Re: [lamps] Double signatures
Tim Hollebeek <tim.hollebeek@digicert.com> Tue, 11 September 2018 14:38 UTC
Return-Path: <tim.hollebeek@digicert.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 31AFE130DDB for <spasm@ietfa.amsl.com>; Tue, 11 Sep 2018 07:38:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.01
X-Spam-Level:
X-Spam-Status: No, score=-2.01 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, T_DKIMWL_WL_HIGH=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id v10o-E6_5dsr for <spasm@ietfa.amsl.com>; Tue, 11 Sep 2018 07:38:28 -0700 (PDT)
Received: from mail1.bemta24.messagelabs.com (mail1.bemta24.messagelabs.com [67.219.250.115]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0687C1292AD for <spasm@ietf.org>; Tue, 11 Sep 2018 07:38:27 -0700 (PDT)
Received: from [67.219.250.196] (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256 bits)) by server-4.bemta.az-b.us-west-2.aws.symcld.net id 55/48-28473-263D79B5; Tue, 11 Sep 2018 14:38:26 +0000
X-Brightmail-Tracker: H4sIAAAAAAAAA1WTf0wTZxjHee+u19PReZa6Pnawac3UdV5DK5I mW+L+cam/0H8VzDzoSZu1hfTKqPqHMOem1m1YWsESZolEAqmKRN1wMLeWYGSLWyHDZUEigtlA QQkxxA1/3N1bnP5xbz7P831+vnmPIbUtagMjBPyCz8u7jfRC6s9ll7QcP1BXmPvostUWCs4gW 7LpO8L27WCJ7fzNWtWHlL0vZbB3Rm+p7c3Njwl78vgUsZ3aqXJ5i8sCu1XOI/Wry1NPUSBedw ZVoblxdBQtZCj2GAldPZOKoWVrCDiUbKKxcRvB/dZpyVjA0GwuDHZfI2RBx7YguNt9VBGy2JX Q1ZBUy6xjV0FjU4zGXAijtQ1IZop9B+oaPlP8GnYXdB48ROAOX5IQCg5RsrCAtcGRuWGlEGLf gNm+OCEzyerhr7FTCgOrg5HULzTmJTA++lSF44ugcSaR9r8FVeMdFOYc6D8VVHYD9qoahv9tT wdx8DASITFvhQt97SQO6kdQNVmPsGCCJw/+SbMbTiZi6nnu+rlHNd+t7asRCidfIuHclf/SQj ZUH/8+3TpCQ/toTGmnZR0QbkvQWKghoXfiD3UNMkVf2hVzDMHhmbyocmmL4frJMQr7d8KJ0/d VmE0QOTuR9r8HZ5rukVHESPwu9A4YX3WrJf4ALjqwdzmEgyNqzPnwxY1pOoZea0O2Yp+r1On3 8C43Z8nN5SwWK2dZK31568z8Pq7YXCFylYLo56xmvlI0i3s9JW6H2Sv4O5D0RB3ln0srT7WUJ tBShjAu0TT/Wleofb24zLHXyYvOj30VbkFMoGyGMYLmSUrSFvuEUiGwx+WW3vm8DEymUacZk2 WNWM57RFcplvrQemaqNRQimZ7hsHT+rpxzDyIhUkt5y7yCQa+5K6excpqzwvui6Pz/049yDFk alJGRoc0sF3wel/9VfQLpGWTM0qzpl6pkurz+F70npLEIaaxzv4Xlsfz8/5KhCvXO5ng6w58+ O6a17nckl/7o3Rw+gc7n3dozvIL+u/pAfcmOwE8qPju4aJc1Xvnwwo3rQ9Y7BRuJLTXVBwcyu E+67xXUFuZnvt9hnF0+mL1Jl+qIfzO5rZFeX3tRv4HZ+vabvqGij3Sn1+nHFum/XjHXGjUVOT uD0fjuH6ZR/gZ7Qb2REp28xUT6RP45q9ioeToEAAA=
X-Env-Sender: tim.hollebeek@digicert.com
X-Msg-Ref: server-14.tower-344.messagelabs.com!1536676704!4618063!1
X-Originating-IP: [216.32.181.18]
X-SYMC-ESS-Client-Auth: mailfrom-relay-check=pass
X-StarScan-Received:
X-StarScan-Version: 9.9.15; banners=-,-,-
X-VirusChecked: Checked
Received: (qmail 30164 invoked from network); 11 Sep 2018 14:38:25 -0000
Received: from mail-co1nam03lp0018.outbound.protection.outlook.com (HELO NAM03-CO1-obe.outbound.protection.outlook.com) (216.32.181.18) by server-14.tower-344.messagelabs.com with AES256-SHA256 encrypted SMTP; 11 Sep 2018 14:38:25 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=mJtPgBAf+H7wJ5xhomhJJqMaEkrmETf8j3BP/N34r34=; b=e+NF4BqVLLym7ebbpQXhDOXXZCMkF7QEYtrnL0m+SIp7RtUSBz2ujOvjv4glbeXD37jjxtP23fx3qUx1UclFXVXh5t5zx2BJhZK+hUu7FZ4bRua+kZa/RWbPXeJbXOXuitL9YaUeXnqvL1UUj0Ivyn2YqRKoo3Id2gmDeJGNSmQ=
Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1588.namprd14.prod.outlook.com (10.172.149.23) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1122.17; Tue, 11 Sep 2018 14:38:22 +0000
Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::b48d:a35d:7a5e:abf9%11]) with mapi id 15.20.1122.020; Tue, 11 Sep 2018 14:38:22 +0000
From: Tim Hollebeek <tim.hollebeek@digicert.com>
To: Santosh Chokhani <santosh.chokhani@gmail.com>, 'Erik Andersen' <era@x500.eu>, 'SPASM' <spasm@ietf.org>, "x500standard@freelists.org" <x500standard@freelists.org>
Thread-Topic: [lamps] Double signatures
Thread-Index: AdRJE8Ft784CpTSnSY6kx9oi8PdHNwACpPmAAAKWXAAAAGJ/gAAdEOUAAA5DsMAAAQ7lAAAACX/A
Date: Tue, 11 Sep 2018 14:38:22 +0000
Message-ID: <BN6PR14MB1106DBDE49673AED8E6C937383040@BN6PR14MB1106.namprd14.prod.outlook.com>
References: <005a01d44916$7c9cb560$75d62020$@x500.eu> <CAErg=HHhU9H-Ng8sUtXu2S+F0fr2tLOX6=8UR77gz0YLqtGyaA@mail.gmail.com> <004a01d44928$b1500d40$13f027c0$@augustcellars.com> <04ce01d4492a$39400ce0$abc026a0$@gmail.com> <003601d4499e$7c8be3b0$75a3ab10$@x500.eu> <BN6PR14MB110623B94ED97509FAE9F71283040@BN6PR14MB1106.namprd14.prod.outlook.com> <087c01d449db$c78e6350$56ab29f0$@gmail.com>
In-Reply-To: <087c01d449db$c78e6350$56ab29f0$@gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
x-originating-ip: [8.46.76.26]
x-ms-publictraffictype: Email
x-microsoft-exchange-diagnostics: 1; BN6PR14MB1588; 6:OJbK+tO53u2S7yv4Lm3GEBA7Nw9VYSFXN9eOK9vwwhQ9ZDdi9Gw7RvOezeYIjcMVjNih3M+VXOAFtP2XVF1o4gH5XquoPxzYDCYNDJp4JdSs0eOJ2WvMl+bYphHfCwedfo4vXccMKyYO83+Z41C6VaECztbV6V89ytFJp2H2GXl4Ai3AHcvQJ92rH2xLrDzkA7p+1kWbhXJqLdrdkr4WEmh/rJwnPbQWCK4XHghTJEYQH4T5oDwvOxfzQfzfL/1TzHTl6zZ4NKoIohjMSJUABOrz7kW7nvXlQtGVkiBpRbj8B9qmJCoOxa+QZf7FdAzfwvdREdSzZ0fH1Nu7uG/JGRKOrT0pGjIwKw3UsANNdUIJWYJo1scuQXriLDHUtmOmxhfnHyxhOIAh2owQA5+oOPNG0GsguSorOA71cWyS4r27CH3l3VmFQFSVEm1Q23yjdi2PjM2Qn8/4mhg5Hr/6Hw==; 5:Tgw3NCZHhAWpOKCT7KBWjMy5F+CHoBEwaeJlLnRcSYX+iNLR568wM2GcEJDNZZGfRnLpp2Vhls7nSOANv6SIGgzhaegxjIqJveJ4a6HUCtUR05+96MTOndjg3jRFDc92nTnNcnNaqcZrnwfRVCGtZXuTql4CwoxEhHzK7Eocv8E=; 7:jkFI4zr1oRXKBZfCUAa1HBgTfuqkv00sil0S5wVaLkyZGBkD5xJLX/9gB/HTImv0KIVh5rgw98IpBLLlyb7NPcE/zLpi9TpvsBMg5IgxWpPXIc9ni8LNTrQWdpFPCuHMQvLXt46Nd1KY1buxPGqWQqEUnwhtHSfeMYT0s26TUxdPdUyCQtGXUBL2STq13e2hCV898ETfP63a562QnfWzCMrcmxoL0eaOWvoRHZjbC7ha0lQytSIIVyBgbyUzTu92
x-ms-exchange-antispam-srfa-diagnostics: SOS;
x-ms-office365-filtering-correlation-id: 786b2d2e-7f5c-41ac-24c3-08d617f43978
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(7020095)(4652040)(8989137)(4534165)(4627221)(201703031133081)(201702281549075)(8990107)(5600074)(711020)(2017052603328)(7153060)(49563074)(7193020); SRVR:BN6PR14MB1588;
x-ms-traffictypediagnostic: BN6PR14MB1588:
x-microsoft-antispam-prvs: <BN6PR14MB1588265C16279A35C7101E6F83040@BN6PR14MB1588.namprd14.prod.outlook.com>
x-exchange-antispam-report-test: UriScan:(28532068793085)(120809045254105)(85827821059158)(21748063052155);
x-ms-exchange-senderadcheck: 1
