Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
Russ Housley <housley@vigilsec.com> Tue, 27 November 2018 20:21 UTC
Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 55F4A124D68 for <spasm@ietfa.amsl.com>; Tue, 27 Nov 2018 12:21:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2AiNHDfCQ8vX for <spasm@ietfa.amsl.com>; Tue, 27 Nov 2018 12:21:48 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D2D24124408 for <spasm@ietf.org>; Tue, 27 Nov 2018 12:21:47 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 94620300AAE for <spasm@ietf.org>; Tue, 27 Nov 2018 15:21:45 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id WA7B368K9pDZ for <spasm@ietf.org>; Tue, 27 Nov 2018 15:21:44 -0500 (EST)
Received: from [192.168.1.161] (pool-71-178-45-35.washdc.fios.verizon.net [71.178.45.35]) by mail.smeinc.net (Postfix) with ESMTPSA id 68114300438; Tue, 27 Nov 2018 15:21:44 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <840DC27B-3F3A-4D2D-9944-67007F88DAA7@vigilsec.com>
Content-Type: multipart/alternative; boundary="Apple-Mail=_E92B429A-51ED-453B-964E-290B7D1BE36A"
Mime-Version: 1.0 (Mac OS X Mail 11.5 \(3445.9.1\))
Date: Tue, 27 Nov 2018 15:21:45 -0500
In-Reply-To: <02fc01d48059$7bd665c0$73833140$@augustcellars.com>
Cc: SPASM <spasm@ietf.org>
To: Jim Schaad <ietf@augustcellars.com>
References: <018d01d477fa$97522760$c5f67620$@augustcellars.com> <14A5DD8E-15E3-4009-961C-2E33011E0C44@vigilsec.com> <02fc01d48059$7bd665c0$73833140$@augustcellars.com>
X-Mailer: Apple Mail (2.3445.9.1)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/rG7upIxZVf66312KXmYOm-GrdzY>
Subject: Re: [lamps] Review draft-ietf-lamps-cms-mix-with-psk-00
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 27 Nov 2018 20:21:49 -0000
Jim:
> * I am missing the discussion about what the KDK length is going to be for a
> key agreement algorithm. Am I just blind?
I have been playing with a toy implementation to make sure that I have sorted out all of the issues, and I think that the key agreement needs some fine tuning, not so much in what is actually going on, but more in the way that it is explained.
I think this processing description will make more sense, and it will encourage the intended code reuse...
1. The content-encryption key is generated at random.
2. The pairwise key-encryption key is established for each recipient.
The recipient's public key and the sender's private key are used
to produce a pairwise symmetric key-encryption key, called KEK1.
3. The key derivation function (KDF) is used to mix the pre-shared
key (PSK) and KEK1, and the result is called KEK2.
4. The KEK2 is used to encrypt the content-encryption key.
KEK1 is not actually used to encrypt anything, but it allows existing DH and ECDH implementations to used without any modification.
I think this also makes it very clear why KEK1 and KEK2 ought to be the same size.
Russ
- [lamps] Review draft-ietf-lamps-cms-mix-with-psk-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Jim Schaad
- Re: [lamps] Review draft-ietf-lamps-cms-mix-with-… Russ Housley