Re: [lamps] [EXTERNAL] X.510
"Erik Andersen" <era@x500.eu> Wed, 16 October 2019 13:47 UTC
Return-Path: <era@x500.eu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D43301200D5 for <spasm@ietfa.amsl.com>; Wed, 16 Oct 2019 06:47:25 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.397
X-Spam-Level:
X-Spam-Status: No, score=-2.397 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_INVALID=0.1, DKIM_SIGNED=0.1, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=neutral reason="invalid (public key: not available)" header.d=x500.eu
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KtcGEOuHtWje for <spasm@ietfa.amsl.com>; Wed, 16 Oct 2019 06:47:21 -0700 (PDT)
Received: from outscan1.mf.dandomain.dk (outscan1.mf.dandomain.dk [212.237.249.58]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 95AA112006B for <spasm@ietf.org>; Wed, 16 Oct 2019 06:47:21 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by outscan1.mf.dandomain.dk (Postfix) with ESMTP id 427604068A72; Wed, 16 Oct 2019 15:47:19 +0200 (CEST)
Received: from outscan1.mf.dandomain.dk ([127.0.0.1]) by localhost (outscan1.mf.dandomain.dk [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0NO-HuWfMxVe; Wed, 16 Oct 2019 15:47:18 +0200 (CEST)
Received: from mail-proxy.dandomain.dk (dilvs03.dandomain.net [194.150.112.64]) by outscan1.mf.dandomain.dk (Postfix) with ESMTPA id C499040689D0; Wed, 16 Oct 2019 15:47:15 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=x500.eu; s=dandomain; t=1571233638; bh=/4ebB6aiCWkWIIg4pJbJk2o5K9oGfpr2b2XMzbwjlhE=; h=From:To:Cc:References:In-Reply-To:Subject:Date:From; b=CqbG1mOO2ilk/HvC8/aZSRZmQsbOuTELyUPyHhFuk136F+KEbaLLADwDaHdzRMxDM Z56UYkcgC+aITe6KbKlG9yAYAcC1GtViauyOFmBeJ3pCbAgLHNTKZdUXRWVYomxBkw 5gAcH40/JpVSqRO1WEBrFjJZH/KbdvWGRIongkyFtW4jafC+0etK8CtMEPKXed1Tql CGLeRuZpgP8R6hmZ3xfOETPCO77zuKnTqVVEuvjHeULNmipzm8+UYjtTz8WOhSY6wU RWidu8RBdk4SKAIj1GPT/XTWvHHpI1w7HdkOzVRF0S/GBfnGPORHQR5k4pHlZyKicX bepC+kV6hhMuQ==
From: Erik Andersen <era@x500.eu>
To: 'Max Pala' <M.Pala@cablelabs.com>
Cc: 'Mike Ounsworth' <Mike.Ounsworth@entrustdatacard.com>, LAMPS <spasm@ietf.org>
References: <000601d57081$5afa8fc0$10efaf40$@x500.eu> <01fd886909e94b0ab9c353958f46a45e@PMSPEX05.corporate.datacard.com> <002201d572b2$0815f6e0$1841e4a0$@x500.eu> <MN2PR11MB37106863E5A2CE52D8125EE39B9D0@MN2PR11MB3710.namprd11.prod.outlook.com> <001201d57931$5cf5aae0$16e100a0$@x500.eu> <MN2PR11MB371042A094FEF6DFB48686739B9C0@MN2PR11MB3710.namprd11.prod.outlook.com> <MN2PR11MB3710E5D4E6BF79C1E5A42DDE9B940@MN2PR11MB3710.namprd11.prod.outlook.com> <308C443D-1AB3-4D6F-959B-B4AD5649E757@cablelabs.com>
In-Reply-To: <308C443D-1AB3-4D6F-959B-B4AD5649E757@cablelabs.com>
Date: Wed, 16 Oct 2019 15:47:15 +0200
Message-ID: <002601d58428$39ed7800$adc86800$@x500.eu>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Mailer: Microsoft Outlook 15.0
Thread-Index: AQISoDp2LBZNpXW83TH/US3RFiUrOAFnm8W/AmSLsb4Byz/iDgI39cnCAuCbG7gDTSVZCQIiCZT8pmHWRGA=
Content-Language: en-gb
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/jICZ_jPCeAY-Zj9Xt3PVVkLyHPQ>
Subject: Re: [lamps] [EXTERNAL] X.510
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Oct 2019 13:47:26 -0000
Hi Max, Thanks for your comments. They are useful. Currently the work on X.510 and the Internet draft have no overlap and they have different scopes. The X.510 concentrates on migration issues and requires only a single signature to be verified. We not are considering multiple signatures to be verified for added security, although this could be added but it would have to be combined with the migration issue (how do we migrate from current use of a single digital signature to use multiple signatures to be verified). Avoiding multiple specification with the same scope can only be done if only one organization develops the specification and the other one unitizes it. However, it becomes difficult if our use of ASN.1 is quite different. It will difficult to adapt the information object classes defined in RFC 5912 to our specification and to the specifications within