Re: [lamps] Multiple drafts with PQ algorithm key encodings that are not compatible.
Tim Hollebeek <tim.hollebeek@digicert.com> Thu, 29 September 2022 14:28 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EC2FEC14F72F for <spasm@ietfa.amsl.com>; Thu, 29 Sep 2022 07:28:30 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.677
X-Spam-Level:
X-Spam-Status: No, score=-2.677 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.571, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=digicert.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xrAavdtA3Xs7 for <spasm@ietfa.amsl.com>; Thu, 29 Sep 2022 07:28:27 -0700 (PDT)
Received: from NAM10-DM6-obe.outbound.protection.outlook.com (mail-dm6nam10on2123.outbound.protection.outlook.com [40.107.93.123]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1ED34C14F72C for <spasm@ietf.org>; Thu, 29 Sep 2022 07:28:26 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=Iup+GFSYtaRXtlb2t1U4tBvpMuT6KzJYDe0uEuMj5bhR6N4D478no13130BDhD/lXshO5yPbj0V4GrGnMfywXaiz1iV31Is48sppHVmmtsT83o+bXd21q5uXXY6L5Q1oEK6dDDuSHNIIJA+bOXv5yQcmm/2vQBNAXCbA3vepuAnb3GmEnZYYXnyZgv+Mb0k1pHdmuNwGlxVjUXCqLTCogu+nyslNObFp70oe6sUZ+TjTK1yT2IIBXJLfYtifSJJP0xXpJpGAdWyJayBUAHg53elt7kIUibf/JWC7HPQ/isq93R5c/+NjtfZGIrlYNzCqFUWH7sNo+47IFB4QF223xg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=w/VUw5bV8LSlL7P1PTZrORR6rJJdHJ7qqqzi09FRNaE=; b=ejuMEbpRZbgUJ3wE28WZrE0VKYVypDpCiBhxnNEYHBLGc6sFTVTIukJ5VZIjAmMaMh8Kq+9VcJ6aImKelVGv6HFKp91TtOqRwknoezE6hGNNJB7RhIIYcs8L90aIFbvIfxPjeZ0lrYaWjIGguAoeu0O3YRlJERn/wt4QdoluytitlN66hCS5sZUnISz5/8EwmZg8tIkt+ZmK1f56g6ECNDKhaHe1NfhKPzDvuaCddhJJMT2koA53Bsr0sA0K41IqwbchsVoIH0Wmg8yPG6VsShwDa8iP5F1H1fNvVZdrAfZeeOBtNY0Wq1GR8sXuy0h3Nbil5Gio735WTO+zMYB2xA==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=digicert.com; dmarc=pass action=none header.from=digicert.com; dkim=pass header.d=digicert.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=w/VUw5bV8LSlL7P1PTZrORR6rJJdHJ7qqqzi09FRNaE=; b=uLjbjplsCFq4J4VExu5X1VwpjxVa6NZDQofpHZxuu6pX/PXS6g2aBT5LPs/HuPOkTkNLBBgEpjGyW1ND2+jE4CNOgzklWzEeZtK7RAUQGvpRbJUGR3srz7pwpetdGaKTxoi9AewbEV6Vcjb9snXGjvLoz1rwJfgsyLO2Fz9MVue6ADABqjnkR4JhdCZ/dW4jkGEpUPg+QTZFhLl2llgn3ZlWdlBmeVHYQ7ZlC8lQXImZktVcuYfRSCV/7wG3TK4H2XlLXZ8d8VtlLeRjN24cO+w/pcQTaJZJSiDw+VokvgabSi6WhOZwEVSW0d+uRHNT+IghzKekQMYzIbPe5Qet7A==
Received: from SJ0PR14MB5489.namprd14.prod.outlook.com (2603:10b6:a03:423::22) by BL3PR14MB5580.namprd14.prod.outlook.com (2603:10b6:208:3bb::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5676.20; Thu, 29 Sep 2022 14:28:22 +0000
Received: from SJ0PR14MB5489.namprd14.prod.outlook.com ([fe80::b9c7:bc21:5750:b11]) by SJ0PR14MB5489.namprd14.prod.outlook.com ([fe80::b9c7:bc21:5750:b11%9]) with mapi id 15.20.5654.024; Thu, 29 Sep 2022 14:28:22 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>
Thread-Topic: [lamps] Multiple drafts with PQ algorithm key encodings that are not compatible.
