IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

Mike Ounsworth <Mike.Ounsworth@entrust.com> Wed, 15 February 2023 15:07 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4949AC152577 for <spasm@ietfa.amsl.com>; Wed, 15 Feb 2023 07:07:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.797
X-Spam-Level:
X-Spam-Status: No, score=-2.797 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id d6Uonar9AJOU for <spasm@ietfa.amsl.com>; Wed, 15 Feb 2023 07:07:26 -0800 (PST)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CA6DEC140692 for <spasm@ietf.org>; Wed, 15 Feb 2023 07:07:11 -0800 (PST)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.19/8.17.1.19) with ESMTP id 31F90kv9017663; Wed, 15 Feb 2023 09:07:05 -0600
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=znFz4mEbLyLMBDHud5LIQdB2BkHL3P0QE+v0ot/7pD4=; b=DiHa1Md4Scp2erGVEKIWnkA4JmKgGYK5kWklcq2Km4UK6gZQXtq9jBRp2ucgojxrwwjj YSxLa5hAkmB3m2TowYwZ7l2il2+XdoFYELHiEVOfWRzNTPoUKmpkMPckfFoTWMrUZDg7 wdjoUgbuWiuapoKLgt50bXUfb7F7LNjeiPkxbhi3uutAj0P22t3dlsAz9mN+82Qg6l55 UZQ31tdbwnA2IB2lGZqTwIqMBr2H2HbA3vSlCjZ6tpzCreTRpLnLU4XgMKy8qHT8CvHx beqMziwii2a+rv6ZXjrPoqu3DGP8FdDZldyfd5nozoMdCvb3M0/6FOFm1TJAV93/JJlx RA==
Received: from nam12-dm6-obe.outbound.protection.outlook.com (mail-dm6nam12lp2173.outbound.protection.outlook.com [104.47.59.173]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3np6vvegu4-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Wed, 15 Feb 2023 09:07:05 -0600
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=caCwxIqcbBoHstB1rFVD1CNiSbR3PMQIvgYY9CXf6wrjRQrgPow2WZQE4S9lvea+ShfMBpaZVvom9nSUS9PT8kHUb3YZispL1V1pZlLS9VDN/+Co60n8OHGH3jevyv6eumTxcHUKy8nygFRWYx8nBoXfsdQyFIV3Hz0H93zVDEGCLNKapVZehTSojeOvEo2MrPnx3RtCH+VE9Ybcawy/kSNfQYq25KmxhFMKm3Tqr/lm2oE+7cxkqrxofKW7wykc/27NqolvyyQPMav5f9YPPBjjFgnsCKkwDr0Idjk9hC3G0jAst58rvWiVsj7zRvimWakCoV86f9uQXDZXDxol1w==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=znFz4mEbLyLMBDHud5LIQdB2BkHL3P0QE+v0ot/7pD4=; b=DnN8o77Sv4fZ3Dsw3Crtyi+AeMfiJFN5OZcpPOj7hYiEQ+lIYMRCgSvAPTwLeBCm4Fq+Eyo5piZnPgYvLbdNWu3R0ufkvaYbVxxINZ2RBIOdWMLBx+sQMxQqKre83s/DacOGhxF73VLsWGYhyoS0qehwEVTHQ1XqrBUnrZquCbkz50fcW+Xgzi4NcLNGEkco2jvI+OLZ/0IAMH7EHpEoExb2++D2PTsqGP8gD2QOZ0j88I/90F1wEig01siPLdENyNdO27yqNnL1UrUIenzMIwCqD433LnG4hsDgK5JehtIezy+YV+jtm4EfH0YfCW4cDU154Kq/16OE33vk4j0b2w==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by SN7PR11MB6826.namprd11.prod.outlook.com (2603:10b6:806:2a1::13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6064.36; Wed, 15 Feb 2023 15:07:02 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::3000:a478:192a:3860%4]) with mapi id 15.20.6086.026; Wed, 15 Feb 2023 15:07:02 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>, Carl Wallace <carl@redhoundsoftware.com>
