IETF Logo Mail Archive

[lamps] AD review of draft-ietf-lamps-cmp-algorithms-07

Roman Danyliw <rdd@cert.org> Tue, 26 October 2021 21:48 UTC

Return-Path: <rdd@cert.org>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 553F23A18F1 for <spasm@ietfa.amsl.com>; Tue, 26 Oct 2021 14:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.902
X-Spam-Level:
X-Spam-Status: No, score=-1.902 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=seicmu.onmicrosoft.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 6ovvT3FfO1IS for <spasm@ietfa.amsl.com>; Tue, 26 Oct 2021 14:48:54 -0700 (PDT)
Received: from USG02-BN3-obe.outbound.protection.office365.us (mail-bn3usg02on0139.outbound.protection.office365.us [23.103.208.139]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 321C23A18F7 for <spasm@ietf.org>; Tue, 26 Oct 2021 14:48:53 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=RaxvZeTTXN2l76O1zql04GhrrjAcyxPB966AeG9gzAg/hY3WQnydzcm18QqfzaEMEMIlpQXE8I3Fc23mN2FZBhkg4nehO4qoKujQ6k0J3u4eHKenxKyeXF5gqGugeubDPCntuzEWxNg7YHRR18WwOIyR5YpVkO9VnS59uoGWmCRvhtpvItufkQAeuzzZuwiwD8DJtwoUmPbIrusA11Xfw6mHdLxq9rFSYB2aQ7S3IEVItIdXawLek8EdDs3ixg9YueQ7D2pDn20rYC0pQ+AXSvAISQI8riX4bvKD15toVxX9yBZRbyyhD81XG5fS8IAYM9P89C7c+h8wKbQHzBwHAA==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version; bh=qgupHj+2nHBsl6oiqNaQmm8a+wqb38zuLWtrGKDLcAk=; b=HYJGMKHt0NdMIHLIMtHYgTHQxaeEv8efRYfgOD2y7BR18hJSUjlWW14Ap0Zc9EQ5/cjwlVSr0Vo1prIeMO/rsWhZIc2R7PdF7x6NUXHZeLcEo450IufP0OnGD3PxCJX961V414TOX4OfcrpY8WowzZhqzT5ss3DGudFuVWvkzZY0uLxKnqKkRbVXzvmqT1l/7tdQpvGVFibI5wXBdf2N3rZluNVCTfdtnqYKh68KKviWhQntLTamdVZH5UcWa7rof3xLeV4KQ1AU0O/hn4yQmpox8ZuQBJd8ZcOecpWV68msLLa4El9AjaxEPFFAPFV3hd7mlUqsGtcvBdAtP269Gg==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=cert.org; dmarc=pass action=none header.from=cert.org; dkim=pass header.d=cert.org; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=seicmu.onmicrosoft.com; s=selector1-seicmu-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=qgupHj+2nHBsl6oiqNaQmm8a+wqb38zuLWtrGKDLcAk=; b=TzFA4cjfWfnv91wm45qBfmvo2hsScBKAh+ExAzHtCGdWIzO/e4bxm06ds0r1Y8hnVp0VDpwHw1PlxRx1zNE6FOQyQxjKRQhdh/EdxZQ749TtYTrr0yVGoFO4CQMXoh0bCpNJWIvlJeSvYxHT6tjXdtxJ73GW4qbM/XhtITNobY4=
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::12) by BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM (2001:489a:200:134::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.16; Tue, 26 Oct 2021 21:48:50 +0000
Received: from BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f]) by BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM ([fe80::4463:48d1:9769:567f%6]) with mapi id 15.20.4628.020; Tue, 26 Oct 2021 21:48:50 +0000
From: Roman Danyliw <rdd@cert.org>
To: LAMPS WG <spasm@ietf.org>
Thread-Topic: AD review of draft-ietf-lamps-cmp-algorithms-07
Thread-Index: AdfKsmHop5v82zipS+Kei9oAXI0KtQ==
Date: Tue, 26 Oct 2021 21:48:49 +0000
