IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 17 March 2021 15:42 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8F8533A107D for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 08:42:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id I41TVC6aQAIe for <spasm@ietfa.amsl.com>; Wed, 17 Mar 2021 08:42:46 -0700 (PDT)
Received: from mx07-0015a003.pphosted.com (mx07-0015a003.pphosted.com [185.132.183.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C824C3A107C for <spasm@ietf.org>; Wed, 17 Mar 2021 08:42:45 -0700 (PDT)
Received: from pps.filterd (m0242864.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.16.0.43/8.16.0.43) with SMTP id 12HFZWdq002348; Wed, 17 Mar 2021 10:42:43 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=oi/kvxsJd2HkBdTZSYafA5UbLYgM/UF5hcBrvOAcbGI=; b=f+TmNsZuMTgWrKvNihlt7sminUGaFiY9MyV4JGwtm/OlO/2qoVrbrPBX55BmyaIyj/sr RLod6JWTEmkvzGK0XowTg8ESYcqQDzGPZ56E4ESEgiX/os2anB2NtlfLgGZ5NTnC7bjl AYu/A1AWSJ/jswk4l153X4jA4oe51j6zlBb4Yed8tnuO5yB3Hxf3TdiJXoloL7ZW1USU FSByplu73wgi0n3WoU5cLAbMlMLpMy3lyCcKp/IqZUhHjFhILJBVGufJA2BEXnS/H3Kf 6mBmd5PQzTPbEDABBfPH8e4pAD6Ys31+3CydUKca2Yc1+b7/YrVjHH7LBcwkZyQ7cT6i cw==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2177.outbound.protection.outlook.com [104.47.59.177]) by mx08-0015a003.pphosted.com with ESMTP id 378ty80urj-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 17 Mar 2021 10:42:43 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=K/5Lfcg9vAN2oMlPP/oLKsDF9qTqu1cfyFl5SqejiDFJR70qqG2kRHqfP7tlUcUZ9YbMpER2L+CrGc8i7vrEIN4j+OSCw1M9yzjooDsZVfAi0qHvwuqTTmrjOLiFMG7TtNdqs0oEbzF0kVvVf7QyHz3ucycgEi2WuAQRUHEPKM+L3zm+l8jQaVekFMsnDY8MJR2AkXeDoiw9I/efJMYtMdb74+/v4piVQmbTtPQjdQhtw+R7zBQzu90U+dC+QQDU+mMNsavtU+np8gmjd7FCfSysf+QGnRF9lAmNw7UHrXKoYVSnq1vXb9OhJp0gTh7ls69fFLTdG0gj06YIQBzy6w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=oi/kvxsJd2HkBdTZSYafA5UbLYgM/UF5hcBrvOAcbGI=; b=hnvN8kfyMw9AiuSwRsQ9ahK1sdGtVlNQC78L1Wv0jfxz4dXxkbk9s6RujcqqZpfFYF0wZQ6zOEdY823nGdqiZaun1T/qAAnTeWuiHKSCjWZ6XwL5xPbyGm3a83GCUKIw5rlD8UsVGUztskeQMnq1as0A/NI1fGTDuIPEJeywxLbEX/GDooysR72Dkg+i+MIv9AKXXfZhJ/MHqlJouzlnb+34LKaTXfx4vYpz6BTxpZ4T7fuinugXvAGGZrGD+1tIGY8nDVlbdnwfy2VY6DbAMvAccVh87PC8yt8avfEUAX6Xdo6G4gx852tU6cFMqV0a/vG1TDi6FYZoHr0wNzcK0w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB4380.namprd11.prod.outlook.com (2603:10b6:5:14e::20) by DM5PR1101MB2236.namprd11.prod.outlook.com (2603:10b6:4:58::18) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.3933.32; Wed, 17 Mar 2021 15:42:40 +0000
Received: from DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13]) by DM6PR11MB4380.namprd11.prod.outlook.com ([fe80::a500:2ae3:a6c4:bc13%4]) with mapi id 15.20.3955.018; Wed, 17 Mar 2021 15:42:40 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Nick Lamb <njl@tlrmx.org>, "hendrik.brockhaus@siemens.com" <hendrik.brockhaus@siemens.com>, "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL] [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern
Thread-Index: AQHXGz57WE8Pfz4N0UGXHhog4LzG2aqITcGQ
Date: Wed, 17 Mar 2021 15:42:40 +0000
Message-ID: <DM6PR11MB43807A80242CC755A6AE06BF9F6A9@DM6PR11MB4380.namprd11.prod.outlook.com>
References: <20210316161932.6e2d2075@totoro.tlrmx.org>
In-Reply-To: <20210316161932.6e2d2075@totoro.tlrmx.org>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: tlrmx.org; dkim=none (message not signed) header.d=none;tlrmx.org; dmarc=none action=none header.from=entrust.com;
x-originating-ip: [206.214.228.99]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 306d4968-be49-4031-fedd-08d8e95b4c43
x-ms-traffictypediagnostic: DM5PR1101MB2236:
x-microsoft-antispam-prvs: <DM5PR1101MB2236D207ED879459BA94AAAE9F6A9@DM5PR1101MB2236.namprd11.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:8273;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LlFXXlwVX9nbsn4L4Ep8ixA8nJnLvR1bKERuH2m/aj4BhH89GhVdXhgVaFSSaSY65RKngHvOjeLiOV3er5QzXLLN57lHHQwIw15Akhjqs2vaTUptMJvLcopH+/gDOFhJjoJ2VadZjdeGSXKtdo/ahoc9/3DJukfQWoRAoSMASEwip2c82izAyVwPYNQVvLVlrVAe7OMKK8bJslwokJzHpGelzoKYg6LN4E8+kF1140Q0z9ehhVnNjNqlPEWW+5VrRVBjTO+QX2UIq+dyPEn8bVAlik5z9Bg9fSFDXcSL29qUZM+Mcjwg8FwzwOkeY3lAxyCMpGy59OLDKqkr3ipS3lApqQ3cSyWP4BwCghcGmJ4qs8B+URqEHnfJZ7jYG7Diof5ACTkdRICkH5RHeCgrK9mGaMjjxHifDyn2zYxchbcTVq/itH55akifD+NsZpnVyK/2CIbhiLjMGVRzicYfwiSPh23QMVnlHC/OJq5PI2ZeO+ttxJ2rhuhM/0OAGD3r6zaTtLhBSk84iExizidPHngyPj6wsbd4Xwwxz9KtjZgDoiQCExAHRoMFXXehvCcOFXGIzjyFcrng9cRIUkUiV0amMsRUX03tewUozX37TL7TYy/KhHqjqUR4XxHZ2f5Aht3Lw3pbzahQM2Ga6eNd9w==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB4380.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(39860400002)(396003)(346002)(136003)(376002)(366004)(7696005)(316002)(26005)(83380400001)(8936002)(66556008)(9686003)(66446008)(478600001)(110136005)(71200400001)(8676002)(6506007)(66476007)(64756008)(53546011)(52536014)(66946007)(76116006)(5660300002)(966005)(86362001)(55016002)(2906002)(33656002)(186003); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata: OIN8TRrONXvDPCiALr3BeLL6tqQZWs6NJxblmOAz2s24G4Ab/YYFOAoucWGQ5I1EVldkyFTHxP1+ANJM9NzhgCDjl4nGbg5Fg06XLExJpZOEQ8q2AXW36KaAvp3VCQaqTNbBIR4g43Ld+u9xMfn0eVsoSLWARHvu6qTN+7/OFM5qQ8jiKMPJx73y1+fFT2VsP5hPpa0NYwJI71ZDinj+b69gaPzP+agf9OdN2RmDIXdN6yEfXcqn/+EnzRSxSLd5mk2cj+ji0/lwqo5JCov8PCHwpVtZ+rhLrq3CE7JZtMHG3UK19WOgJCrGBkDDrV52Of3CEPRFBplGG26bar8qt558bmtibe7iZtt/UgGjRuQ8SN2PRqm8bRRX/R05yXkVAoEg7PiUWoFp/dwU411rRz/hiJT5m/uYjfbOH9XQgyBw6vhg0D74yuEbw9Qw88cipkJdDEHBM1QWUAPj7d+naHjg5XedouH/5MN02Mrk8vg0DH69mqKuxMJZwLE2GEsXgIVwfprTHRRlcRNWSSyksYy1HhxOKYdj78lf2IpXYW4cic0WwHBa3I1P1XBE24xsHrUL7lene8waGAIVEo/LdFoGUlSjT3BFd9P+TswF3wd26hIAodO2SpX/V98w6qr83MhUunuOHqt4Y3bYmFDr0+SdTTxNCpphTtCOOqWkyFWG/VlcotYcqLLx2ScN0pzgS8WLFtRJROlP9VAoM9u/ItF9vWspj5Szxlm5W/mR9E7fL9C08rhyGEiKHMpE+LEDRiV8CNf1zHFqrxKG8edcBi6REcRIf1J+1uxZfZEa7uG53xCctw5fQK89QHa2yaJXI6CpbMBntkRRW7TX4/HOw71bIPHrhiJAwQG4fqoEaI+KBnuoWObhmmNa2VJkGR4tWgP6+TOzsCEBrhZCfFj81ASrs77CLb59b9OlPs7S+n6jdxQv3b8WJMPHHrpV5JnCTl+TCq632yD+ern504Lw8BFaH7iLlBBYP4nfPsRoE3PxfSslspoSUC00OBeXkEgrAviAyadJa1jP4lF2+8jvDU1y5pQKB7yT42xmltMq9d7AxD9dQfTmjvu5u6j0I4CjuabqM27EyTWvJCVgXSau/qDfLwtim+r7xA3SMxO+LFk3UAZksl8oOmQiHb+2pcxSGSgmS0QWzHI/MjWTYbbUuBsXH9Bd7Yc9QIPYIH1CajR6y37shK+Ggd222t6kbyvcnVjGRhhYjpweNEyMI35XK8XkHkOYZ2gnF5s9OptPS8OoeXJViXlZLAr5G+nfvqsa/i0tpi2DLJX70bNRBuCbrTLVIafrzUlerWGmEtqTIAhuFnXGfpv5Noe8iRBJbZh4
x-ms-exchange-transport-forked: True
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB4380.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 306d4968-be49-4031-fedd-08d8e95b4c43
X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Mar 2021 15:42:40.2446 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Q8cZcpXh7mgKzDnde0j821C+5fFGJ76BZT2Io/SmxxXHr4co3zJsOOTkTOejbtWv6/PUGfQU8mv9S64GVffgJY5980HQan96ypckaeMeSso=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM5PR1101MB2236
X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:6.0.369, 18.0.761 definitions=2021-03-17_10:2021-03-17, 2021-03-17 signatures=0
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 clxscore=1011 spamscore=0 priorityscore=1501 mlxscore=0 suspectscore=0 bulkscore=0 mlxlogscore=999 adultscore=0 impostorscore=0 lowpriorityscore=0 phishscore=0 malwarescore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2009150000 definitions=main-2103170112
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/imXnLjAPqVLvrPDOTfpGOyd9uQA>
Subject: Re: [lamps] [EXTERNAL] draft-ietf-lamps-lightweight-cmp-profile-05 concern
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Mar 2021 15:42:48 -0000