smart grid security (IEC TC 57 WG 15), where it has been accepted to refer to X.509 rather than RFC 5280 to make use of the new capabilities added to X.509. Best regards, Erik -----Oprindelig meddelelse----- Fra: Max Pala [mailto:M.Pala@cablelabs.com] Sendt: 15 October 2019 01:55 Til: Erik Andersen <era@x500.eu> Cc: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Emne: Re: [lamps] [EXTERNAL] X.510 Hi Erik, Mike, I just wanted to take the opportunity to introduce myself - I am Massimiliano ("Max") Pala, one of the authors of the draft and original author behind the OpenCA projects and labs. I also wanted to join Mike in stressing the importance of not having multiple specifications - I am currently working for CableLabs and we manage and run the DOCSIS(r) PKI - which is one of the largest PKIs in the world with roughly 3 Billions certificates installed and deployed in devices across the whole world. Our work has originated from the need to protect our PKI(s) for the next 50 years and we needed a new tool to secure our Trust Infrastructure in these uncertain times. Our interest, however, it is not only for the Cable industry - we do work closely with many ecosystems where we provide certification services (from OCF to SunSpec, from CMI to WBA): also these environment require solutions that can help protecting their assets even before the factorization problem becomes a reality (and a security nightmare for everybody __). I am looking forward to our conversation and future collaboration - I think we have a simple, elegant, and useful solution/tool for our PKI toolboxes and the right time has come to finally standardize it. Again, very nice to virtually "meet" you and looking forward to future collaborations! Cheers, Max On 10/10/19, 8:06 AM, "Mike Ounsworth" <Mike.Ounsworth@entrustdatacard.com> wrote: FYI - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Mike Ounsworth Sent: Wednesday, October 2, 2019 10:52 AM To: Erik Andersen <era@x500.eu> Subject: RE: [lamps] [EXTERNAL] X.510 Thanks Erik! Our group has put over 2 years of bi-weekly meetings into this topic, so I hope we have some valuable ideas to contribute! Perfect, let me know when you are back from your travels. I look forward to a chat. - - - Mike Ounsworth | Office: +1 (613) 270-2873 -----Original Message----- From: Erik Andersen <era@x500.eu> Sent: Wednesday, October 2, 2019 9:55 AM To: Mike Ounsworth <Mike.Ounsworth@entrustdatacard.com> Subject: SV: [lamps] [EXTERNAL] X.510 Hi Mike, Thanks a lot for your answer. I am quite interesting in your proposal. Having competing specifications is not good for the industry. Next week I am going to a meeting in IEC TC57 WG15 on smart grid security and quite busy preparing. When returning I will come back to you. In the meantime, I will read your draft. I have read the ISARA internet draft. Best regards, Erik -----Oprindelig meddelelse----- Fra: Mike Ounsworth [mailto:Mike.Ounsworth@entrustdatacard.com] Sendt: 01 October 2019 17:23 Til: Erik Andersen <era@x500.eu>; 'LAMPS' <spasm@ietf.org> Emne: RE: [lamps] [EXTERNAL] X.510 Hi Erik, This is joint feedback on X.510 from the group of authors who worked on the composite pubic keys and signatures draft (https://tools.ietf.org/html/draft-ounsworth-pq-composite-sigs-01) and some overlap with the authors of the hybrid certificates draft (https://tools.ietf.org/html/draft-truskovsky-lamps-pq-hybrid-x509-01) which is now being pursued at ITU-T by ISARA. 1. X.510 section 6 defines MultiplePublicKeyAlgo identifiers and params, but seems to be missing a definition of the public keys themselves. If the idea is to concatenate multiple public keys into the single existing octet string, it's probably important to define that encoding. See our draft for how we thought to define that structure: https://tools.ietf.org/html/draft-ounsworth-pq-composite-sigs-01#section-2.3 . 