Message-ID: <BN1P110MB0939774B07F1FF05E5DBBC42DC849@BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: ietf.org; dkim=none (message not signed) header.d=none;ietf.org; dmarc=none action=none header.from=cert.org;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 0115b376-f472-4c35-85c6-08d998ca6555
x-ms-traffictypediagnostic: BN1P110MB0755:
x-microsoft-antispam-prvs: <BN1P110MB0755C984B73B0F7B53E2B890DC849@BN1P110MB0755.NAMP110.PROD.OUTLOOK.COM>
x-ms-oob-tlc-oobclassifiers: OLM:7219;
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: g63+dqs2LCx7VUqSkTKwwLjf9SdUi+0Mgxu25eHXSLvY0OzjETYLBU3dr4gU8iLQPeof+Ns3cPuorwwWCqqVEK4DaWAdZ+E/TDUO9fV9yr1As7YpOhLfSVJnJjKqHCMQXZrsJFhAyFQJqXyPYWeyKSGrk5hX4zitCRRACsW44M1Aq7R8cFxBN+DvrVFDZn/WYqez5iLATdMkhR+2K3cNSWKejxeb9PrXRZH5UTsoy1r/NHVYnrzIxPJa/C1oq+G2+n1Qb0yBxjNNVoz7oG2xYxtgwvpDRXH9D6dfU296WoTCyOHQcG7CPiBS6qGu9uFFwNu2zxJ/6ZC2KVSDyp1Mm9hXBui/WjRWMjioLULr7sK+HvFiK77jy7jtJ18QOID0J83Wy3i5iM31Ifp0FfvMtQOgq5l966tYfmsr21YgGHqV1tf57T8xfGMtVSKTwtUxAJAGH0WlUFdclDDT9LlSGtFHSM/Z29SyYol8/mkmWCZwjRTi+CLtuZ9iVcGz8qKYZ08Hrcdk5etACaSNG0HcyXQjxMHKdfzO/JPm5iN/j0yd+1PgswHhX8C/miml08eItd/PPUTCPzgfNdMFbf42E6cdntiWCM8hlSlHMwFaFVRlRjxmp4NKh+H9Irlmh8r2
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(366004)(66556008)(71200400001)(66446008)(64756008)(38100700002)(66476007)(66946007)(5660300002)(9686003)(82960400001)(38070700005)(26005)(76116006)(7696005)(55016002)(8936002)(52536014)(122000001)(8676002)(2906002)(186003)(86362001)(33656002)(83380400001)(6506007)(6916009)(498600001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: 8py6xn7ZJDAhsfu/fJyRWe7J7U1BHFvQrOd+tUxfJvKT4m2Yt7GPuUH2nIthvcU+YpzbSD6/F5ZyPy68zN89Au1e4kcqum0Zhr65Yae+nBmsEOwtIl93IKCMHsDnUnYV7dYqOUGEkudgjurn1pH/dfoVhA8YoEn1uQWRp0qf5MVGgGKa3jeU2julgapHYTVP+Eol5je6gg8Vyvy2Je5dsL6AyK0SP/vQg+HBJ2mYZRk8WHFqIvJ2/fS0GCVgwWe03vTlErG18odN7wkQpGE/zuC+ay8CjsRozeVbgWaf9VLNmSwUqgZGAWGShlQknWm15S2PY0wrm3v5TJH5bik+TKPIbXLXSqYA33NxWcAplMevdZpQ4PFtNCo7o8IxAcqx+SPavcShB6c6u9j4ECBJ6M233zgmJ2QZE5o/xsBoBbC/bdK/mlSpjRv/PWJ3uRFzA2ldScQmsTKrKtHHHwJnmigzGoueuHtnROIQ9K4WQPlQuJUJnOSXPbMznrk/7X69BvWQ+RMVq3Qb3axKhhi9ngE4F/ZpHbJVVZR8JmyO15b5FOAqPlYKCt3GO3qSjhOM2JweTff2Clp8K+NPii928ffgadUf9KuJwiayQlMwSH1x540UcKx40all+vHJkk8YHpllH4rlZQcJ6GQ0qEdQKfmLqRoZtscDFesgT4oiFnFx88asXQP6qSIp2O0ZefwU1OH4IE0tDQ0MjFe6N9yBqPQQqodVYsSXQgRuLr4aoL4=
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: cert.org
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN1P110MB0939.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 0115b376-f472-4c35-85c6-08d998ca6555
X-MS-Exchange-CrossTenant-originalarrivaltime: 26 Oct 2021 21:48:49.9325 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 95a9dce2-04f2-4043-995d-1ec3861911c6
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN1P110MB0755
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/oe3b2yFLHsI3O18ug_3yNHcU-z8>
Subject: [lamps] AD review of draft-ietf-lamps-cmp-algorithms-07
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 26 Oct 2021 21:49:00 -0000

