IETF Logo Mail Archive

Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-cms-kemri-08: (with COMMENT)

Russ Housley <housley@vigilsec.com> Wed, 06 March 2024 19:50 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 76BAFC14F5FE; Wed, 6 Mar 2024 11:50:29 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.107
X-Spam-Level:
X-Spam-Status: No, score=-7.107 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=vigilsec.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id i0TcjAr2RIKU; Wed, 6 Mar 2024 11:50:25 -0800 (PST)
Received: from mail3.g24.pair.com (mail3.g24.pair.com [66.39.134.11]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5D73DC14F5E6; Wed, 6 Mar 2024 11:50:22 -0800 (PST)
Received: from mail3.g24.pair.com (localhost [127.0.0.1]) by mail3.g24.pair.com (Postfix) with ESMTP id B71721B3EB2; Wed, 6 Mar 2024 14:50:21 -0500 (EST)
Received: from smtpclient.apple (pfs.iad.rg.net [198.180.150.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail3.g24.pair.com (Postfix) with ESMTPSA id 832191B3CFB; Wed, 6 Mar 2024 14:50:21 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.700.6\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <170967324477.16274.1507677739698214583@ietfa.amsl.com>
Date: Wed, 06 Mar 2024 14:50:11 -0500
Cc: IESG <iesg@ietf.org>, draft-ietf-lamps-cms-kemri@ietf.org, LAMPS Chairs <lamps-chairs@ietf.org>, LAMPS <spasm@ietf.org>, Tim Hollebeek <tim.hollebeek@digicert.com>, corey.bonnell@digicert.com
Content-Transfer-Encoding: quoted-printable
Message-Id: <EB24D67A-1DAC-4895-B3F7-7DA162E6C4B9@vigilsec.com>
References: <170967324477.16274.1507677739698214583@ietfa.amsl.com>
To: Paul Wouters <paul.wouters@aiven.io>
X-Mailer: Apple Mail (2.3731.700.6)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=vigilsec.com; h=content-type:mime-version:subject:from:in-reply-to:date:cc:content-transfer-encoding:message-id:references:to; s=pair-202402141609; bh=frDWyln2pkJ7Zn9iEJ4pBUEu43By0e83wRLEnXUsPlo=; b=oYgyHlAYUrLqQHhvcBD0U3w7NPLkjvJXoZrmq8rEGDnEm2nYi160x1IKFyf7xapkQT2xuYBb+R9/HeYRs8u+OGLmXp9rECYu8hknPwQky7U1o5b+YwE6uBmvsGpq4xS02nz36pEaRvKWgtQFXm1WS+XHQcSEQbyVK/Mct9HkyekKELcmMJFUgNO2J294XhD0YFKqJnPVU8VBb1lXiY1XcWawt0cPZjpB1SXhVIyoHNYmxe04GLwjwcdUoXDa2gQKE0tH8jpmdFnrjQdafuD9dgG0SGcmHyPVQcij0Pqcqo7cE2oC3O+kt0LzIkKBfcWxcluNQBP6x0vlpIEpDCvweQ==
X-Scanned-By: mailmunge 3.11 on 66.39.134.11
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/hPkexLAGYYVbgrC9RFR0rMFqFos>
Subject: Re: [lamps] Paul Wouters' Yes on draft-ietf-lamps-cms-kemri-08: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 06 Mar 2024 19:50:29 -0000

Paul:

> On Mar 5, 2024, at 4:14 PM, Paul Wouters via Datatracker <noreply@ietf.org> wrote:
> 
> Paul Wouters has entered the following ballot position for
> draft-ietf-lamps-cms-kemri-08: Yes
> 
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
> 
> 
> Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ 
> for more information about how to handle DISCUSS and COMMENT positions.
> 
> 
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-kemri/
> 
> 
> 
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
> 
> Thanks to Brian Weis for the SecDir review. I think there are some good
> suggestions in there. Please take those into consideration:
> 
> https://datatracker.ietf.org/doc/review-ietf-lamps-cms-kemri-06-secdir-lc-weis-2023-10-24/
> 
> I had one question myself:
> 
>        Implementations that do not support the ukm field SHOULD
>        gracefully discontinue processing when the ukm field is present.
> 
> Can this field be present and empty/zero-length ? If so, does this
> affect the SHOULD above?

RFC 5652 says:

10.2.6.  UserKeyingMaterial

   The UserKeyingMaterial type gives a syntax for user keying material
   (UKM).  Some key agreement algorithms require UKMs to ensure that a
   different key is generated each time the same two parties generate a
   pairwise key.  The sender provides a UKM for use with a specific key
   agreement algorithm.

      UserKeyingMaterial ::= OCTET STRING

Then, this document says:

      ukm is optional user keying material.  When the ukm value is
      provided, it is used as part of the info structure described in
      Section 5 to provide a context input to the key-derivation
      function.  For example, the ukm value could include a nonce,
      application-specific context information, or an identifier for the
      originator.  A KEM algorithm may place requirements on the ukm
      value.  Implementations that do not support the ukm field SHOULD
      gracefully discontinue processing when the ukm field is present.
      Note that this requirement expands the original purpose of the ukm
      described in Section 10.2.6 of [RFC5652]; it is not limited to
      being used with key agreement algorithms.

So, this syntax does allow a zero length OCTET STRING, but that would not be useful.

I'll add a sentence to this document that requires the UKM to be at least one octet if it is present.

Russ

v2.23.0 | Report a Bug | By Email