Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't needed
Mike Ounsworth <Mike.Ounsworth@entrust.com> Tue, 31 January 2023 13:11 UTC
Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3FE0DC14CE2E for <spasm@ietfa.amsl.com>; Tue, 31 Jan 2023 05:11:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WkMSoGR686C3 for <spasm@ietfa.amsl.com>; Tue, 31 Jan 2023 05:11:44 -0800 (PST)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63F2CC14CE2D for <spasm@ietf.org>; Tue, 31 Jan 2023 05:11:44 -0800 (PST)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 30V7lYQm021716; Tue, 31 Jan 2023 07:11:41 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=I1xTREKRdOEJ74nhNzlwex8tp7ZFmyEC8+ltrjB7oK0=; b=SgA5v19csqljxqsroKrxYC+pNc+KbhMEg2ZeK9oQITnIUgW+mqAmiLuxnu8xf8xBq0FE mvSQnGb4ZU2erWVKv7Kqob/ZqS76P5KtquH7j6f3RumaMYyBUlUbTr8k5NqQsENQK3pS h5eWzFZYzqHe66HrIiHiJzVSWFnBxDzoc2sWZATeCjfzmvcYDyNmjHx3WcUdoj20UC6b 53YAVXu7YVBIrxRgaT2fKEVG8lbb/OkVrQgndXT9eGkE+tTXtO8V2tgERx71hhXhO3Q+ V04IFyq1i3p5EV3M+Ew6C0gjNC8X0DJ97sJsRx5v5eMhkrHTSs9p704BsQiwkAamfzDq xw==
Received: from nam11-bn8-obe.outbound.protection.outlook.com (mail-bn8nam11lp2169.outbound.protection.outlook.com [104.47.58.169]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3nd196twxs-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 31 Jan 2023 07:11:41 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=QZzFaxxNh6fscxQD6VPHOBANL1qiQzThLMY9f1rNcZQR4b4rtAXWffIH+q/UdtL+ViCjlAc57Tbw7bOW21QE/hym7WrrQtyK265rToqPBzEKwG0JLIOOxCb/KuUlou5RI9M2alxoGZ36rd+8KqjnOZDjeGIiyPkEiPDgRR8nEnMN1kzsyjG6TIeY1T4tlJoSCZiMOsWSJjjW10gwk6AkgrZtS2LUD84lLpsQPVHvH8rH2Hr5m/XYjKT17IJUyI+ylRx+k917NddYRzag6fgq4nxapU0I7E4xaYlcTkS4lK/xhCVLwG+bzNcfY9T6MDWhKH4zYmgDn1+2EuUqlCeJTA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=I1xTREKRdOEJ74nhNzlwex8tp7ZFmyEC8+ltrjB7oK0=; b=BcGjJ6b69fHr0NDUsGt8nh+4fEaEE2uJfDqTUeHZm0dSY3h4VOEwBdZic8p4a+lBW1IwI5+pTOK/fQf+SfWfrIp4ogbujBFMurznQAy3eu8bSU9R/bV1HILbGjCwQTj7Tb0d2qMMjqRk6thSCGXJzagCjczhNAF/9d2qhPJryOqOshD7EVWT2QtIW06J7iLta6lWy0xCLzEhEdX+8HEs5+tNDhAXMVdUCofG+NUXm5LU15o96ByeAKpSBKTXUxNPqBswHKFW/rue9p3qho4Ip2o80p1JjtWGnc9X6BbQYWUEIqqLyGbutoZVqRqD054GdDbon2qBBfbrDo5NruTyDw==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by DS0PR11MB8136.namprd11.prod.outlook.com (2603:10b6:8:159::5) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6002.13; Tue, 31 Jan 2023 13:11:38 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860%4]) with mapi id 15.20.6043.038; Tue, 31 Jan 2023 13:11:38 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Ilari Liusvaara <ilariliusvaara@welho.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] Hybrid pkix isn't needed
Thread-Index: AQHZNEYdLfcavEmiTECHyprDlQzdea63RJYggAAKCwCAAP34gIAANY/w