x-exchange-antispam-report-cfa-test: BCL:0; PCL:0; RULEID:(102415395)(6040522)(2401047)(5005006)(8121501046)(93006095)(93001095)(3231311)(944501410)(52105095)(10201501046)(3002001)(149027)(150027)(6041310)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(20161123558120)(201708071742011)(7699050); SRVR:BN6PR14MB1588; BCL:0; PCL:0; RULEID:; SRVR:BN6PR14MB1588;
x-forefront-prvs: 0792DBEAD0
x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(366004)(136003)(376002)(396003)(346002)(39860400002)(199004)(189003)(39060400002)(446003)(81166006)(14454004)(81156014)(26005)(8676002)(93886005)(5250100002)(2501003)(25786009)(11346002)(8936002)(478600001)(476003)(7736002)(256004)(68736007)(3846002)(790700001)(966005)(6116002)(606006)(102836004)(6506007)(53546011)(2900100001)(9686003)(6306002)(86362001)(186003)(66066001)(53936002)(229853002)(6246003)(5660300001)(44832011)(97736004)(7696005)(6436002)(76176011)(236005)(54896002)(33656002)(486006)(561944003)(2906002)(316002)(105586002)(74316002)(106356001)(110136005)(99936001)(99286004)(55016002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1588; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1;
received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts)
x-microsoft-antispam-message-info: rs0aCauBSPCzjuczxex1T56hto7hDQ1BWvU5MmHFuEIUXA/ZnI+PQvM12S6YgFG20v7I/w3fWvU/jTkg65YU+BJ7JUedcC3DqJkkZnmtySt2HcCxVenciwV2Et92E7sK0Tx4PcjXh9fpNdZCTOE3UIQQQd2SjIWfpIjEVzCquHP+I2b3M2AcWrHxAYgebRqeWwHngwHTwE3JQjCKHSHUElaC2BGLQiw3hyzxduLkVQ687wbi4ET3mSBKE4qB4zucqr6r5kKNBq//dgMVjQ10e6o+R3K4UUgYdrPJ3JA3Yz364nCwbnIuaoZAylKNnhFH/Rk5x+RvzaUD+bTVOsXVGZS2yFRzASqbu6ANccA4ZTs=
spamdiagnosticoutput: 1:99
spamdiagnosticmetadata: NSPM
Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg="2.16.840.1.101.3.4.2.1"; boundary="----=_NextPart_000_03CE_01D449BB.7FB83E40"
MIME-Version: 1.0
X-OriginatorOrg: digicert.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 786b2d2e-7f5c-41ac-24c3-08d617f43978
X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Sep 2018 14:38:22.1256 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1588
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/7zdiLjDY5_mJsWc3i4ILpMwTAaY>
Subject: Re: [lamps] Double signatures
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 11 Sep 2018 14:38:34 -0000
Unfortunately, “not every combination needs to be covered” introduces a lot of politics around choosing which combinations “need to be covered”, a subject on which inevitably not everyone agrees. I would rather avoid all those discussions and the unnecessary work they represent. I personally don’t think a single AlgID which implies a SEQUENCE of ALG IDs is an improvement over a SEQUENCE of ALG IDs, or its moral equivalent. For simple hybrid use cases, there is also a lot of value in having the classical algorithm ID being the same as it usually is, to allow easier interoperability with older systems that don’t understand the newer algorithms (and can blissfully ignore them). -Tim From: Santosh Chokhani <santosh.chokhani@gmail.com> Sent: Tuesday, September 11, 2018 10:29 AM To: Tim Hollebeek <tim.hollebeek@digicert.com>; 'Erik Andersen' <era@x500.eu>; 'SPASM' <spasm@ietf.org>; x500standard@freelists.org Subject: RE: [lamps] Double signatures Thanks Tim. There are ways to accommodate your concern. One way to handle this is defining a single Alg ID A which implies a SEQUENCE of ALG IDs and define the relying party rules in terms of its ability to process one or all ALG IDs. Another way to do this is not every combination needs to be covered and the user community defines its own Alg ID Xi which maps to a SEQUENCE of ALG IDs. From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Tim Hollebeek Sent: Tuesday, September 11, 2018 10:03 AM To: Erik Andersen <era@x500.eu <mailto:era@x500.eu> >; 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> Subject: Re: [lamps] Double signatures Doesn’t the combinatoric explosion render this completely impractical? You need N_c x N_pq algorithm identifiers just to handle the simple hybrid use case where a single classical algorithm is being used in conjunction with a single post-quantum algorithm. And there are people who want to use multiple post-quantum algorithms to hedge against potential yet to be discovered weaknesses in post-quantum algorithms. I’m not really looking forward to trying to allocate or manage O(N_c x N_pq^3) algorithm identifiers… -Tim From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Erik Andersen Sent: Tuesday, September 11, 2018 3:10 AM To: 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> Subject: Re: [lamps] Double signatures Hi Santosh, You have proposed something like this before. It still puzzling in my brain. As I understand, it requires that we define a particular algorithm that has a parameter that includes the things you suggest. It is worthy to be analysed. Erik Fra: Spasm [mailto:spasm-bounces@ietf.org] På vegne af Santosh Chokhani Sendt: 10 September 2018 19:18 Til: 'Jim Schaad' <ietf@augustcellars.com <mailto:ietf@augustcellars.com> >; 'Ryan Sleevi' <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com> >; era@x500.eu <mailto:era@x500.eu> Cc: 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> Emne: Re: [lamps] Double signatures Why not let algorithm identifier dictate the number of signatures and their syntax? From: Spasm [mailto:spasm-bounces@ietf.org] On Behalf Of Jim Schaad Sent: Monday, September 10, 2018 1:07 PM To: 'Ryan Sleevi' <ryan-ietf@sleevi.com <mailto:ryan-ietf@sleevi.com> >; era@x500.eu <mailto:era@x500.eu> Cc: 'SPASM' <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> Subject: Re: [lamps] Double signatures Ryan, The discussion in London dealt with a completely different proposal than this one. While I think there are problems with this that need to be dealt with they are mostly not the same set. Erik, Why is this considered to be a preferred solution to defining a new signature algorithm which contains as the parameter the sequence of algorithm identifiers and as the signature value a sequence of signature values. The problem with just defining the extension to SIGNED is that one needs to make sure that the set of signature algorithms and parameters are also part of the data to be signed and I am not seeing that highlighted