2. X.510 Annex G: the mechanism you define relies on the use of ASN.1 extension marks, which were introduced to the SIGNED structure in X.509 rev 7 (2012), and are not included in the ASN.1 structures of the X.509 profile in IETF RFC5280 (2008). I see that you address that on p. 72 in the paragraph "If extension marks are not supported", basically saying to use the MultiplePublicKey definitions from section 6. This is not a problem for your draft, but we wanted to point out on this mailing list that IETF and WebPKI can't use the mechanism proposed in Annex G without updating RFC5280 and relying implementations to support ASN.1 extension marks. 3. For both mechanisms (section 6, and Annex G), have you thought about stripping attacks, where say the attacker cracks the weaker of the two signatures and then replaces the other public key with one that he controls? I suppose this needs to be addressed at the protocol layer, and therefore is out of scope for section 6 / annex G, but we still wanted to mention it on this mailing list. 4. Perhaps it makes sense to harmonize the ASN.1 structures between X.510 and our IETF draft(s). Would you be open to joining a phone call with our author group? -Mike Ounsworth, Representing the authors of draft-ounsworth-pq-composite-sigs -----Original Message----- From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen Sent: Tuesday, September 24, 2019 3:28 AM To: 'LAMPS' <spasm@ietf.org> Cc: Mark Pecen <mark.pecen@isara.com>; Jean-Paul LEMAIRE <jean-paul.lemaire@univ-paris-diderot.fr> Subject: Re: [lamps] [EXTERNAL] X.510 Hi Mike, A good point. Having multiple algorithms for added security and not just for migration is not really considered in draft X.510, which could be a miss. We will see if we can get that aspect into document during its final ballot round where in principle only editorials are allowed. Anyway, we will probably need an edition 2 quite quickly. Best regards, Erik -----Oprindelig meddelelse----- Fra: Spasm [mailto:spasm-bounces@ietf.org] På vegne af Mike Ounsworth Sendt: 24 September 2019 05:51 Til: Erik Andersen <era@x500.eu>; LAMPS <spasm@ietf.org> Emne: Re: [lamps] [EXTERNAL] X.510 Hi Erik, I found your slides https://docbox.etsi.org/Workshop/2019/201906_ETSISECURITYWEEK/202106_Dynamic NatureOfTechno/SESSION03_CHANGINGCRYPTOGRAPHY/ANDERSENSLSERVICES_ANDERSEN.pd f, explaining the rationale behind X.510. In it, you say: * A back level recipient will ignore the alternative algorithm, but validate according to the native one * An advanced recipient will validate according to the alternative algorithm In attending post-quantum conferences, for example the NIST PQC, there is a strong call for "hybrid" modes where *both* algorithms are validated because we don't fully trust the new stuff yet. So this may not be simply a migration issue, but a more long-term issue of combining algorithms for increased security. Do you have an opinion on whether X.510 in its current form would be appropriate for hybrid modes, and whether your language should be adjusted to be "native algorithm and alt algorithm" as opposed to your current "native algorithm or alt algorithm" ? - - - Mike Ounsworth | Office: +1 (613) 270-2873 From: Spasm <spasm-bounces@ietf.org> On Behalf Of Erik Andersen Sent: Saturday, September 21, 2019 8:35 AM To: LAMPS <spasm@ietf.org> Subject: [EXTERNAL][lamps] X.510 WARNING: This email originated outside of Entrust Datacard. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ________________________________________ Within ITU-T and ISO we have developed a new specification, Rec. ITU-T X.510 | ISO/IEC 9594-11, which now is out for final vote. There is a link to | it https://www.dropbox.com/s/qzzuy9hu2vjz9qw/X.510-dis.pdf?dl=0. We expect to complete it by March 2020. Any comment any of you might have will be highly appreciated. Best regards, Erik _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm
- [lamps] X.510 Erik Andersen
- Re: [lamps] X.510 Russ Housley
- Re: [lamps] [EXTERNAL] X.510 Mike Ounsworth
- Re: [lamps] [EXTERNAL] X.510 Erik Andersen
- Re: [lamps] [EXTERNAL] X.510 Mike Ounsworth
- Re: [lamps] [EXTERNAL] X.510 Erik Andersen
- Re: [lamps] [EXTERNAL] X.510 Erik Andersen