Hi!

I did an AD review of draft-ietf-lamps-cmp-algorithms-07 with my comments below.  Thanks for this work to evolve CMP.

** Section 2, 3, etc.  Editorial. When listing the places where digest and signature algorithm identifies are found, consider if enumerating them as a bulleted list might be easier to read.  For example:

OLD
   Digest algorithm identifiers are located in the hashAlg field of
   OOBCertHash, the owf field of Challenge, PBMParameter, CertStatus,
   and DHBMParameter, and the digestAlgorithms field of SignedData and
   the digestAlgorithm field of SignerInfo.

NEW
Digest algorithm identifiers are located in:
* hashAlg field of OOBCertHash, 
* owf field of Challenge, PBMParameter, CertStatus, and DHBMParameter 
* digestAlgorithms field of SignedData
* digestAlgorithm field of SignerInfo.

** Section 2.
Note: Specific conventions are needed for CertStatus content in
   certConf messages when confirming certificates where the
   AlgorithmIdentifier of the certificate signature does not clearly
   imply a specific hash algorithm.  In such cases the hash algorithm to
   use to build certHash should be specified, e.g., as done in
   Section 2.1 and Section 2.2 for certificates signed using EdDSA.

I'm confirming my understanding of the text.  Is the specific convention being described here the second sentence (i.e., explicitly specifying the hash algorithm)?  I ask because "conventions" was plural suggesting that there was more than one.

** Section 3.  Editorial.  s/Section 7.2,RFC/Section 7.2, RFC/

** Section 3.1.  Editorial.
OLD
The algorithm identifiers for RSASAA-PSS signatures used with SHA2
   message digest algorithms is identified by the following OID:

NEW
The algorithm identifier for RSASAA-PSS signatures used with SHA2
   message digest algorithms is identified by the following OID:

** Section 3.3.  Editorial. s/signature algorithm Ed25519 MUST/signature algorithm Ed25519 that MUST/

** Section 4.1.

Key agreement algorithm identifiers are located in the EnvelopedData
   RecipientInfos KeyAgreeRecipientInfo keyEncryptionAlgorithm fields.

-- "keyEncryptionAlgorithm" is the type, the field name is "KeyEncryptionAlgorithmIdentifier" per Section 6.2.1 of RFC5652.  It should likely read "... KeyAgreeRecipientInfo KeyEncryptionAlgorithmIdentifier".

-- why is "fields" plural? Isn't the cardinality here a single field?

-- I'm mentioning it here but it applies to the other uses, using spaces to convey the nested CMS structure is confusing.

** Section 4.1. Checking my understanding, is it accurate that both the key agreement algorithm identifiers and the key encryption algorithm identifiers are going to the same place in EnvelopedData?

** Section 4.1.
   Wrapped content-encryption keys are located in the EnvelopedData
   RecipientInfos KeyAgreeRecipientInfo RecipientEncryptedKeys
   encryptedKey field.
  
-- "encryptedKey" is also a type.  It should likely be "EncryptedKey" per Section 6.2.2 of RFC5652.

