IETF Logo Mail Archive

Re: [lamps] PQ-composite OR or K-of-N logic

"Kampanakis, Panos" <kpanos@amazon.com> Wed, 27 April 2022 14:31 UTC

Return-Path: <prvs=109a7e904=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CF08C18352F for <spasm@ietfa.amsl.com>; Wed, 27 Apr 2022 07:31:46 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -10.173
X-Spam-Level:
X-Spam-Status: No, score=-10.173 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.575, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, USER_IN_DEF_SPF_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id QnVAIYy9GDjc for <spasm@ietfa.amsl.com>; Wed, 27 Apr 2022 07:31:45 -0700 (PDT)
Received: from smtp-fw-2101.amazon.com (smtp-fw-2101.amazon.com [72.21.196.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id ABDEEC180A6C for <spasm@ietf.org>; Wed, 27 Apr 2022 07:31:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1651069906; x=1682605906; h=from:to:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version:subject; bh=+UuGgQTr4WXN/hSzm+UNmqfiOOt5Ifrz4lMWVPQfpIs=; b=vwlnzYn0t4GNvfUw0BUpk7c6oqt5VQOqMGgdXlIK7B2csMUx/LUr8kl0 KYhWb2XiQnMqJLEdSZaUxwVyks78ZK6TAGr9YOhu9w8ZKWEwZyElwRO48 oo5MnkFOOxUORO2yg9bxogH4xc7kEOfe7ZBt/4JChf/B70BFnyIOkrjm/ s=;
X-IronPort-AV: E=Sophos;i="5.90,293,1643673600"; d="scan'208";a="193483624"
Thread-Topic: [lamps] Re: PQ-composite OR or K-of-N logic
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-iad-1a-a31e1d63.us-east-1.amazon.com) ([10.43.8.2]) by smtp-border-fw-2101.iad2.amazon.com with ESMTP; 27 Apr 2022 14:31:27 +0000
Received: from EX13MTAUWB001.ant.amazon.com (iad12-ws-svc-p26-lb9-vlan3.iad.amazon.com [10.40.163.38]) by email-inbound-relay-iad-1a-a31e1d63.us-east-1.amazon.com (Postfix) with ESMTPS id 7C729C1A75; Wed, 27 Apr 2022 14:31:26 +0000 (UTC)
Received: from EX13D01ANC001.ant.amazon.com (10.43.157.154) by EX13MTAUWB001.ant.amazon.com (10.43.161.207) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Wed, 27 Apr 2022 14:31:25 +0000
Received: from EX13D01ANC003.ant.amazon.com (10.43.157.68) by EX13D01ANC001.ant.amazon.com (10.43.157.154) with Microsoft SMTP Server (TLS) id 15.0.1497.32; Wed, 27 Apr 2022 14:31:24 +0000
Received: from EX13D01ANC003.ant.amazon.com ([10.43.157.68]) by EX13D01ANC003.ant.amazon.com ([10.43.157.68]) with mapi id 15.00.1497.033; Wed, 27 Apr 2022 14:31:24 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>, LAMPS <spasm@ietf.org>, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
Thread-Index: AQHYWj7amAfxt9QxREmuHbMbsnrpWq0DyX4g
Date: Wed, 27 Apr 2022 14:31:24 +0000
Message-ID: <b17a8b3e607540b3aa850c8a63a610b9@EX13D01ANC003.ant.amazon.com>
References: <f2fb2b2459fe42818348838eb14cc2ac@EX13D01ANC003.ant.amazon.com> <29E39FB1-D8E5-40E9-AFC0-5A8EBBB705DF@vigilsec.com> <DM6PR11MB38025338B4FA3AED0AA99E3196F79@DM6PR11MB3802.namprd11.prod.outlook.com> <1312783.1650733573@dooku> <423419504256427b83c889f9b5c607b7@EX13D01ANC003.ant.amazon.com> <CH0PR11MB5739266C7EE710B6FB0B8AE99FFA9@CH0PR11MB5739.namprd11.prod.outlook.com> <D413CD79-235F-4C90-AA24-3C983BF15911@ll.mit.edu>
In-Reply-To: <D413CD79-235F-4C90-AA24-3C983BF15911@ll.mit.edu>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-exchange-transport-fromentityheader: Hosted
x-originating-ip: [10.43.156.57]
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/k2rD73veVA-Mx7QGONSgdPK68rs>
Subject: Re: [lamps] PQ-composite OR or K-of-N logic
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Apr 2022 14:31:46 -0000

Note my argument was not against an OR mechanism as a form of preventing flag days. My argument was that if the verifier does not have the mechanism built in already, then you will need some sort of a flag day or a negotiation. 

Fortunately, even in cases where you can't negotiate, we don't need a flag day because the logic is built in the verifiers already. Two examples 
1) CMS. RFC3852 was not clear about how to treat signatures from multiple signers for CMS and RFC4853 came to explain that when CMS carries many signatures you can verify one for one signer and then you can move on. 
2) UEFI / code signing. In UEFI, that happened with the transition of EFI signatures with SHA-1 digests to SHA-256 which was going to be a problem and require some sort of a flag day for old verifiers. The Windows Portable Executable (PE) format used to sign EFI binaries allows for multiple signatures. The signature is embedded in the PE file in a location specified by the Certificate Table entry. The signature stored in the location is in a bCertificate binary array which includes the PKCS#7 SignedData. Multiple signatures can be embedded by including multiple Certificate Table entries that point to different bCertificates. It is common for PE images to have dual/multiple signatures, a feature that is supported by many code signing vendors. Micosoft’s Authenticode code-signing technology and Tianocore, the UEFI open-source implementation, support verifying multiple PE signatures as well. So, when you are migrating you add both the old and the new signature and verifiers verify what they understand. 

Note, in these examples the verifier applies the logic it is supposed to apply (OR in these cases) which is what I am advocating for.  The signer or CA definitely does not define what the verifier is supposed to do. 


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Blumenthal, Uri - 0553 - MITLL
Sent: Wednesday, April 27, 2022 9:57 AM
To: LAMPS <spasm@ietf.org>
Subject: RE: [EXTERNAL][lamps] [EXTERNAL] Re: PQ-composite OR or K-of-N logic

CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.



> > The only way to avoid a flag day is to negotiate
>
> Careful with this thinking; there are things in the world besides than 
> TLS and IKE; How does one negotiate with an S/MIME encryption cert 
> that you find in a directory, or a signed firmware binary that you're 
> trying to verify in a bootloader?

Absolutely!  100% agree with Mike here.

v2.23.0 | Report a Bug | By Email