IETF Logo Mail Archive

[lamps] PQ-composite OR or K-of-N logic

"Kampanakis, Panos" <kpanos@amazon.com> Fri, 22 April 2022 03:00 UTC

Return-Path: <prvs=104867b27=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1765C3A07BA for <spasm@ietfa.amsl.com>; Thu, 21 Apr 2022 20:00:43 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.61
X-Spam-Level:
X-Spam-Status: No, score=-14.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkxdvoP3sIe7 for <spasm@ietfa.amsl.com>; Thu, 21 Apr 2022 20:00:38 -0700 (PDT)
Received: from smtp-fw-9103.amazon.com (smtp-fw-9103.amazon.com [207.171.188.200]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C5A7D3A07B5 for <spasm@ietf.org>; Thu, 21 Apr 2022 20:00:38 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1650596438; x=1682132438; h=from:to:subject:date:message-id: content-transfer-encoding:mime-version; bh=upwuLH6L1PN3pLEZAE+HYr6GqadVFS94YzVdZkTeOAo=; b=l5745FqNFHqw26TSljYIuYoVvtwrKz3HplrkcVHXACz41yLKwXNkPzA6 TUITi7ypl86oXuTLusCsSAdd1NMeW287Aq4QI0ygPXCGh2K7tpBX6Og7i vFqB2INE5bCKbvE/JXaRuIMkAFBi5LLDE1atZed1VxFRwxtCYbkPIeQWV w=;
X-IronPort-AV: E=Sophos;i="5.90,280,1643673600"; d="scan'208";a="1009754673"
Received: from pdx4-co-svc-p1-lb2-vlan2.amazon.com (HELO email-inbound-relay-pdx-2a-cb1ffea5.us-west-2.amazon.com) ([10.25.36.210]) by smtp-border-fw-9103.sea19.amazon.com with ESMTP; 22 Apr 2022 03:00:22 +0000
Received: from EX13MTAUWB001.ant.amazon.com (pdx1-ws-svc-p6-lb9-vlan2.pdx.amazon.com [10.236.137.194]) by email-inbound-relay-pdx-2a-cb1ffea5.us-west-2.amazon.com (Postfix) with ESMTPS id 78F2660EED for <spasm@ietf.org>; Fri, 22 Apr 2022 03:00:22 +0000 (UTC)
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Fri, 22 Apr 2022 03:00:21 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D01ANC003.ant.amazon.com (10.43.157.68) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Fri, 22 Apr 2022 03:00:20 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.033; Fri, 22 Apr 2022 03:00:20 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: LAMPS <spasm@ietf.org>
Thread-Topic: PQ-composite OR or K-of-N logic
Thread-Index: AdhV9Rf0dKtEp6K7TUGSt7lMX+2Vvw==
Date: Fri, 22 Apr 2022 03:00:20 +0000
Message-ID: <f2fb2b2459fe42818348838eb14cc2ac@EX13D01ANC003.ant.amazon.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.156.129]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/iZJDuH4kMQj7_9gMHOI_LDSJYHM>
Subject: [lamps] PQ-composite OR or K-of-N logic
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 22 Apr 2022 03:00:43 -0000

Hi all,

This was discussed in the interim meeting yesterday, but I promised to also bring it up to the list. 

https://datatracker.ietf.org/doc/draft-ounsworth-pq-composite-sigs/ includes a Composite-OR and a Composite-OR-Legacy mode. And Mike also mentioned K-of-N logic in the meeting. These allow for the signer to define the verification logic of the composite signature. As many pointed out in the interim meeting yesterday, it is counter intuitive for the signer to tell the verifier what to verify. If the verifier does not trust one of the signatures in the composite signature it can make a decision on what to do based on its policy. It could fail unless all sigs verify or do something else. 

Adding granularity in the signature to tell the signer what to do not only changes what we know and use today, but it also opens cans of worms with complexity and mistakes that could happen in implementations. 

I suggest to just define one mode. That is a composite sig is two signatures of the same thing with two algorithms using two keys. The signer is supposed to verify the composite signature. How it does that is beyond this draft. 

Rgs, 
Panos

v2.23.0 | Report a Bug | By Email