens.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=siemens.onmicrosoft.com; s=selector1-siemens-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=eNQTtq6BcnfFldRvIeHFytDy4XOg9EMGXX8vP+mZyBE=; b=YxkmTNIRibxB54JsvXFNzF0Ra/fqZ5EH1VuiW3OZW8PjpPOnlTYVSEjXimdHtzfGIx5qXVqKW2cviX8s0tz73XgvjgG6nqvculmY2cudOUcGv1Vv5dMM+WgCcUqd+nQ79d+XJriX278X+Gw7Dl/9tHRf+vSYdSn+uKxbHRORTzk=
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:208:dd::17) by AM0PR10MB3489.EURPRD10.PROD.OUTLOOK.COM (2603:10a6:20b:15c::24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.31; Tue, 16 Mar 2021 17:43:04 +0000
Received: from AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1]) by AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM ([fe80::d199:e33a:ff08:75b1%3]) with mapi id 15.20.3933.032; Tue, 16 Mar 2021 17:43:04 +0000
From: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>
To: Nick Lamb <njl@tlrmx.org>
CC: "spasm@ietf.org" <spasm@ietf.org>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>
Thread-Topic: draft-ietf-lamps-lightweight-cmp-profile-05 concern
Thread-Index: AQHXGoAwkx/9x+pYNEWcYdXgbguM+KqG3Ewg
Date: Tue, 16 Mar 2021 17:43:03 +0000
Message-ID: <AM0PR10MB2418001C019DC5B21F814D95FE6B9@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM>
References: <20210316161932.6e2d2075@totoro.tlrmx.org>
In-Reply-To: <20210316161932.6e2d2075@totoro.tlrmx.org>
Accept-Language: de-DE, en-US
Content-Language: de-DE
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
msip_labels: MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Enabled=true; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SetDate=2021-03-16T17:43:02Z; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Method=Standard; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_Name=restricted-default; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_SiteId=38ae3bcd-9579-4fd4-adda-b42e1495d55a; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ActionId=4e8f8938-b661-4137-8a60-83fbfc815529; MSIP_Label_a59b6cd5-d141-4a33-8bf1-0ca04484304f_ContentBits=0
document_confidentiality: Restricted
authentication-results: tlrmx.org; dkim=none (message not signed) header.d=none;tlrmx.org; dmarc=none action=none header.from=siemens.com;
x-originating-ip: [147.161.169.4]
x-ms-publictraffictype: Email
x-ms-office365-filtering-ht: Tenant
x-ms-office365-filtering-correlation-id: b961348d-7a11-49d4-7546-08d8e8a2f386
x-ms-traffictypediagnostic: AM0PR10MB3489:
x-ld-processed: 38ae3bcd-9579-4fd4-adda-b42e1495d55a,ExtAddr
x-ms-exchange-transport-forked: True
x-microsoft-antispam-prvs: <AM0PR10MB3489D7706269B428D6CC6147FE6B9@AM0PR10MB3489.EURPRD10.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:9508;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: yJX6PotBjbo1pflJ5INbzzwb+8nTlDzfDEvuMc0ydqLfplYynZBIsb45/Z9qfgPB7nGTQELDAlZ9objENOfCbZNzHhd50QcH1JjhuvXxlXEC0uAlcUD9AvtOn0YTGAumYWq9qjduUAovbbhBD1h5Wd0DpwBLZrr01WCdjiACqhT8jsyGbslsNBHo1Wrm000D52tUFq/5zTTD+RGTq7udwUBAbiBsT3yV1qdsPhF+XCfADzEfpPHR6Hd10e2dYja1ff9oxFgBvnx4zQ1ALrx3vb9X3uORnEF210c8gFa0D0XbrPdFSo0DnBXYj0LVWii5zO/bLPSx2kmCE4rvvoq/zU52cwD7SyWR3XTmKPH+rJgAbgF5FmliSRfxrhSyATwdR8Ecd4MrsIJljpDxXZmO4gH8mQlD31dBKpCcZKznFsuPQslq/LqquJnsgDq/HvxXOAF7i0qhq+zko+f1/eLGTg1iWYCWXix36gKNwfVCZIWhiMQR76gpI92Z4MvHx/Yz7XJG2nfdi0EzCiJTzb6f36BKPVyqDP0C1PtqYsczu5p7CI5rfr1GIwFKCULD5I3W
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(4636009)(376002)(136003)(39860400002)(346002)(366004)(396003)(478600001)(6506007)(4326008)(8936002)(186003)(2906002)(83380400001)(8676002)(52536014)(107886003)(316002)(9686003)(54906003)(33656002)(6916009)(76116006)(66476007)(66946007)(86362001)(66556008)(55016002)(7696005)(26005)(66446008)(64756008)(5660300002)(71200400001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata: csHZHlTO6f1B0WVLwhIVYqCLB454iZ6EiMvZib4nNwxM0UpqYhsm+nNWVoSiejnH+Q1gk56AnAw3sQrq65ikEDRGdOZVGKWv7iYiPNvY9Ngkd4rgqin5YM8tmLfOSv3zuc5hPIVEHXCREpD9LlUYdxC3TOvWcxl5Ie2LijZzRe5pta0m4drW53cSe5DHDst1e26ZAHObZwt/uyRt7BYAhpp/D74e8uNKJanBJFA2I4RFW09e9wMQKFZ9O+TkSWqcmPhn0pjAQ0rO1W2QNHrDiP2SrIxeJ8owq0Jro1LNeXQUObbFU7aLyy+1K42I5MrXqX8eUnMMBtLlEIZnx1q+Y+h7Wk9KUlnwWo7C0H0kffAN66bKl7yd1N6JeLd/QcKbjkuv7UXngUfFylmEK7ZSU8XTGY/1O1vjsknV4GwGhjVEnzV52lBeYwOJrNuQG6PSsKEBIcw4BbTkL1cCnST9jyMOqzTFl5vqlF1AyJb5ebY+A3Qb4fYPyS7CeULpk8wsLg/tBUVttgOni+mJghAsgVix0z3XPfJH0vD9Yk+88HkdVE6gg01u/bdWAeYG4Bx3A11Djdxquhyj43vxzt206sLO5OHd994994FHUsrN24AIBD+httoGlgEhXyk63cQGperfM8daU7APE7l5rjaIrZK/PysbKN4YbnQw7AtLt9pGOgpyFKxp0mHFuFlDa9a7i9Lu0drN29HLtkpYVk6X2ucZIXEEKt0o34a0Wx7oU3c3+B9td/pMEzQ1Eoq8PeAHTeUOfoBHZBEZNNXamP6FDUhc9zls88QQlwWssm/oHP2cixHpvjXtIFLiYdo8+CzNfTcQVSrZu3PbISMDNHRQHQBTDMV5irjOCXWH6pADajx+ngmFAxkNrI1JJKwRCzXj0gndkpQ/zLPD6ENnUcoiS7NIppB0/k19tuY3eMBlFvCzdpD50+Rr1YQlDxodlgk5O9VGPDPUdgWl2SOyy1EfvhIgbf/RKUSJ1fsI3263j4ses9nDMTjgC7K74XiyntjNCgQhgyzb1dnT/5URlBHlBbsKeRP5IlqtfvrzbRNenGzDpaDcoRK9GCANYJmNWfMlhRU3Pc6bs0B9/k2+zmdD+tTGZBBkQ5UxDJOi6d2Yp6xE/XmgtI6bWrY0Ale++BjaXZX9XOU8mhyoVs4eBLkEd1OKzNVJ1LniGSiVPy18t3gtOa90RBmf/CZoW0V0Wf8FO0xf+RH6mq4PzENwRQZcmyAntgpo+XxTD7queg3M7ZAsFyqlorL+B9GTf+WLMbTHoPjngDNE/h8+mHdumUSVSktuOgyDJ/zl4eFyXN1faSzJ4V3SjO00NlCqoOhUxea4
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: siemens.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: b961348d-7a11-49d4-7546-08d8e8a2f386
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Mar 2021 17:43:03.9897 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 38ae3bcd-9579-4fd4-adda-b42e1495d55a
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: iDRQ6LV6Lz421/JFToxjaYzeV5yqVzKLi4CPGs7O5sMVoi81o7XIxHz0TkgTEbA9EKKXkg24gC3Ltc/lIgL/9mib6qrHWjQWgFgV49ow9bE=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: AM0PR10MB3489
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ay6PFnzk0xLRrH_SmPVwhgmwB3g>
Subject: Re: [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Mar 2021 17:43:08 -0000