Date: Tue, 31 Jan 2023 13:11:38 +0000
Message-ID: <CH0PR11MB57391B4CE0C22138DD0BDBE29FD09@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <CACsn0c=uPvp_hmakpfPff8WkYh1q9NhjfTJYs7iFu_czL2yAyA@mail.gmail.com> <DS7PR12MB5983E36300151BFC47E5CB34AAD39@DS7PR12MB5983.namprd12.prod.outlook.com> <CH0PR11MB57392033396F181A9853FAD79FD39@CH0PR11MB5739.namprd11.prod.outlook.com> <CACsn0c=n5TLZRywpRCQhpyoxX65OfA9p6e5iz9jKnnEVSX4zmQ@mail.gmail.com> <Y9jmR66krU5TL7cH@LK-Perkele-VII2.locald>
In-Reply-To: <Y9jmR66krU5TL7cH@LK-Perkele-VII2.locald>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|DS0PR11MB8136:EE_
x-ms-office365-filtering-correlation-id: b6d2300a-dd59-45be-782f-08db038cb018
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: FNh0Sf5dsf/Cz7hLAh082dMJLgfUHu8S4nl71RZ9/oDGAjG4Q0hp30LgZKuI77au4DxUtUZl9lMO2QojWuqXiy0vdiIeXT4zebGu67CzonZwh39C6a/CVoTt7Gqeww2MLqqqeu/HMGzAoZ41iyL5uPg1FK6o0+tWyYuWmkE9pG/nQH7WG0qVCYt1tjvj0duttqDYeiiXpMKzTnWQLOjZFbqZQqLoUKQ1KhiQYShfawdRDYXkz9SzIkA3lPdExeCvFrXOioWjc1FqNeCZ5sym05GoxNI9QvDtlK4gk3EkXLthj0sKoAvmoizO4K2kJTFzQZsvcsWOfN9c+R58/2c1oNRk0fut6dFg15amLh7oE7VbRTtLfheEG4zGcB6tht5poD9/76gkdzvuNdNqWs3huth2xKysbnYaxbAiakp3LYm4UxXJoM2NXM01s59FZkblJDA/Gm98sCMwwVgMAjAxVRMdTsGg+ZFRzO9UmWxdH/2OrdclI2xvQ9lnvu8sKMkqPrr1fdgzo3GjHc5ou6SXQ0KRBVJQLONmi9ZeYLWIXzz3oUPLSRCNLL92kmP3esreCf+Hi6h6LTek6scAPjWkd21qBIbQDYKqWoV623xHnAlBvRVdMNDu4Il3oLWgDR8O9Cj/Ru/drz0PlVZbs7QIzi8QijmBR61wcOczduGAE/nqv3Doh6ifAKidMIKuPfDo5o+SRxuh8vQ1vU731KbjPyxsZ+mLx01pbJhiWidKjoM=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(396003)(376002)(136003)(39860400002)(346002)(366004)(451199018)(9686003)(186003)(53546011)(122000001)(26005)(6506007)(2906002)(83380400001)(5660300002)(86362001)(8936002)(52536014)(478600001)(38100700002)(966005)(7696005)(71200400001)(38070700005)(41300700001)(55016003)(316002)(33656002)(66556008)(66476007)(64756008)(66446008)(76116006)(66946007)(110136005)(8676002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: OUL/esIKkLvvbGGaBrvwaOM8T0A2tsJIIQr7pDUSGkbVGvgIDmMa1/jkdfLBoMHCF/R+NcOedg0zlIrxQ74IrEQzpzfaZLH0MCkH1TmPIamfA0KaCwTxAzgOYKQ38bscFsgtyZxFK4rgdhbd7JIPElD8KZre3uLHfXwQGjJ+1voTkxQfF1M21qu9Sb+r0fRfBBPNzot+i2UT84OevIjL2I2N0MJvp+1su9uaryDIwjbfcRz1NqtQ9xZm+EJr96B0ArUHPM3Swr3CN0cYanYX/7vrfWruiOhAdOsxZFYrKCLL98jYZRSAAhWJM0+nFBMhGyF4IluqMrp0qajp9rvSFTlZYT58XA4y36HgVK6N8rZb8Dz1P3e9A3PqLiXWZHMPbZGnwBORmv0h4QmVWLKcXNK+/RNUfnK2rYpHQ8q+Y2t1tAYRr7kgRmKBeYuncZv9sb5H7VPrszKIuw/3mhmnTaQnm/3SNap4mnag0CEhkq47Ur+zk1xIo0Xnc+q+Mp7yAouTQ4KS4MmU2zFsuFVMkWGe/FEJ3Eh4JXL7F8ij31bseYemP/JYJe3beS5TaOFE3SLzc25HEpDDZMa+rXqwnqMbzVtucUHWI9FUi2lFqIJ63l6H9Po9XFX4YcbWfiQztiAk3NZRc7QYahSHNLOZccyC/9seQjc2pJVJq5fEQ4A99Vx+h/j9wWTwTZUcRmWh+E7LJLqWZd/9HORr31qIEruGXyM09smX3/Q0roEoj/zyiZTHPqKlYypywD7Y5RNOe