Re: [lamps] [CFRG] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022

Orie Steele <orie@transmute.industries> Fri, 16 September 2022 16:57 UTC

Return-Path: <orie@transmute.industries>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB917C14CE44 for <spasm@ietfa.amsl.com>; Fri, 16 Sep 2022 09:57:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.096
X-Spam-Level:
X-Spam-Status: No, score=-2.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_REMOTE_IMAGE=0.01, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=unavailable autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=transmute.industries
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZXGMAMHIwVK for <spasm@ietfa.amsl.com>; Fri, 16 Sep 2022 09:57:03 -0700 (PDT)
Received: from mail-ej1-x62d.google.com (mail-ej1-x62d.google.com [IPv6:2a00:1450:4864:20::62d]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6C1C4C14CE39 for <spasm@ietf.org>; Fri, 16 Sep 2022 09:57:03 -0700 (PDT)
Received: by mail-ej1-x62d.google.com with SMTP id l14so50827376eja.7 for <spasm@ietf.org>; Fri, 16 Sep 2022 09:57:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=transmute.industries; s=google; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date; bh=QeQgdpIZwd7dbC/B3AkHbDlUUGmQeo1GBka8ByA4AyE=; b=Ll/3esLsKitR9ED457ebVDOFiH/wvBaJDxypQDc1wDtXVtCeELtxlBps/9TyYC9218 Nn9/CdmtYgYJ/Hyk1mo9RwlAbRHcQ1cLg48JliHckYGLtvbWHDDzTntKdr6cuIyEXec6 QaKTfyiI7nlbb3mJrZCFQz3RLOYUHMqNEq1y2u0SJd+ogfDMN7m66ibJUHayRjr+ALTX cMw1nk6AeDWXO6k/JA+Rag0A+RLrNcL4Kx75DgDJta1s8egwdVHfpZp6XXFBDPisBT/9 4Xz8ylLMH4Kik33HSyw31xPG4ts39PQtbXATwTDLnTPWNSD2Du49SDEAYFPYpDbdaLiD ZzhQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date; bh=QeQgdpIZwd7dbC/B3AkHbDlUUGmQeo1GBka8ByA4AyE=; b=shSuLl6uAaxWeC7PbsogZYtL4POZBgEVRPvZegMdee90XbekrBTNyiM6d4/HMMpGG8 jQ0tSMsVWTaU1j/1YfC7zTU38xtUJDM0D6ooqSrbpKRGYbE6i7cTu8lG1vEThZywxXme nw6n4RhGWO46W7mAvMTBNDLswmiXVhDzLaROXWo6iw11nPjBs5cjDPl2gUBsJKoOAF4k fV71Ad3dMQn2LeoYGaMnqwTTVlL0JLLG89WBbP+u/TeSnR9bYV3lBRX7x8FmiYEqTD0P Gi6ccCg0sZlV13htLLlPX7OJE3K4oYJbyRf21sHivwukKZ0m5bcQ7+kHPbH8fIMmCaOM 6kDA==
X-Gm-Message-State: ACrzQf0FTuUi+hwjFm6A4cX9vwX2hGkgBGFOwIF6iw8ppz+mIJrXTx23 BR/8urOkq+E7iGmsxzjWYNz4XyUkoKxRf8NnahiuFg==
X-Google-Smtp-Source: AMsMyM6h2C2oME9F+FEG9NuswMWnfHGe6MZOYnBlSgAe0KO3PF585a6Ze4vO7KWBo9II6VAwiHUU/uARQFziuIDX8xo=
X-Received: by 2002:a17:907:6ea7:b0:780:840:f050 with SMTP id sh39-20020a1709076ea700b007800840f050mr4395850ejc.394.1663347421623; Fri, 16 Sep 2022 09:57:01 -0700 (PDT)
MIME-Version: 1.0
References: <4026D3B2-9390-484F-8A10-43E135441998@vigilsec.com> <CADqLbzJjBpPF+6bZ2E2r_eXKFmzCcd5i8H_ZV7O0Dg9Kg+i1xw@mail.gmail.com> <AB126236-D280-4922-A711-CE4C2948C6B3@vigilsec.com> <CADqLbzJF1YYPMpHF3q4NfD-VMG6UM3QdtT33WcL7QE7D8mUvTA@mail.gmail.com> <CADqLbz+ZgNvynnOOH0g13GKMegKrgAghJmTJr=C2pAtYo45X5Q@mail.gmail.com> <02E791EC-13CF-4C23-9BAD-A29938C9B2CF@vigilsec.com> <CADqLbzJtuxY9wdPE1iC3O=NFS8JnojuspbJBXN_=FZ2=4dfg=Q@mail.gmail.com> <D49B24A7-10D1-424E-B1C6-6202343F99F3@vigilsec.com> <68F68C22-B0DC-452D-B8BC-CE4B8B53B664@vigilsec.com> <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
From: Orie Steele <orie@transmute.industries>
Date: Fri, 16 Sep 2022 11:56:50 -0500
Message-ID: <CAN8C-_L9BoadP3chLXW6JCR0Q-VZCOs05DmwPP3JTPnOc8S+2g@mail.gmail.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Cc: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>, Mike Prorock <mprorock@mesur.io>
Content-Type: multipart/alternative; boundary="0000000000003452a005e8ce401c"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/bnzbea09e_MKsjHmyGt-niA5FH4>
Subject: Re: [lamps] [CFRG] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 16:57:08 -0000