Hi Nick,

That's what PAKEs are for, right? If I'm following the TLS WG properly, the TLS 1.3 PAKE draft (draft-barnes-tls-pake) expired in 2019 and PAKEs did not make it into 1.3. Is that right?

Looking at Hendrik's slides and I-D, I see proposals for specifying TLS 1.2 and 1.3 PSK cipher suites. I also see in the draft:

   *  The client MUST use its shared secret information for
      authentication.
   *  The server MUST use a suitable shared secret information for
      authentication.

Nowhere does it refer to this shared secret as a "password". I assume this shared secret will be some kind of registration code that a PKI operator distributes out-of-band to the end entity requesting the certificate? Seems a bit out of scope for a CMP RFC to put constraints on how that is generated.

So I suppose this email thread boils down to a request to add a "garbage-in, garbage-out" security consideration statement to the draft that a low entropy shared secret will result in a low entropy TLS session?

---
Mike Ounsworth

-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Nick Lamb
Sent: March 16, 2021 11:20 AM
To: hendrik.brockhaus@siemens.com; spasm@ietf.org
Subject: [EXTERNAL] [lamps] draft-ietf-lamps-lightweight-cmp-profile-05 concern

WARNING: This email originated outside of Entrust.
DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

______________________________________________________________________
Hi

I am not a LAMPS working group member, but I watched a video of the presentation of this ID at IETF 110 on Youtube.

I noted with concern that the presenter suggests TLS 1.3's PSK modes are suitable for use with a password.

This is _explicitly_ not the case. To quote RFC 8446:

"Deriving a shared secret from a password or other low-entropy sources is not secure.  A low-entropy secret, or password, is subject to dictionary attacks based on the PSK binder.  The specified PSK authentication is not a strong password-based authenticated key exchange even when used with Diffie-Hellman key establishment."

If CMP or LAMPS generally needs a way to use passwords to authenticate TLS it's worth reaching out to the TLS WG to ask them what you should do here, or contrariwise if this profile for CMP is to use PSKs it should likewise make explicit that you must not use passwords and similar human memorable low-entropy secrets.

Nick.

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!I5B4z3nBjk83j5emJqmOydz-dI4c_Lj4PXWDA4IItw2znDIALakjPklbFa0pKhZIf1rnybj-xQ$

v2.23.0 | Report a Bug | By Email