CC: LAMPS <spasm@ietf.org>, David Hook <dgh@cryptoworkshop.com>, John Gray <John.Gray@entrust.com>, Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com>
Thread-Topic: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt
Thread-Index: AQHZQJceWsFZZGGCt0G9Rm9ilUxc+K7Orb/AgAArZUCAARqCgIAAKA0AgAABFSA=
Date: Wed, 15 Feb 2023 15:07:01 +0000
Message-ID: <CH0PR11MB5739751971F079E4210F8CF79FA39@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <167605247376.27500.15893872363441408974@ietfa.amsl.com> <0C1190E4-A3D2-4502-ACA0-04C1173A4A1A@vigilsec.com> <CH0PR11MB57395C12457E3A0158587BC59FDD9@CH0PR11MB5739.namprd11.prod.outlook.com> <DDD4695E-9C6C-41FD-901B-89CF22494DE3@vigilsec.com> <CH0PR11MB57392A7F6AF05BD7FADE06C59FA29@CH0PR11MB5739.namprd11.prod.outlook.com> <CH0PR11MB57397D5CB5AAF387B45974459FA29@CH0PR11MB5739.namprd11.prod.outlook.com> <2955ECDB-7E35-43B5-A761-798A66048ABC@redhoundsoftware.com> <51E62AEA-AA10-457A-9FF9-207893DE0965@vigilsec.com>
In-Reply-To: <51E62AEA-AA10-457A-9FF9-207893DE0965@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|SN7PR11MB6826:EE_
x-ms-office365-filtering-correlation-id: a74167ef-a2d5-45bf-b937-08db0f664acf
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 6Av703bTCUR1DU3w7x9EEVfoCHjvWJMTjz7BfG21IvzxVBRQyae7WCi3UN1zQbPq1Q9jgvgWy9TJXDJWWN80dYm94sTzTgHqeu7ptb90eNyN21CxpswicYmMOcBhU9M6rkKwfnbJUoe+b4ulHJ2/tTQmHuwwv1WEywVJac32TlG7h17BED07IBaK0V6zQOb63MR1k2v7Ee4YiPB7XpB8Y4RHCnGL3GE6Wr9kqnHct9Rv5TffpLwLNsXn2VTfWsVv9+461gmuVzf95f/ganfgHGIBIYZE8eQG0XxYQ3zBUO8vYUU1XyWmlax4Eev0wv5cHI059cThAxs0dTgT+3A5UyUoOKPaT4j6LQQBwdGsy/+17zGEt4rU9JHSHITXPl28+KSG8zDLGF17ufUwhOofDpbnmD9vPOE2v77oVwFU6Pzh7akkkLQNLPkxeeVw+vtYYI5Ci3iVJ4j2IehYaGXv0pyBKWU3vwmTJZHdAX9iuzikuyBEgcN+MjZvdCeLKOqrMvIHmF385IKpWfM8E+abAkBMLC5pyW1f1eGyl4XhirMgUlF0QRDWvSZqHcWmylfrurO7lG1U8wrLKg9tvFPQ2frmSfA8OfxhvHaIRUXl5tx+QRvqZzTmcVfj2wkrI4/V0pePtBEkhiRneUofKgAbr0mGEbGQgCh7b1+5UibqkcUI2lBOgMWAGuImYEZZLkQBZyk0XULcvXSdhP0uQqr1Bb636LEB6JS00LC99g2kYIA=
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230025)(136003)(366004)(39860400002)(396003)(346002)(376002)(451199018)(26005)(30864003)(66574015)(71200400001)(7696005)(966005)(53546011)(478600001)(6506007)(5660300002)(83380400001)(55016003)(316002)(76116006)(186003)(122000001)(66446008)(4326008)(66476007)(64756008)(66946007)(9686003)(66556008)(8676002)(38070700005)(38100700002)(8936002)(15650500001)(110136005)(33656002)(52536014)(41300700001)(2906002)(54906003)(86362001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: DR+sYDyFTlakn/K7H8kttTppkVyjyobvOq4eq+tQWHBEh1vtqTSa3N5/6Hk9fNhr6I1DbUO7UYiPukm229KIBP4VSZogKVT7jzhfRAKUBLS8YKmYV0J1SnKSq4U5SH04c2NhA2WzE241FrTz3tJxSSDbpIDQAmry001QJW9bjtbTVKhhpG8CXZonrp9oxrP6tErvYS+DXajmjmDfjgjrHcT6D46mzGrU9qvQV51LMMxD1YjUj+Rn9mGJya7xmQgaRDWyhcv0P5tGIgADbxpUkptd9HXY/vjZcY8MP0bh+3yB3Qnt/fy5y1DRlHGz62iLgFzN+SQM7Szy9UGLbCqRG2zEjNltNmImsLV9mAz8VScFkbgGTfpfFkpbGpzELN0C43Rzqkfe53REB1jHovHFqUTuZl8lz/E55EnOO5ioMKpX7WE9zs0D8KJmsHjvIJyA8tqR1efOqAsHUKW3fwmgTl9ARRGnHGbSr+uQHmoRhjfyrPb2qbX8duC2sBvFiSBb/do80fQbtTgQEfNXG09Z+8TeBbljXOupYPXbkOba227QurPaAKegPiTYZX1uC1D0b+KiDcSvQ6TvfpyIWlcEChQu4uS5ys2ikDS9znVeNFoQroG75ctjom6mUdxBBULmhHhH2P7aZIgy8KON9q+UCJkGP/pgRGUXBGPFVe4GAMuPfUbAZmCGJWBfm28bfEjOJcgMGm90rTIIh440xGMUHjVJgAh85YVhtMLtTO7muiILASC0lrp7Zn4u4kdu+wonYoDTUcdYGay2OAFt2dBGzWD5DzJHllz6+q/tljzH9gw7F8rIAKKcDC9sA9HYJWr4IfM9S5x+kEwhgR8wK23GhoZpsgImwGlDkvxSIm95YTJBKTeAcE4EagFp0YmLI/U9uDFnr26PtPcKB2z3s9Sq+iSxmLMB4lHh7PbbJRtcK1ioASPbJFlNyYLMx8rzWiaNzy6m3NW9xGfLPLxpBSX/EzhTjWvLq40AWFnv92FGBbwGHxSqk7UUi50oTFfg9hp6cIaYuU38DfLFazPYzp21mcYJegodZIWTbq5q+tqaxb2DgNADrtXNXs7Sv/OPHkzP3IbBVPJiDRHW5ptdLywO3zHBBJCe8XD0sqkPv23Ltb96G7iirv1AaeaVAIdFFPisv53aeul+xaXBsXkENCgZO6i11FJCz5bJVBx4hpHX9znX6bDKwOoHsBPvy8dfUkxcf1VxUyI/dc8Vf3x90zZvXv6ldIEOL097Pl+9E83UVQw+4i5/kumTrEvdlaByGzXqyNvKa6oga1jYae9NB1CrDzT1ZDxLpj6rtabAeFohtNVqGOlh5NgEC2mCrQiV7nqPXQbOu0H6rihCsj0aqDTaQGUTmm9msP9W33xFao+c1zr9pxkDLSjMDw8pTirT5qOLr9sN8c96cbr6uUcRx8KZXCQkwEpTWI8PHCK4+RYx6MobZaTuOnydpJF35Q0/+YSk9lpClx1pgYvpCpksy+DWfM1oD7JnypzJG6+9sKU3yMFgFZcT0BqXLFPAZk+HqHZBYFjMA3eSYB3cNztoiaMWV2XrpI0q85JKEyVdm1A2a1H1MgdT0k+nX1ExCJ886ajQ
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: a74167ef-a2d5-45bf-b937-08db0f664acf
X-MS-Exchange-CrossTenant-originalarrivaltime: 15 Feb 2023 15:07:01.8640 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: WmvjNfOy5bmWR0e67rzkHG1sO3LDolR24e6GpcfZ+wgVryU0U7tvBwFJHcwuMAZ8ew/+hJ4+1bJGoxdLiAjQceDCWNqOayFDVyFLqehONvc=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: SN7PR11MB6826
X-Proofpoint-ORIG-GUID: pWUehfhtK21J4HTISVfC85lMq3zl6t_T
X-Proofpoint-GUID: pWUehfhtK21J4HTISVfC85lMq3zl6t_T
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.219,Aquarius:18.0.930,Hydra:6.0.562,FMLib:17.11.170.22 definitions=2023-02-15_06,2023-02-15_01,2023-02-09_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 clxscore=1011 suspectscore=0 priorityscore=1501 mlxlogscore=999 adultscore=0 malwarescore=0 impostorscore=0 spamscore=0 phishscore=0 bulkscore=0 lowpriorityscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2212070000 definitions=main-2302150136