1pGdYiCI9BcUsyQjBOPufnu4u8WkIjAw4J1GpNfxgygoZP1hXkvf+pAhCyrzfzHnQzNlVf3CGidaUD+ZLYP/+uUWWfFMTYCjhpA1k5qTI0/dPyS8sxzOPmJ3CbImiggznXqW3aQCjhQQgRN1tB4t7mj/E6Ym7mFxVrgJERLtQ8NH8mAW6eLO79zYEb5t4qxjrP+dzLCihOB3ckcrszoB7UlzCo7PPSuK750ixyj+WAwvurTi8ifhSuxPGTDGHRTbTWifYvsKjud/Pd8fmet9572jOOTjS9NV1bS9zZM00ccXTvI/tq5U/pg3bCW5+kDT7xiih4TzHuh/GfgLqe3OeltQKdpvfeRATdiLyEUhwFqc9IZmgCHocIDfXl6OiGRhB3IwPTZOTdr+lKZHfGRrQ5loIdRw/O/0P80G2CF0EHp69MBYmZNIH7XZCgTe/4ZAPMUpUdyWE2LVTo6nnENJsvYQ2VmM2a2TzqoxzTrfalmmNfoqomtNPFXSjBQeit4H+DnF3db92fFaI+RPokE8k8MIvMw4zp42mNvFLopX0IJdPt2NnqTxlxym6R8V9uUbrzlRvFYpr41WGKgHdvn9z6ASEvDD0t+m/dl3io1MbOz79Egjyy8bH9dHhaMV49+M/71PCNR6DiSyFMCGUSCenab4m12dddi8DOAml8lEh9C0Io52DO0CLyPY0hK2hg78XfoIpJcFiSB5BhpEI9kNnBQgQgSXRHWUF9EvwsfyMYTvZyt7vqMH3eVnLSEwuS8H0kUik3/UoKGhcGxJxK7fnRA5MLLBeF4VEzZf/SQGvD0/2dFQm632bHp4lwx/hsKH+51HorUih9aO2+3X9pVKA==
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: b6d2300a-dd59-45be-782f-08db038cb018
X-MS-Exchange-CrossTenant-originalarrivaltime: 31 Jan 2023 13:11:38.7443 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 9UTu6PtTSc9gyLDPR8gi7i3tZbWnmpPadatvGzt92VZi1mC4/OZlkwz9UQ11rGxGycZQEJWZm/7E5MY7hX1L0YaoO9TfUz4/TEZY901u+5c=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DS0PR11MB8136
X-Proofpoint-ORIG-GUID: nQlx1fPNnUfAY3sKefn8t6rYYq4Yl104
X-Proofpoint-GUID: nQlx1fPNnUfAY3sKefn8t6rYYq4Yl104
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.122.1 definitions=2023-01-31_07,2023-01-31_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 bulkscore=0 impostorscore=0 malwarescore=0 mlxscore=0 clxscore=1011 adultscore=0 suspectscore=0 priorityscore=1501 lowpriorityscore=0 spamscore=0 phishscore=0 mlxlogscore=936 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2301310115
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/biuG9NxnA_mng_bcESU8XqTqYyw>
Subject: Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't needed
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 31 Jan 2023 13:11:49 -0000
Hi Ilari, Just for my curiosity, are you saying that people are today issuing Kyber S/MIME certs from RSA or ECDSA CAs? Can you point to an example because I wasn't aware that was being done. --- Mike Ounsworth -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Ilari Liusvaara Sent: Tuesday, January 31, 2023 3:59 AM To: spasm@ietf.org Subject: [EXTERNAL] Re: [lamps] Hybrid pkix isn't needed WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ On Mon, Jan 30, 2023 at 10:49:32AM -0800, Watson Ladd wrote: > On Mon, Jan 30, 2023 at 10:30 AM Mike Ounsworth > <Mike.Ounsworth@entrust.com> wrote: > <snip> > > > For TLS or IKEv2, yes, signatures are less urgent than encryption, > > but in general you know that you’re fighting a losing battle