Re: [lamps] PQC KEM algorithms in CMS - new draft RFC is available
"Kampanakis, Panos" <kpanos@amazon.com> Wed, 26 January 2022 19:14 UTC
Return-Path: <prvs=018a68fdd=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 749F93A1C99 for <spasm@ietfa.amsl.com>; Wed, 26 Jan 2022 11:14:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.172
X-Spam-Level:
X-Spam-Status: No, score=-10.172 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.576, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Ha2qAKRMXVPh for <spasm@ietfa.amsl.com>; Wed, 26 Jan 2022 11:14:27 -0800 (PST)
Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1D3903A1C95 for <spasm@ietf.org>; Wed, 26 Jan 2022 11:14:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1643224468; x=1674760468; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=nW+6j9q8E/dd1nK0FRepBaQmtIVX5MWut5E21zuICSs=; b=Mhjkw6kSKWZDlTYhTAdOzW/QDtQS28lP7Vfw1JmRrO5i8Go0pqji9Vxc CD7mTwliSQ2nAVhw7ZpYc4b9gaadMCRuybjou3PUUp7mw9BQeD3J2rWZS 6gKKARJ0MqHnC9DiXuB78TRf9VWIgjKKmw7tmUspKYjNOGjy/OnCps+EP 8=;
X-IronPort-AV: E=Sophos;i="5.88,318,1635206400"; d="scan'208,217";a="168752012"
Thread-Topic: [lamps] PQC KEM algorithms in CMS - new draft RFC is available
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-pdx-2b-5a09360d.us-west-2.amazon.com) ([10.43.8.2]) by smtp-border-fw-2101.iad2.amazon.com with ESMTP; 26 Jan 2022 19:14:16 +0000
Received: from EX13MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan3.pdx.amazon.com [10.236.137.198]) by email-inbound-relay-pdx-2b-5a09360d.us-west-2.amazon.com (Postfix) with ESMTPS id 01BF941ABF; Wed, 26 Jan 2022 19:14:15 +0000 (UTC)
Received: from EX13D01ANC001.ant.amazon.com (10.43.157.154) by EX13MTAUWB001.ant.amazon.com (10.43.161.249) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Wed, 26 Jan 2022 19:14:12 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D01ANC001.ant.amazon.com (10.43.157.154) with Microsoft SMTP Server (TLS) id 15.0.1497.28; Wed, 26 Jan 2022 19:14:11 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.028; Wed, 26 Jan 2022 19:14:11 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Julien Prat <julien.prat=40cryptonext-security.com@dmarc.ietf.org>, "spasm@ietf.org" <spasm@ietf.org>
CC: "ietfcns@gmail.com" <ietfcns@gmail.com>
Thread-Index: AQHX55lKBanfCUASg0CpYJ77T7njaqx1+6TA
Date: Wed, 26 Jan 2022 19:14:11 +0000
Message-ID: <5945af87bce74259b3bd6bbcb99fe6c0@EX13D01ANC003.ant.amazon.com>
References: <720a188c-b066-c755-1a3a-6818c01243eb@cryptonext-security.com>
In-Reply-To: <720a188c-b066-c755-1a3a-6818c01243eb@cryptonext-security.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.156.164]
Content-Type: multipart/alternative; boundary="_000_5945af87bce74259b3bd6bbcb99fe6c0EX13D01ANC003antamazonc_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/hpwv9ZX9vQ4NtZ3o6inkNej95zU>
Subject: Re: [lamps] PQC KEM algorithms in CMS - new draft RFC is available
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Jan 2022 19:14:32 -0000
Hi Julien, Sorry for the delay. I was of the opinion that pursuing a more modern Hybrid KEM approach would be better. I think we should move away from the RSA-KEM (RFC5990) approach and follow HPKE currently specified in CFRG https://datatracker.ietf.org/doc/html/draft-irtf-cfrg-hpke . They are similar. The basic differences are - (EC)DH can be used as a KEM which prevents the sender for controlling the shared secret completely. ECDH is also pretty efficient. - better key derivation with HKDF schedule (Extract-then-Expand) - better hybrid combination for classical ECDH and PQ KEMs. - AES-GCM instead of AES-WRAP I am not sure if you see value or if I could change your mind on this draft. I do believe CMS would benefit from hybrid KEM for encryption that are quantum-resilient and this draft would provide that. Rgs, Panos From: Spasm <spasm-bounces@ietf.org> On Behalf Of Julien Prat Sent: Thursday, December 2, 2021 11:26 AM To: spasm@ietf.org Cc: ietfcns@gmail.com Subject: [EXTERNAL] [lamps] PQC KEM algorithms in CMS - new draft RFC is available CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. Hi LAMPS, A draft RFC related to the use of a Post-Quantum KEM algorithm in CMS is available here : https://datatracker.ietf.org/doc/draft-perret-prat-lamps-cms-pq-kem/ It is basically a generalization of the RSA-KEM mechanism previously defined in [RFC5652] that could be used with any KEM algorithm, including the future NIST standardized Post-Quantum KEM algorithms. Please don't hesitate to provide some feedback and comments to improve it! Thank you in advance for your help. Regards, -- Julien PRAT Cryptologist & Lead Developer at Cryptonext Security<https://cryptonext-security.com/> julien.prat@cryptonext-security.com<mailto:julien.prat@cryptonext-security.com>
- [lamps] PQC KEM algorithms in CMS - new draft RFC… Julien Prat
- Re: [lamps] PQC KEM algorithms in CMS - new draft… Kampanakis, Panos