Thread-Index: AQHY1A10NnJi2Yy76UGTUpttvqaHFa32dylA
Date: Thu, 29 Sep 2022 14:28:21 +0000
Message-ID: <SJ0PR14MB5489FB0CF47FC5530C5CA48883579@SJ0PR14MB5489.namprd14.prod.outlook.com>
References: <DM6PR11MB25852643FB14014E92A5CFE1EA549@DM6PR11MB2585.namprd11.prod.outlook.com> <79AD46D5-A9C5-45F2-8E88-0359A3E2FCF3@vigilsec.com>
In-Reply-To: <79AD46D5-A9C5-45F2-8E88-0359A3E2FCF3@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=digicert.com;
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: SJ0PR14MB5489:EE_|BL3PR14MB5580:EE_
x-ms-office365-filtering-correlation-id: efc71048-dd60-43cc-285c-08daa226dc9a
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: LB/MONQ55VB+hI+uzqsRbVzfLrGsC3DcK1SbdsUbkRonaZ/RokuGJLZ/1mv02JEuoiRkl2FZS59UGwIKw50nlgJy7Wzpaf/cDijAca9yvVbCmfFZuGI/ZKXTL9Y1Rfx9KutMxq1r/nl9sKXyhqYBDVbp9wNZDA5IwJ3opyunzhgv3U/6b4rQZE1jDpRziEo7C4Q1IJDkaz/80X5HlxXLoCBkGkBFlyCEvdG/Qkw9Wc9iLUbWiqmFLkLsJL0ivFA6Hf0vs7gsoTRhPHJoupsJ/BAzctiI69KKRDk1vNGVxIVl2KkM1KeUJJnvvgsPjLzUxHEycIxU1VhFA+tvWkVe5/xNYC4hgJURy4JZkrS+6+9pErIkaagCmcvKmpq3ToZYJzr9O+uIIz4IAuLUyq2C+KjLwNbT8dTj1OR8EToC/oJdIpNUtbP7+tSuqe0J+ZFG5F7e6UKP/ctTc6anGSNjB2NXtCuLoiCsA4ain3VBGvSzIFCmoGRmywbXbAt5d+jKZAnJHAYy4Pk69d9U74vHZ2nrfGONZWDVbe3EEm53N6wYGEcpK1KiDJEgIHPlv75KajYpNHmVDnfUQXclm/jLBftJw8XDuAKDo7KeMJl+CZaLEmvt389Bw3mhQcfMdSB5TJzfO6m3bTiE0+dQJl/Sp867A/R/VhICRxjV3isJDibVamLlsAOcntvU31TghHh2c6bYx45ng6eAiXmdgzBA4VuCFsLh1FmCnAxbPbsRiGApi3k41M6r5GtLZnNjNWIunJe05Mmya/TzKctHq6a8+m0QJKSVsDCFE2FysInXehSLyoTdI7379xx06XewLBcWgx5tlQf9VRizdqgKRnjdjg==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:SJ0PR14MB5489.namprd14.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(396003)(366004)(346002)(136003)(376002)(39850400004)(451199015)(8936002)(33656002)(186003)(2906002)(44832011)(52536014)(9686003)(6506007)(7696005)(26005)(122000001)(53546011)(8676002)(76116006)(66946007)(66556008)(66476007)(66446008)(64756008)(110136005)(38070700005)(316002)(478600001)(5660300002)(38100700002)(71200400001)(86362001)(166002)(41300700001)(966005)(55016003)(83380400001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: /Zls+cH89IT1vEqbZDQXC7JGrgS8bGK5gMP9hFTG8BzvRYRCerxtc3jPVLGp0fq52Laql5i9+lKxUu1rI5WrbsGosUwTHHhshtTdKmJ1xqJI9uufa3gmOK6kspC/FXJY+wK8WCf6TAuiCY0QCXCgFy1rLrioRyzM3SGmCV5weDq2kr+F5zYFvAQMZCOPAv3D8XTwEWPzA5eMoHJI0sOH5H9D7gDpIHt3a+8vb3hoGIb0IDrqtjNK9l69iOXdE2R/zoIujItQ3dW6F4mlEPXv703WRMrN7YMIZmGDcFsl2asQcj6B8/ipI65mMLwXTzbGllzf0cDd4zj1U+e/Ie0ZV0O7YIF37osvXLfMEehkyadYoSZFotGj4VbO0Z4I6Jjri7Ks0deqKghekzOpZtQD7KRVTdv6O86/1yDR84jHOhGsATyOrrZVSM0PM/c/p3EX2VmHR0HrY789gJnBHbun/itnLUa9EK1XyBoKZexD6HuJkHCsaZ6GTBKs3mjhTBXQ6Ol+M53vTNnpqPcduAMeizPIqaC3zaLmAWF1m1MQJvSdouP9h8G+BO/xANv6hVo05d0GyB+9DYYgRgEruff0S8yIqNghzx865HYXToXSdZZGSyFlLu198JqD9M3eh0R5JkFQSxP1WMeEqv9Rd4ghNaKA+03RkZaYKMSzWNV/6gzS3E75a3DtLtdRmyUFqyYwu6w0bYmcGy6ku1RXo2GJ+BYwvMMpyBWy1tyOyUk2fSyoo30LnY5Voaf5cHAqi/5xX6wfT3QgfGWsh5NJ2mnO5csLdzEkUI4uMwCyqLqt4nHf+KDYhxLeyIvXxAnUN25Ao+lDBjlplGriwPKF7oFHE8a6hoE2To7grDIVkQAaADRPoaoAy2N1vMt8VqT//+Z6Lz5KDdxCd/GK2Cjz59zFl6d5d6ICMYhig5zVuyNMBoMACeSLvVQH9t/yMH6udp7gtHS+wd9KBsqAzgCVMEyc/meK3PX32GQCBjuALRQsyrusq2zRAIpMqM0T/JtmzaXtuhqUgx1gj6C+0HKQD5m2S+CBa6LlRmDOpXcR9xPRlQ/59MsPaZqvXhjzstN+H7FWlURXiozSQ/sneSLYs7iyCtkgLEYHGm89QpLUVOvzAPWSdPYtOqEUu2w1iD9Z+0tD5FGoWn0ZIBCJsqJFtnPTuYNsZO44FklcqPvz6FSOgVkdb3EAEDAwHSSkhHZexiFyDq5GFs51cpNsBJ6XLI6zCv+DhzE8SBYc69rS5YdiridAV3kusrOD+civdLs4dGECtLa5ALiw944sZBbHfnS1NpOdauzhkJ/0qZNba+B4wmFCD86Zw/reY3wiVrfFLvJmhiEbArcNjB75jPT862oIpzTl9TkGoPs8GtJwTagyt5Lt8NhYek06OXU/ZZRMBQcEgyo21X2GWp5A7kB+bD0IOgmqVagDZ4J/zUrxJo8XQ/HwQaxPDLAlWK/k42pFgthhsFKWIaAyV++aBd7BSxWUAX0ZqAKIH2alGpdt+lmtqEEzj9PinNDbKBY5QAmOzo+foElguxHY+VXPp/KqnC5CFZoR2iXyjmg1iLmzWs8y+ySF1Izs/gXu9CWIFRm5lHFCB2Ay14eZMyAHUCn8OK9NTQ==