here. Jim From: Spasm <spasm-bounces@ietf.org <mailto:spasm-bounces@ietf.org> > On Behalf Of Ryan Sleevi Sent: Monday, September 10, 2018 8:53 AM To: era@x500.eu <mailto:era@x500.eu> Cc: SPASM <spasm@ietf.org <mailto:spasm@ietf.org> >; x500standard@freelists.org <mailto:x500standard@freelists.org> Subject: Re: [lamps] Double signatures On Mon, Sep 10, 2018 at 10:56 AM Erik Andersen <era@x500.eu <mailto:era@x500.eu> > wrote: Hi Folk, In ITU-T we have plans to allow for double signatures using the SIGNED parametrized data type defined in X.509 to cope with situation as described in the internet draft: “Multiple Public-Key Algorithm X.509 Certificates (draft-truskovsky-lamps-pq-hybrid-x509-01)” We suggest to enhance the SIGNED data type as shown below: SIGNED{ToBeSigned} ::= SEQUENCE { COMPONENTS OF SIGNATURE, ....., altAlgorithmIdentifier AlgorithmIdentifier{{SupportedAlgorithms}} OPTIONAL, altSignature BIT STRING OPTIONAL } (WITH COMPONENTS {..., altAlgorithmIdentifier PRESENT, altSignature PRESENT } | WITH COMPONENTS {..., altAlgorithmIdentifier ABSENT, altSignature ABSENT } ) We are open to comments. We know that IETF is not a heavy user of this data type. We have no intention to use this extended data type for certificates and CRLs. For your information, SIGNATURE is defined as: SIGNATURE ::= SEQUENCE { algorithmIdentifier AlgorithmIdentifier{{SupportedAlgorithms}}, signature BIT STRING, ..... } >From the discussions in London (101), there were a number of challenges identified during the discussion - https://datatracker.ietf.org/meeting/101/materials/minutes-101-lamps-01.txt - that fundamentally questioned that approach. Has the ITU-T addressed or resolved those concerns? Are they not applicable for some reason specific to ITU-T?
- [lamps] Double signatures Erik Andersen
- Re: [lamps] Double signatures Ryan Sleevi
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Santosh Chokhani
- Re: [lamps] Double signatures Panos Kampanakis (pkampana)
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Erik Andersen
- Re: [lamps] Double signatures Erik Andersen
- Re: [lamps] Double signatures Tim Hollebeek
- Re: [lamps] Double signatures Santosh Chokhani
- Re: [lamps] Double signatures Tim Hollebeek
- Re: [lamps] Double signatures Max Pala
- Re: [lamps] Double signatures Sean Turner
- Re: [lamps] Double signatures Russ Housley
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Massimiliano Pala
- Re: [lamps] Double signatures Stephen Farrell
- Re: [lamps] Double signatures Santosh Chokhani
- Re: [lamps] Double signatures Erik Andersen
- Re: [lamps] Double signatures Erik Andersen
- Re: [lamps] [x500standard] SV: Double signatures Stiepan
- Re: [lamps] Double signatures Panos Kampanakis (pkampana)
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Dr. Pala
- Re: [lamps] Double signatures Panos Kampanakis (pkampana)
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Tim Hollebeek
- Re: [lamps] Double signatures Jim Schaad
- Re: [lamps] Double signatures Daniel Van Geest
- Re: [lamps] Double signatures Panos Kampanakis (pkampana)