Re: [lamps] Potential Topics for LAMPS Recharter

Russ Housley <housley@vigilsec.com> Thu, 05 July 2018 14:29 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1454F130E65 for <spasm@ietfa.amsl.com>; Thu, 5 Jul 2018 07:29:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dpzFx7wDuUJE for <spasm@ietfa.amsl.com>; Thu, 5 Jul 2018 07:29:53 -0700 (PDT)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AD994130DE5 for <spasm@ietf.org>; Thu, 5 Jul 2018 07:29:53 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 743E1300A30 for <spasm@ietf.org>; Thu, 5 Jul 2018 10:29:51 -0400 (EDT)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Ydcbhb3L1Ugu for <spasm@ietf.org>; Thu, 5 Jul 2018 10:29:49 -0400 (EDT)
Received: from a860b60074bd.home (pool-71-127-50-4.washdc.fios.verizon.net [71.127.50.4]) by mail.smeinc.net (Postfix) with ESMTPSA id CEB7D300A20 for <spasm@ietf.org>; Thu, 5 Jul 2018 10:29:49 -0400 (EDT)
From: Russ Housley <housley@vigilsec.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Mac OS X Mail 11.4 \(3445.8.2\))
Date: Thu, 5 Jul 2018 10:29:50 -0400
References: <1D329233-AFCE-421B-81FE-EDDC30386260@vigilsec.com>
To: LAMPS <spasm@ietf.org>
In-Reply-To: <1D329233-AFCE-421B-81FE-EDDC30386260@vigilsec.com>
Message-Id: <105D40E2-151B-4335-BEDD-3017B508D579@vigilsec.com>
X-Mailer: Apple Mail (2.3445.8.2)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/pN_V-1dzeeDL4DpENK3SJySs2KY>
Subject: Re: [lamps] Potential Topics for LAMPS Recharter
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Jul 2018 14:29:56 -0000

Comments on the LAMPS revised charter can be found here:
https://datatracker.ietf.org/doc/charter-ietf-lamps/ballot/

I have proposed to the IESG the following text to address these comments.

Russ

= = = = = = = =


The PKIX and S/MIME Working Groups have been closed for some time. Some
updates have been proposed to the X.509 certificate documents produced 
by the PKIX Working Group and the electronic mail security documents 
produced by the S/MIME Working Group.

The LAMPS (Limited Additional Mechanisms for PKIX and SMIME) Working 
Group is chartered to make updates where there is a known constituency 
interested in real deployment and there is at least one sufficiently 
well specified approach to the update so that the working group can 
sensibly evaluate whether to adopt a proposal.

The LAMPS WG is now tackling these topics:

1. Specify a discovery mechanism for CAA records to replace the one
described in RFC 6844.  Implementation experience has demonstrated an
ambiguity in the handling of CNAME and DNAME records during discovery
in RFC 6844, and subsequent discussion has suggested that a different
discovery approach would resolve limitations inherent in the approach
used in RFC 6844.

2. Specify the use of SHAKE128/256 and SHAKE256/512 for PKIX and S/MIME.
Unlike the previous hashing standards, the SHA-3 family of functions are
the outcome of an open competition.  They have a clear design rationale
and have received a lot of public analysis, giving great confidence that
the SHA-3 family of functions are secure.  Also, since SHA-3 uses a very
different construction from SHA-2, the SHA-3 family of functions offers
an excellent alternative.  In particular, SHAKE128/256 and SHAKE256/512
offer security and performance benefits.

3. Specify the use of short-lived X.509 certificates for which no
revocation information is made available by the Certification Authority.
Short-lived certificates have a lifespan that is shorter than the time
needed to detect, report, and distribute revocation information.  As a
result, revoking short-lived certificates is unnecessary and pointless.

4. Specify the use of a pre-shared key (PSK) along with other key 
management techniques with supported by the Cryptographic Message
Syntax (CMS) as a mechanism to protect present day communication from
the future invention of a large-scale quantum computer.  The invention
of a large-scale quantum computer poses a serious challenge for the key
management algorithms that are widely deployed today, especially the
key transport and key agreement algorithms used today with the CMS to
protect S/MIME messages.

5. Specify the use of hash-based signatures with the Cryptographic
Message Syntax (CMS).  Hash-based signature use small private and
public keys, and they have low computational cost; however, the
signature values are quite large.  For this reason they might not be
used for signing X.509 certificates or S/MIME messages; however, sine
hash-based signature algorithms are secure even if a large-scale
quantum computer is invented.  The low computational cost for
signature verification makes hash-based signatures attractive in the
Internt of Things environments, and the quantum resistance makes them
attractive for the distribution of software updates.

6. Specifies a certificate extension that is carried in a self-signed
certificate for a trust anchor, which is often called a Root
Certification Authority (CA) certificate, to identify the next
public key that will be used by the trust anchor.

In addition, the LAMPS WG may investigate other updates to documents
produced by the PKIX and S/MIME WGs, but the LAMPS WG shall not adopt
any of these potential work items without rechartering.

MILESTONES

DONE:     Adopt a draft for rfc6844bis
DONE:     Adopt a PKIX draft for SHAKE128/256 and SHAKE256/512
DONE:     Adopt a S/MIME draft for SHAKE128/256 and SHAKE256/512
Jun 2018: Adopt a draft for short-lived certificate conventions
Jun 2018: Adopt a draft for the CMS with PSK 
Jun 2018: Adopt a draft for hash-based signatures with the CMS
Jun 2018: Adopt a draft for root key rollover certificate extension 
Jul 2018: rfc6844bis sent to IESG for standards track publication
Aug 2018: Root key rollover certificate extension sent to IESG for
             informational publication
Sep 2018: SHAKE128/256 and SHAKE256/512 for PKIX sent to IESG for
             standards track publication
Sep 2018: SHAKE128/256 and SHAKE256/512 for S/MIME sent to IESG for
             standards track publication
Oct 2018: Short-lived certificate conventions sent to IESG for BCP
             publication
Oct 2018: The CMS with PSK sent to IESG for standards track publication
Dec 2018: Hash-based signatures with the CMS sent to IESG for standards
             track publication