Content-Type: multipart/alternative; boundary="_000_SJ0PR14MB5489FB0CF47FC5530C5CA48883579SJ0PR14MB5489namp_"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: SJ0PR14MB5489.namprd14.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: efc71048-dd60-43cc-285c-08daa226dc9a
X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Sep 2022 14:28:21.9581 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: 26wAPxPZQ5wTF8UO7yoqy05jV6tagMFvKIXN3P+IrO2ZCvOMs1sT6cnItQUT813lxi0IsF5bKTcvBJ5Krci5+6JfPX2PoolJxMont62wTHg=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL3PR14MB5580
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/lsR9cg64OqMlz52RPmpdBtea_cc>
Subject: Re: [lamps] Multiple drafts with PQ algorithm key encodings that are not compatible.
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Sep 2022 14:28:31 -0000
Are you referring to the option for partial vs full encoding for some of the private keys, or something else? -Tim From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley Sent: Thursday, September 29, 2022 10:12 AM To: LAMPS <spasm@ietf.org> Subject: Re: [lamps] Multiple drafts with PQ algorithm key encodings that are not compatible. Trimming the recipient list because the other messages needed moderation for "too many recipients" draft-uni-qsckeys-01 makes the argument that for the private keys, one size does not fit every use case. If there is consensus on this view, thenOPTIONAL fields or a CHOICE within the private key structure seems like a simple way forward. I was really hoping that the public key would _always_ be an OCTET STRING. No optional parts. Russ On Sep 28, 2022, at 2:33 PM, John Gray <John.Gray=40entrust.com@dmarc.ietf.org<mailto:John.Gray=40entrust.com@dmarc.ietf.org>> wrote: We are doing some interoperability testing with different vendors using the new Dilithium, Falcon and SPHINCS+ algorithms. We have come across at least two drafts which are trying to specify the ASN.1 encoding formats for these algorithms. However, the encoding formats are not compatible with each other. I imagine the authors of these drafts should get together and come up with a common format (I have copied them on this email). This means we must choose one or the other, or even worse, support multiple formats (which can lead to bugs). Initially I started more than a year ago using my own encoding format for internal prototyping, but now need to interoperate with others outside of our organization, so a common format is definitely needed at this point. 😊 We fully realize the OID values will be changing once official OIDs are registered, (changing those are trivial), but the ASN.1 formats of the public and private keys is kind of important as well… 😊 For example: The LAMPS group has a specification of Dilithium public keys in this draft: https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/ the public key format is this: The Dilithium public key MUST be encoded using the ASN.1 type DilithiumPublicKey: DilithiumPublicKey ::= OCTET STRING The private key format is this: DilithiumPrivateKey ::= SEQUENCE { rho BIT STRING, - nonce/seed K BIT STRING, - key/seed tr BIT STRING, - PRF bytes (CRH in spec.) s1 BIT STRING, - vector l s2 BIT STRING, - vector k t0 BIT STRING, - encoded vector PublicKey IMPLICIT DilithiumPublicKey OPTIONAL } In this draft: https://datatracker.ietf.org/doc/draft-uni-qsckeys/01/ Dilithium keys have this