Nick

Many thanks for your feedback. 

> Von: Nick Lamb <njl@tlrmx.org>
>
> I noted with concern that the presenter suggests TLS 1.3's PSK modes are
> suitable for use with a password.
> 
> This is _explicitly_ not the case. To quote RFC 8446:
> 
> "Deriving a shared secret from a password or other low-entropy sources is not
> secure.  A low-entropy secret, or password, is subject to dictionary attacks
> based on the PSK binder.  The specified PSK authentication is not a strong
> password-based authenticated key exchange even when used with Diffie-
> Hellman key establishment."

I am aware that passwords with low entropy will only result in shared keys with low entropy.

> If CMP or LAMPS generally needs a way to use passwords to authenticate TLS
> it's worth reaching out to the TLS WG to ask them what you should do here, or
> contrariwise if this profile for CMP is to use PSKs it should likewise make explicit
> that you must not use passwords and similar human memorable low-entropy
> secrets.

Finally using shared secret information, e.g., OTPs or passwords is definitely not the main line for protection of CMP messages.
Also, TLS is not the only protection, but an additional layer for CMP, as CMP offers object level security.
When using shared secret information for protecting CMP message integrity we move from the old password-based MAC mechanism specified in RFC 4210 and RFC 4211 to PBMAC1 to improve the security here. Russ submitted the draft for updating RFC 4211 in this regard (draft-ietf-lamps-crmf-update-algs) and I did the same for RFC 4210  (draft-ietf-lamps-cmp-updates, draft-ietf-lamps-cmp-algorithms).

I struggled to provide some guidance on which cypher suites to use with shared secret information together with TLS in the Lightweight CMP Profile as presented during IETF 110.
One option is also to drop these recommendation, if there is no adequate cypher suite to be used with shared secret information and TLS 1.3, as TLS is not required for protecting CMP messages.

Any recommendations are welcome.

Hendrik

v2.23.0 | Report a Bug | By Email