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/mkJrNH3E36HZUDAm1dGKxQg6kCA>
Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 15 Feb 2023 15:07:30 -0000

Perfect!

---
Mike Ounsworth

-----Original Message-----
From: Russ Housley <housley@vigilsec.com> 
Sent: Wednesday, February 15, 2023 9:02 AM
To: Carl Wallace <carl@redhoundsoftware.com>; Mike Ounsworth <Mike.Ounsworth@entrust.com>
Cc: LAMPS <spasm@ietf.org>; David Hook <dgh@cryptoworkshop.com>; John Gray <John.Gray@entrust.com>; Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com>
Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-housley-lamps-cms-kemri-01.txt

I think this is what you guys are proposing:

  --  KEM-ALGORITHM
  --
  --  Describes the basic properties of a KEM algorithm
  --
  -- Suggested prefixes for KEM algorithm objects is: kema-
  --
  --  &id - contains the OID identifying the KEM algorithm
  --  &Value - if present, contains a type definition for the kemct;
  --               if absent, implies that no ASN.1 encoding is
  --               performed on the kemct value
  --  &Params - if present, contains the type for the algorithm
  --               parameters; if absent, implies no parameters
  --  &paramPresence - parameter presence requirement
  --  &PublicKeySet - specifies which public keys are used with
  --               this algorithm
  --  &Ukm - if absent, type for user keying material
  --  &ukmPresence - specifies the requirements to define the UKM field
  --  &smimeCaps - contains the object describing how the S/MIME
  --               capabilities are presented.

  KEM-ALGORITHM ::= CLASS {
    &id             OBJECT IDENTIFIER UNIQUE,
    &Value          OPTIONAL,
    &Params         OPTIONAL,
    &paramPresence  ParamOptions DEFAULT absent,
    &PublicKeySet   PUBLIC-KEY OPTIONAL,
    &Ukm            OPTIONAL,
    &ukmPresence    ParamOptions DEFAULT absent,
    &smimeCaps      SMIME-CAPS OPTIONAL
  } WITH SYNTAX {
    IDENTIFIER &id
    [VALUE &Value]
    [PARAMS [TYPE &Params] ARE &paramPresence]
    [PUBLIC-KEYS &PublicKeySet]
    [UKM [TYPE &Ukm] ARE &ukmPresence]
    [SMIME-CAPS &smimeCaps]
  }

Russ

> On Feb 15, 2023, at 7:38 AM, Carl Wallace <carl@redhoundsoftware.com> wrote:
> 
> Adding a Value field to the object class makes sense to me. As another example, RFC5912 includes a Value field in the SIGNATURE-ALGORITHM definition. The Value field is omitted for RSA instantiations but populated for DSA. This case is similar.
