[lamps] Review of draft-ietf-lamps-cms-kyber-03
Jonathan Hammell <jfhamme.cccs@gmail.com> Tue, 19 March 2024 22:37 UTC
Return-Path: <jfhamme.cccs@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2798EC151093 for <spasm@ietfa.amsl.com>; Tue, 19 Mar 2024 15:37:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.106
X-Spam-Level:
X-Spam-Status: No, score=-2.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nWU7U535FHl9 for <spasm@ietfa.amsl.com>; Tue, 19 Mar 2024 15:37:54 -0700 (PDT)
Received: from mail-pj1-x1033.google.com (mail-pj1-x1033.google.com [IPv6:2607:f8b0:4864:20::1033]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 63060C151082 for <spasm@ietf.org>; Tue, 19 Mar 2024 15:37:54 -0700 (PDT)
Received: by mail-pj1-x1033.google.com with SMTP id 98e67ed59e1d1-29f6f8614c8so2548638a91.0 for <spasm@ietf.org>; Tue, 19 Mar 2024 15:37:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1710887873; x=1711492673; darn=ietf.org; h=cc:to:subject:message-id:date:from:mime-version:from:to:cc:subject :date:message-id:reply-to; bh=i4Tw+ajKkuzKw6jAT/qHhPqBFr3nd6QuBx8zYJTOhok=; b=VQB5ZgIawkCIONtp1WWuibIIufLXg3ME1IMH4sTwPOEbn/WCRweW1/0wU4OdZ8oSEf HEM/ImyFcA27SaHr0Z5rFFUTylPYMih7imC6O1MHYA2JXosLrU0XfKos65uWO04viupq j92wsMzVpOzvpaQAdPqdBFYbYBQeA6Bo9bmmYB6O+oTjOnQb8EkI6+8y6jxkD4cvwvMt 2uRb/2pOhI5fsDD5iHm84lTK9U+bXQjCC/+sMw8hztVIpB9+9VMJxfvZE24aMSLtDifg 0f7G0Nzt7mio5kfOeGGNM8lyvdVjPgSwvK4nFC20X92dIzX+Oo4dQGDmMZiSrKbS6HcM oTkw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1710887873; x=1711492673; h=cc:to:subject:message-id:date:from:mime-version:x-gm-message-state :from:to:cc:subject:date:message-id:reply-to; bh=i4Tw+ajKkuzKw6jAT/qHhPqBFr3nd6QuBx8zYJTOhok=; b=fkFLChVNbLveQ/nvhohxlgS8Eh5SxXXmLGokQiPpeKP1q8uDvynftZkjMAFugmoech POTgaQ5r6ODtGwBPhoRxvBOe8VQc5VlmiN3lDyWdoDGRAHaCdMH79oDIpQNjE/o6s2CU V1AY0n4pOdrd6bNL8UGVcYrqoKpkfLjLeQW6n/+gWZ79RZzVBy8ebw2HAR+jnvNRlFFw 5kvPLcRmprAVZRFRxuviKvBHnwsnzU9uCJjDL1iK2IsTmGn7YefCNKxl5DCjFk6EoARM qDogBOhsQDrnpdH13uxaVflJEPgKeNPeBHx/aol833i++EWBt0yjkkzWckej8Krw+YsY oCNw==
X-Gm-Message-State: AOJu0YxwMa08TkgLlPEsXu5s+AWgDjT2r191YOe/VutWvLZa02Lby2jc xtOBVvunPkhXiS69Z4rMnVpdmZvpww/lSRkJP9FmrVeNx4VNe6NMGkpSuNIdoeDIafLQrJ2ZB/y DQamOVDOqW2VfbJ80i4WUJhwgnH3SAI5b0fFp5g==
X-Google-Smtp-Source: AGHT+IGJD0t0ShfjQJrCsQ952N2KdYjpw+zljjjqehYChWIQPi2LgQyhcGZ0elBa2+90foRu3U/Vl4Ro+WhFX8gXo1I=
X-Received: by 2002:a17:90a:f510:b0:29d:d983:219a with SMTP id cs16-20020a17090af51000b0029dd983219amr3958849pjb.40.1710887873126; Tue, 19 Mar 2024 15:37:53 -0700 (PDT)
MIME-Version: 1.0
From: Jonathan Hammell <jfhamme.cccs@gmail.com>
Date: Wed, 20 Mar 2024 08:37:41 +1000
Message-ID: <CALhKWgiy6+dDydiTjaMC6RW-KLxMBZ079ttcCxEEYTudV9fsSQ@mail.gmail.com>
To: SPASM <spasm@ietf.org>
Cc: daniel.vangeest.ietf@gmail.com
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/puobAXZ71oE3RZG2O6S2O9zwamA>
Subject: [lamps] Review of draft-ietf-lamps-cms-kyber-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 19 Mar 2024 22:37:58 -0000
I reviewed draft-ietf-lamps-cms-kyber-03 following Monday's LAMPS
session at IETF 119. Daniel had asked in the session if the
KEMRecipientInfo Processing Summary in Section 1.4 copied from
draft-ietf-lamps-cms-kemri should be removed. I think it would
benefit simplicity if it was removed.
The introductory sentence ("Processing ML-KEM with KEMRecipientInfo
follows the same steps as Section 2 of [I-D.ietf-lamps-cms-kemri]")
and the two requirement statements on implementation ("To support the
ML-KEM algorithm, the CMS originator MUST implement Encapsulate()" and
"To support the ML-KEM algorithm, the CMS recipient MUST implement
Decapsulate()") can be included as a second paragraph at the beginning
of Section 2. The note regarding the KDF ("Note that the KDF used to
process the KEMRecipientInfo structure MAY be different from the KDF
used in the ML-KEM algorithm") can be included in 2.2.2.
As Daniel pointed out, this section was included to align with
draft-ietf-lamps-rfc5990bis-05. A similar change to remove Section
1.3 of rfc5590bis and merge the requirements into 1.2 could be made.
Otherwise, I don't feel it is necessary to align exactly if the
authors choose not to do so. rfc5990bis is already different in that
it is defining the RSA-KEM algorithm in addition to specifying how it
is used in CMS.
I also think that Section 1.2 introducing KEMs should be removed from
this ML-KEM draft.
The title for Section 2.2.1 would be more informative as "Use of the
KMAC-based Key Derivation Function (KDF)".
Section 2.2.2 uses both the term "key wrapping" and "key-encryption".
Stick with one (likely the former).
There is a small typo in the ASN.1 OID definition of aes in Section 3:
an underscore following "csor(3)".
The Security Considerations in Section 4 should also say that the
Security Considerations of [I-D.ietf-lamps-cms-kemri] applies.
My thanks to the authors for preparing this document.
Best regards,
Jonathan
Canadian Centre for Cyber Security
https://cyber.gc.ca
- [lamps] Review of draft-ietf-lamps-cms-kyber-03 Jonathan Hammell