[lamps] Problems with the current ALGORITHM information object class
Erik Andersen <era@x500.eu> Mon, 11 May 2020 07:05 UTC
Return-Path: <era@x500.eu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5F8BD3A07DC for <spasm@ietfa.amsl.com>; Mon, 11 May 2020 00:05:20 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.695
X-Spam-Level:
X-Spam-Status: No, score=-1.695 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GqDo5mg4wdK3 for <spasm@ietfa.amsl.com>; Mon, 11 May 2020 00:05:17 -0700 (PDT)
Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E50913A07A1 for <spasm@ietf.org>; Mon, 11 May 2020 00:05:16 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id A231F40691F1 for <spasm@ietf.org>; Mon, 11 May 2020 09:05:13 +0200 (CEST)
Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id B7Uqt-oKxsz7 for <spasm@ietf.org>; Mon, 11 May 2020 09:05:12 +0200 (CEST)
Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id C3A3340691D2 for <spasm@ietf.org>; Mon, 11 May 2020 09:05:11 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1589180712; bh=gRxQAUWdHWZjaXCzGFTRH+aMkfcZiuTrKcH+csQ+K7k=; h=From:To:Subject:Date:From; b=KdDLPt90u/ev4QUxq0h9fXHpJupaaY2ml3yOkKe+5wcqP+JszzRKpJ1Cb72/YqMic CsiSqTSdmHGiyV5Yrw0G6kO0EE5fzpZzrAm+M7fKs9x3qzFx9bHvhAFYSivYJifLHT 9DOMxM3Mh3JQSEt50kCjSrTOz9vyvPn6a6EiCeU+nd46OjZrwvRHJN0Jcq9rITnejo 6CQMxUrPZx1FmnspcIeAuj7Ev54/qdzoN0O55WrTMMao/mMMTWXb1wNy2C5iCynkPN PM8/D0833Jfr2Y88KnUBEXNJmVbynds1COxx8LR++aBPaViALuF2NqcVT4+QVqV+3d 4177WGLf6LK5g==
From: Erik Andersen <era@x500.eu>
To: LAMPS <spasm@ietf.org>
Date: Mon, 11 May 2020 09:05:11 +0200
Message-ID: <000001d62762$8385a360$8a90ea20$@x500.eu>
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0001_01D62773.4710E460"
X-Mailer: Microsoft Outlook 16.0
Thread-Index: AdYmysgWP4xsKPedQly3iSGlHws7SQ==
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/eC8RaoO8qGzoUdA9JtJv2VHJi1Q>
Subject: [lamps] Problems with the current ALGORITHM information object class
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 11 May 2020 07:05:21 -0000
In our work with IEC 62351-4 and X.510 we have identified a limitation with the current ALGORITHM information object class. The current definition is ALGORITHM ::= CLASS { &Type OPTIONAL, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [PARMS &Type] IDENTIFIED BY &id } The PARM field is used for defining parameters associated with the algorithms. However, the parameters are of two types: 1. Parameters that provide additional information about the procedure to be applied according to the algorithm. An example is ecPublicKey, where the parameter value is the elliptic curve to be used. 2. Parameters that specified the syntax of the value to be used when the algorithm is deployed. An example is the AES algorithms that require a value of the parameter transferred together with the encrypted data. This causes problems when negotiating the use of algorithms. When specifying ecPublicKey algorithms in such negotiation, the parameter value is relevant. When specifying AES-CBC in such a negotiation, the random value of some InitializationVector is not relevant. This make algorithm negotiation cumbersome. We have therefore suggested to extend the ALGORITHM information object class in the following way. ALGORITHM ::= CLASS { &Type OPTIONAL, &DynParms OPTIONAL, &id OBJECT IDENTIFIER UNIQUE } WITH SYNTAX { [PARMS &Type] [DYN-PARMS &DynParms] IDENTIFIED BY &id } A suggested update to the ALGORITHM information object class is attached. It also includes three derivative parameterized data types. By using those data types it has been possible to define the wrapper protocol without "hard coding" specific algorithm details, e.g., we have avoided a specific component for an initialization vector. This has allowed different cryptographic algorithms to be used for different communication instances make life a little more difficult for adversaries. Certain algorithms have to be redefined, which could cause some negative reactions. As an example the aes256-CBC algorithm must be changed from aes256-CBC ALGORITHM ::= { PARMS AES-InitializationVector IDENTIFIED BY { aes 42 } } To aes256-CBC ALGORITHM ::= { DYN-PARMS AES-InitializationVector IDENTIFIED BY { <some OID> } } However, most algorithms do not need to be modified. The current version of X.510 may be found at https://www.dropbox.com/s/i7mizfvoy9uo21x/x510.docx?dl=0. Any comments? Best regards, Erik
- [lamps] Problems with the current ALGORITHM infor… Erik Andersen
- Re: [lamps] Problems with the current ALGORITHM i… Russ Housley
- Re: [lamps] Problems with the current ALGORITHM i… Russ Housley
- Re: [lamps] Problems with the current ALGORITHM i… Erik Andersen
- Re: [lamps] Problems with the current ALGORITHM i… Salz, Rich
- Re: [lamps] Problems with the current ALGORITHM i… Russ Housley
- Re: [lamps] Problems with the current ALGORITHM i… Erik Andersen
- Re: [lamps] Problems with the current ALGORITHM i… Salz, Rich
- Re: [lamps] Problems with the current ALGORITHM i… Erik Andersen