> 
> On 2/14/23, 2:55 PM, "Spasm on behalf of Mike Ounsworth" <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> on behalf of Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:40entrust.com@dmarc.ietf.org>> wrote:
> 
> 
> 2a)
> 
> 
> Here's what I believe is an equivalent example from existing RFCs
> 
> 
> RFC 5280
> 
> 
> SubjectPublicKeyInfo ::= SEQUENCE {
> algorithm AlgorithmIdentifier,
> subjectPublicKey BIT STRING }
> 
> 
> Ok, fine, so the sPK will be a BIT STRING on the wire,
> 
> 
> But RFC 5912 gives this information class:
> 
> 
> PUBLIC-KEY ::= CLASS {
> &id OBJECT IDENTIFIER UNIQUE,
> &KeyValue OPTIONAL,
> &Params OPTIONAL,
> &paramPresence ParamOptions DEFAULT absent, &keyUsage KeyUsage 
> OPTIONAL, &PrivateKey OPTIONAL
> 
> 
> with this example instantiation:
> 
> 
> -- pk-rsa-pss PUBLIC-KEY ::= {
> -- IDENTIFIER id-RSASSA-PSS
> -- KEY RSAPublicKey
> -- PARAMS TYPE RSASSA-PSS-params ARE optional
> -- CERT-KEY-USAGE { .... }
> -- }
> 
> 
> so if you happen to know that the `subjectPublicKey BIT STRING` will actually be a RSAPublicKey, then you can give that hint to the compiler via PUBLIC-KEY.KEY.
> 
> 
> 
> 
> I think the same should be true of the KEM-ALGORITHM; the kemct *IS* a BIT STRING, but if you happen to know what its internal structure is for a given instantiation, then you should be able to give that hint to the complier via the KEM-ALGORITHM class. I'm only 80% confident about this ASN.1-foo, so maybe I'm misunderstanding something?
> 
> 
> ---
> Mike Ounsworth
> 
> 
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> 
> On Behalf Of Mike Ounsworth
> Sent: Tuesday, February 14, 2023 11:16 AM
> To: Russ Housley <housley@vigilsec.com <mailto:housley@vigilsec.com>>
> Cc: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>; David Hook 
> <dgh@cryptoworkshop.com <mailto:dgh@cryptoworkshop.com>>; John Gray 
> <John.Gray@entrust.com <mailto:John.Gray@entrust.com>>; Tomofumi Okubo 
> <tomofumi.okubo+ietf@gmail.com <mailto:tomofumi.okubo+ietf@gmail.com>>
> Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for 
> draft-housley-lamps-cms-kemri-01.txt
> 
> 
> 1) Good.
> 2) Good.
> 
> 
> 2a) Not a necessarily a problem, but maybe an opportunity to use the information object class to give the ASN.1 parser more info about the structure that it can expect to find in the KEM value field? Like if we're defining a kema and we know that the kemct value will be the BIT STRING representation of a structured ASN.1 object, you'd think you could express that in the information object?
> 
> 
> ---
> Mike Ounsworth
> 
> 
> -----Original Message-----
> From: Russ Housley <housley@vigilsec.com 
> <mailto:housley@vigilsec.com>>
> Sent: Tuesday, February 14, 2023 11:09 AM
> To: Mike Ounsworth <Mike.Ounsworth@entrust.com 
> <mailto:Mike.Ounsworth@entrust.com>>
> Cc: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>; David Hook 
> <dgh@cryptoworkshop.com <mailto:dgh@cryptoworkshop.com>>; John Gray 
> <John.Gray@entrust.com <mailto:John.Gray@entrust.com>>; Tomofumi Okubo 
> <tomofumi.okubo+ietf@gmail.com <mailto:tomofumi.okubo+ietf@gmail.com>>
> Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for 
> draft-housley-lamps-cms-kemri-01.txt
> 
> 
> Mike:
> 
> 
> 1) I chatted with David Hook, and asked him to review the I-D. He did. He was more happy with "kemct" than "ciphertext". It would be good to hear from others on this topic.
> 
> 
> 2a) Yes, I think that kema- is the right prefix.