+1

especially to this part:

> - You can externalize that first hashing step of the Dilithium / Falcon
sign / verify algs outside of the crypto module without breaking interop,
but doing so will need to be mentioned in the standards, and will need
security review.

We were concerned about the potential impact of this on
https://datatracker.ietf.org/doc/draft-prorock-cose-post-quantum-signatures/

It's not clear to me if we would need to make changes, or take a dependency
on a CFRG related item.

Unsure if I should be adding the cose list here as well, but happy to
support however I can.

Regards,

OS


On Fri, Sep 16, 2022 at 11:46 AM Mike Ounsworth <Mike.Ounsworth=
40entrust.com@dmarc.ietf.org> wrote:

> + CFRG as this is request for crypto security review
>
>
> Sorry for the late reply,
>
> Could I get a slot at the LAMPS interim to discuss the hash-then-sign
> issue for Dilithium and Falcon?
>
>
>
> Issue summary:
>
> - Needing to stream your entire message to your crypto module is dumb
> (think streaming an entire firmware image to your network HSM for
> code-signing, or to your TPM for secure boot validation; yuck).
> - You want to send just a hash.
> - Both Dilithium and Falcon have, as their first internal step' a hash of
> the message prepended with a nonce (the pubkey for Dilithium, and a random
> r for Falcon), I assume in order to block pre-computed collision attacks.
> - If you, for example, do SHA256(m) before calling Dilithium.sign(), then
> you have re-introduced that collision attack.
> - You can externalize that first hashing step of the Dilithium / Falcon
> sign / verify algs outside of the crypto module without breaking interop,
> but doing so will need to be mentioned in the standards, and will need
> security review.
>
> ---
> Mike Ounsworth
>
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
> Sent: September 8, 2022 3:21 PM
> To: LAMPS <spasm@ietf.org>
> Cc: Tim Hollebeek <tim.hollebeek@digicert.com>
> Subject: [EXTERNAL] Re: [lamps] LAMPS Virtual Interim in Sept. 2022
>
> WARNING: This email originated outside of Entrust.
> DO NOT CLICK links or attachments unless you trust the sender and know the
> content is safe.
>
> ______________________________________________________________________
> A few things for tomorrow have come up, which prevented us from picking
> that date.  So, we care going to hold the LAMPS Virtual Interim on 19 Sept.
> 2022 at 9:00 Eastern.
>
> We already have two agenda items.  Please let us know if you want to
> present on another topic.
>
> Russ & Tim
>
>
> > On Aug 24, 2022, at 12:07 PM, Russ Housley <housley@vigilsec.com> wrote:
> >
> > Two agenda topics did not get covered at IETF 114:
> > - draft-perret-prat-lamps-cms-pq-kem
> > - draft-kario-pkcs12-pbmac1
> >
> > There may be other topics that have progressed enough to need some
> discussion.
> >
> > Tim and I think that 60 minutes will be enough to to cover these topics.
> >
> > Please fill out the following poll to help us find the best time for the
> meeting:
> >
> https://urldefense.com/v3/__https://doodle.com/meeting/participate/id/dN9x14vb__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfYwZA0K4$
> >
> > Russ & Tim
> >
> >
> > _______________________________________________
> > Spasm mailing list
> > Spasm@ietf.org
> >
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
>
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$
> Any email and files/attachments transmitted with it are confidential and
> are intended solely for the use of the individual or entity to whom they
> are addressed. If this message has been sent to you in error, you must not
> copy, distribute or disclose of the information it contains. Please notify
> Entrust immediately and delete the message from your system.
>
> _______________________________________________
> CFRG mailing list
> CFRG@irtf.org
> https://www.irtf.org/mailman/listinfo/cfrg
>


-- 
*ORIE STEELE*
Chief Technical Officer
www.transmute.industries

<https://www.transmute.industries>