encoding: DilithiumPublicKey ::= SEQUENCE { rho OCTET STRING, t1 OCTET STRING } DilithiumPrivateKey ::= SEQUENCE { version INTEGER {v0(0)} -- version (round 3) nonce BIT STRING, -- rho key BIT STRING, -- key/seed/D tr BIT STRING, -- PRF bytes (CRH in spec) s1 BIT STRING, -- vector(L) s2 BIT STRING, -- vector(K) t0 BIT STRING, publicKey [0] IMPLICIT DilithiumPublicKey OPTIONAL -- see next section } The draft-uni-qsckeys does not cover SPHINCS+, it does cover Falcon, but I don’t know of another draft that specifies Falcon. There are also encodings for Kyber mentioned in two documents that I see. There is an early https://datatracker.ietf.org/doc/draft-ietf-lamps-kyber-certificates/ draft which mentions it is up to the document defining Kyber to give more details. In the draft-uni-qsckeys draft it is more specific. https://datatracker.ietf.org/doc/draft-uni-qsckeys/01/ KyberPrivateKey ::= SEQUENCE { version INTEGER {v0(0)} -- version (round 3) s OCTET STRING, -- sample s publicKey [0] IMPLICIT KyberPublicKey OPTIONAL, -- see next section hpk OCTET STRING -- H(pk) nonce OCTET STRING, -- z } Partial public key encoding: KyberPrivateKey ::= SEQUENCE { version INTEGER {v0(0)} -- version (round 3) s OCTET STRING, -- EMPTY publicKey [0] IMPLICIT KyberPublicKey OPTIONAL, -- see next section hpk OCTET STRING -- EMPTY nonce OCTET STRING, -- d } Full public key encoding: KyberPublicKey ::= SEQUENCE { t OCTET STRING, rho OCTET STRING } Is https://datatracker.ietf.org/doc/draft-uni-qsckeys/01/ meant to become the document that defines the key formats for all the PQ keys that will be standardized? If not, then it should probably just refer to whatever documents will define the formats so that we can at least agree on one common format for the PQ keys. Cheers, John Gray Entrust Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. _______________________________________________ Spasm mailing list Spasm@ietf.org<mailto:Spasm@ietf.org> https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Multiple drafts with PQ algorithm key enc… John Gray
- Re: [lamps] [EXTERNAL] [Pqc] Multiple drafts with… Mike Ounsworth
- Re: [lamps] [Pqc] Multiple drafts with PQ algorit… Massimo, Jake
- Re: [lamps] [Pqc] Multiple drafts with PQ algorit… Bas Westerbaan
- Re: [lamps] [EXTERNAL] Re: [Pqc] Multiple drafts … Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: [Pqc] Multiple drafts … Christine Cloostermans
- Re: [lamps] [EXTERNAL] Re: [Pqc] Multiple drafts … Mike Ounsworth
- Re: [lamps] Multiple drafts with PQ algorithm key… Russ Housley
- Re: [lamps] Multiple drafts with PQ algorithm key… Tim Hollebeek
- Re: [lamps] Multiple drafts with PQ algorithm key… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] Multiple drafts with PQ algorithm key… Russ Housley
- Re: [lamps] Multiple drafts with PQ algorithm key… Tim Hollebeek
- Re: [lamps] Multiple drafts with PQ algorithm key… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: [Pqc] Multiple drafts … Christine Cloostermans
- Re: [lamps] Multiple drafts with PQ algorithm key… Markku-Juhani O. Saarinen
- Re: [lamps] [EXTERNAL] Re: Multiple drafts with P… John Gray
- Re: [lamps] Multiple drafts with PQ algorithm key… Kampanakis, Panos
- Re: [lamps] Multiple drafts with PQ algorithm key… Mike Ounsworth
- Re: [lamps] Multiple drafts with PQ algorithm key… Kris Kwiatkowski
- Re: [lamps] [EXTERNAL] Re: Multiple drafts with P… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Multiple drafts with P… Tomas Gustavsson
- Re: [lamps] [Pqc] Multiple drafts with PQ algorit… Dieter Bratko