> 
> 
> 2b) I do not see how this is different than putting RSAPublicKey into the SubjectPublicKey BIT STRING. Please explain.
> 
> 
> Russ
> 
> 
> 
> 
>> On Feb 13, 2023, at 11:53 AM, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org <mailto:40entrust.com@dmarc.ietf.org>> wrote:
>> 
>> I support adoption.
>> 
>> 
>> Technical feedback:
>> 
>> 1) 'kemct' vs 'kemenc'
>> 
>> I know this is "just terminology", but @David Hook (BouncyCastle) made the point during our last hackathon that he's runt into real-world issues with people who insist on using a KEM ciphertext as a drop-in for an RSA ciphertext, so changing the language to "encapsulated value (enc)" would help.
>> 
>> I notice that "kemenc" would be in line with HPKE RFC 9810:
>> 
>>> def Encap(pkR):
>>> return shared_secret, enc
>> 
>>> def Decap(enc, skR):
>> 
>> 
>> 2) ASN.1 naming convention for KEM-ALGORITHMs?
>> 
>> For example in the Composite-KEM draft, we're gonna need to instantiate your KEM-ALGORITHM, for example:
>> 
>> kema-CompositeKEM KEM-ALGORITHM ::= { IDENTIFIER id-alg-composite-kem 
>> VALUE CompositeCiphertextValue PARAMS composite-kem-params 
>> PUBLIC-KEYS { pk-Composite } SMIME-CAPS { IDENTIFIED BY 
>> id-alg-composite } } }
>> 
>> 
>> Is "kema-" an appropriate prefix?
>> 
>> 2b) looking at my KEM-ALGORITHM vs yours; do you need a VALUE to indicate the type of the encapsulated value? In general it may not always be a BIT STRING as some may have ASN.1 structure (as in the case of composite).
>> ---
>> Mike Ounsworth
>> 
>> -----Original Message-----
>> From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org>> 
>> On Behalf Of Russ Housley
>> Sent: Friday, February 10, 2023 12:12 PM
>> To: LAMPS <spasm@ietf.org <mailto:spasm@ietf.org>>
>> Cc: John Gray <John.Gray@entrust.com <mailto:John.Gray@entrust.com>>; 
>> Tomofumi Okubo <tomofumi.okubo+ietf@gmail.com 
>> <mailto:tomofumi.okubo+ietf@gmail.com>>
>> Subject: [EXTERNAL] Re: [lamps] New Version Notification for 
>> draft-housley-lamps-cms-kemri-01.txt
>> 
>> WARNING: This email originated outside of Entrust.
>> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.
>> 
>> _____________________________________________________________________
>> _ The biggest change is in the ASN.1 module. Many other documents 
>> will need to IMPORT the KEM-ALGORITHM CLASS, so we put it in a separate module. Since we were making edits, we also fixed the things that were reported during the call for adoption, including one comment that was recieved in private email.
>> 
>> For the authors,
>> Russ
>> 
>> 
>>> On Feb 10, 2023, at 1:07 PM, internet-drafts@ietf.org <mailto:internet-drafts@ietf.org> wrote:
>>> 
>>> 
>>> A new version of I-D, draft-housley-lamps-cms-kemri-01.txt
>>> has been successfully submitted by Russ Housley and posted to the 
>>> IETF repository.