here, > > right? Especially since the NSA in their CNSA 2.0 have marked > > code-signing as the most urgent use case to migrate to PQC. > > In that case what's the point of hybridization: you need very high > security due to lack of updates, you're not signing very much, so XMSS > or another hashed based scheme is the obvious choice. CNSA 2.0 specifies LMS or XMSS. And from what I can tell, this part is already active, so it is deployable right now (unlike say the asymmetric encrpytion parts). > > Another example is PDF signing; if I can factor the signer’s private > > key so I can modify and re-sign the PDF then what’s stopping me from > > also back-dating the timestamps? This is only possible after total breakdown of signature algorithm. And bad enough classical break would do it too. > > Yet another is S/MIME email certificates: you need PQ CAs before you > > can issue PQ encryption certs. Wrong. Trying the two together is a major security issue. The time- scales are just very different: - Not a problem: Attacker breaking the CA keys three years from now (when the S/MIME certificate has expired). - *CATASTROPHIC* (as in impossible to recover from) problem: Attacker breaking the encryption key 20 years from now when the information is still sensitive. > Why? There's nothing wrong with mixed algorithms in a chain. The > bigger issue here is root program policies about what can be signed. Yeah, for example CABForum S/MIME baseline requirements only allow RSA and ECIES for encryption. That would be a major problem once Kyber is standard. -Ilari _______________________________________________ Spasm mailing list Spasm@ietf.org https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!dJ682EDi7IPgc3CJvo8yk7XK2igYVLCVBXZJGcPO-_0wIFN6j52TT2DYrVdgrmQrNk6YOe04OoIeDoofA8SGGXgBQKFEIPRNJzM$ Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
- [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Michael Markowitz
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Tadahiko Ito
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Hubert Kario
- Re: [lamps] Hybrid pkix isn't needed Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] Hybrid pkix isn't needed Seo Suchan
- Re: [lamps] Hybrid pkix isn't needed Watson Ladd
- Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't need… Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Stephen Farrell
- Re: [lamps] Hybrid pkix isn't needed Tadahiko Ito
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Ilari Liusvaara
- Re: [lamps] Hybrid pkix isn't needed Carl Wallace
- Re: [lamps] [EXTERNAL] Re: Hybrid pkix isn't need… Mike Ounsworth
- Re: [lamps] Hybrid pkix isn't needed Phillip Hallam-Baker
- Re: [lamps] Hybrid pkix isn't needed Tim Hollebeek