-- My ASN.1 reading always needs help.  Should it be "... RecipientEncryptedKeys RecipientEncryptedKey EncryptedKey" or "RecipientEncryptedKeys EncryptedKey"?  Same thing would apply to "RecipientInfos" and "RecipientInfo". 

** Section 4.2.  
Key transport algorithm identifiers are located in the EnvelopedData
   RecipientInfos KeyTransRecipientInfo keyEncryptionAlgorithm field.

Similar to Section 4.1, keyEncryptionAlgorithm is the type.  It likely should be KeyEncryptionAlgorithmIdentifier per Section 6.2.1 of RFC5652

** Section 4.2
   Key transport encrypted content-encryption keys are located in the
   EnvelopedData RecipientInfos KeyTransRecipientInfo encryptedKey
   Field.

Similar to Section 4.1, encryptedKey is the type.  It likely should be EncryptedKey per Section 6.2.1 of RFC5652.

** Section 4.3.  As before, s/keyEncryptionAlgorithm/KeyEncryptionAlgorithmIdentifier/

** Section 4.3.  As before, s/encryptedKey/EncryptedKey/

** Section 4.4. As before, s/keyDerivationAlgorithm/KeyDerivationAlgorithmIdentifier/

** Section 5.  Editorial.  s/Section 7,RFC/Section 7, RFC/

** Section 5.  As before, s/ contentEncryptionAlgorithm /ContentEncryptionAlgorithmIdentifier/

** Section 6. Editorial.  s/Section 7,RFC/Section 7, RFC/

** Section 6.1.1. Editorial. s/andAlgorithm/and Algorithm/

** Section 7.  I would have benefit from a bit more clarity on the direction provided in this section. 

-- "The following criteria will help implementers choose appropriate algorithms for managing certificates"

The bulleted list seems like only part of the criteria.  As a non-exhaustive list, additional considerations might be the capabilities of the end-point (e.g., does the target deployment have hardware acceleration for some, are some algorithms simply out of reach due to available compute or expected software support); or perhaps local policy or compliance requirements?

-- "The cryptographic strength of the algorithm with the lowest security."

It seems like some words are missing here.  Is the intent here to guide the selection towards the algorithm that provides the minimum amount of strength relative to the needed security requirements?

** Section 7.1.  The text in this section seems it should explicit say that it is updating RFC4210.

OLD
The following table contains definitions of algorithms used within

NEW
The following table updates the definitions of algorithms used within

** Section 7.1.  If an algorithm is listed in the "Change from 4210" column, should it be considered the equivalent of being added to the "other" column (per Appendix D.2 of RFC4210?  If so, please be explicit about that.

** Section 7.1.  Table 1.

-- What does it mean for PasswordBasedMac to be in both the Mandatory and Change-from-4210 column for the MSG_MAC_ALG row?  It was already the MTI in RFC4210.  Same question and situation with D-H for the PROT_ENC_ALG row.

-- Should 3-DES be considered "other" in MSG_MAC_ALG and PROT_SYM_ALG?

-- Editorial.  In PROT_SYM_ALG and SYM_PENC_ALG, the "3-DES (3-key-EDE), CBC Mode" should read "3-DES (3-key-EDE, CBC mode)" per the text in RFC4210.

** Section 9.  Can a reference be added for the theoretical weakness in PasswordBasedMac?

** Section 9.  Editorially, the first paragraph ("RFC 4210 Appendix D.2 ...) and the two paragraphs of "In Section 7 ..." and "To keep the list ...", seem to be saying the same thing.  Recommend a merge.

** Section 9.
In such systems the weakened algorithms should
   be disabled from further use.  

Can this document make stronger recommendations about deprecating certain algorithms such as 3-DES SHA-1 with normative language rather than keeping it in the "other" category in the profiles?

** Normative References.  [I-D.ietf-lamps-lightweight-cmp-profile] should be a normative reference given the use of normative language around it in Section 7.2.

Regards,
Roman

v2.23.0 | Report a Bug | By Email