>>> 
>>> Name: draft-housley-lamps-cms-kemri
>>> Revision: 01
>>> Title: Using Key Encapsulation Mechanism (KEM) Algorithms in the 
>>> Cryptographic Message Syntax (CMS) Document date: 2023-02-10
>>> Group: Individual Submission
>>> Pages: 16
>>> URL: 
>>> https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ho
>>> usley-lamps-cms-kemri-01.txt__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Ya
>>> yXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV4LQIm
>>> BN$ 
>>> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-h
>>> ousley-lamps-cms-kemri-01.txt__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Y
>>> ayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV4LQI
>>> mBN$>
>>> Status: 
>>> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-h
>>> ousley-lamps-cms-kemri/__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJT
>>> AhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV3ltVJj5$ 
>>> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-
>>> housley-lamps-cms-kemri/__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJ
>>> TAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV3ltVJj5$>
>>> Html: 
>>> https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-ho
>>> usley-lamps-cms-kemri-01.html__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Y
>>> ayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkVxo37
>>> jj9$ 
>>> <https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-h
>>> ousley-lamps-cms-kemri-01.html__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6
>>> YayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkVxo3
>>> 7jj9$>
>>> Htmlized: 
>>> https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/dr
>>> aft-housley-lamps-cms-kemri__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Yay
>>> XGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-zTEby
>>> f$ 
>>> <https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/d
>>> raft-housley-lamps-cms-kemri__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6Ya
>>> yXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-zTEb
>>> yf$>
>>> Diff: 
>>> https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?url
>>> 2=draft-housley-lamps-cms-kemri-01__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBd
>>> xvC6YayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkk
>>> V86eScLM$ 
>>> <https://urldefense.com/v3/__https://author-tools.ietf.org/iddiff?ur
>>> l2=draft-housley-lamps-cms-kemri-01__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbB
>>> dxvC6YayXGJTAhpNavKSgHUYOIQzsQ1wkChsUTEy4vdv34qVFPnoNMGPMJkuiGzGm_nk
>>> kV86eScLM$>
>>> 
>>> Abstract:
>>> The Cryptographic Message Syntax (CMS) supports key transport and 
>>> key agreement algorithms. In recent years, cryptographers have been 
>>> specifying Key Encapsulation Mechanism (KEM) algorithms, including 
>>> quantum-secure KEM algorithms. This document defines conventions for 
>>> the use of KEM algorithms by the originator and recipients to 
>>> encrypt CMS content.
>>> 
>>> 
>>> 
>>> 
>>> The IETF Secretariat
>>> 
>>> 
>> 
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org <mailto:Spasm@ietf.org> 
>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa
>> s 
>> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/sp
>> as> 
>> m__;!!FJ-Y8qCqXTj2!Z6xOlleSK2awHbBdxvC6YayXGJTAhpNavKSgHUYOIQzsQ1wkCh
>> s UTEy4vdv34qVFPnoNMGPMJkuiGzGm_nkkV-_K9bBa$
>> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.
>> 
>> _______________________________________________
>> Spasm mailing list
>> Spasm@ietf.org <mailto:Spasm@ietf.org> 
>> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa
>> s 
>> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/sp
>> as> 
>> m__;!!FJ-Y8qCqXTj2!czYUmWLEiQK9pa6Hm9U26Zo94lTEIDdU20UgwdNTwwLbBoFC4h
>> fM1QOX-yonT6eP8VriKkQf_Dg6P03mRfyjvQ$
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org> 
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas
> m__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcSO
> 4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$ 
> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa
> sm__;!!FJ-Y8qCqXTj2!YpDreN_498TwUoqONiJNtyXMSQladp-yV8pjOlJ5EA96NeBxcS
> O4IXyfRQu-H4AhEi_SIk84_1N2uJE2WODO-OHEEfEJoZHtawLA2c1IOw$>
> 
> 
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org <mailto:Spasm@ietf.org> 
> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas
> m__;!!FJ-Y8qCqXTj2!dM_qftfQ7LRczIQdn8r7nC8d3R_PXK5aw-SNjOFF2Zgk3bRBM42
> ryQbamutmc_mqJeiaB226OdgG1v_vuXUeWg$  
> <https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa
> sm__;!!FJ-Y8qCqXTj2!dM_qftfQ7LRczIQdn8r7nC8d3R_PXK5aw-SNjOFF2Zgk3bRBM4
> 2ryQbamutmc_mqJeiaB226OdgG1v_vuXUeWg$ >
> 
> 
> 
>

v2.23.0 | Report a Bug | By Email