Re: [lamps] Security Consideration for draft-turner-lamps-nist-pqc-kem-certificates
Sean Turner <sean@sn3rd.com> Fri, 25 March 2022 12:00 UTC
Return-Path: <sean@sn3rd.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6BEA93A1154 for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 05:00:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.109
X-Spam-Level:
X-Spam-Status: No, score=-2.109 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=sn3rd.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4mW9RhppLgXa for <spasm@ietfa.amsl.com>; Fri, 25 Mar 2022 05:00:27 -0700 (PDT)
Received: from mail-qk1-x734.google.com (mail-qk1-x734.google.com [IPv6:2607:f8b0:4864:20::734]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4B0653A09EF for <spasm@ietf.org>; Fri, 25 Mar 2022 05:00:27 -0700 (PDT)
Received: by mail-qk1-x734.google.com with SMTP id g8so5769131qke.2 for <spasm@ietf.org>; Fri, 25 Mar 2022 05:00:27 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sn3rd.com; s=google; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=dK4C49wKmQpBWKdKa0NuBN1jLFaw2KNCHh918D9g30E=; b=DpY/TTieaPZBjMN7esBSExo66RL4RlDRFL4CL008fx+liBTuyFOJiJ4nACF9+q6c9s RooqY1iBC4B+b+NAQCAi04M0BHGPrvUIjVHVrOCMumJ5n0+a5ygW25FKCD3R+l9ca6VV P/CzVccin7TO3+25AvWdYrAbDaDr3ndTKlR4U=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=dK4C49wKmQpBWKdKa0NuBN1jLFaw2KNCHh918D9g30E=; b=Ax3DFwc/skDWtQEWLvmlS69EQwGyTz7pGhrL7lhQ7qhiXUqlGepDWSFVeHMgyawVwP wfpFCNMkF1Bk1wxZco0K7oa90iHnTuG7BblkOLAw7eWOyQ+B3bvv0CkU4MelaNrXG9I7 rcS339U25bFQaMlq/jnhFShZcBZHlwievGpCNCIaVOJqeyuO/b2zMwkQYCKxEfRSBuG5 Y79w7q/32KaD7VnJqxGtS69aS2dVk1IcjlWHl87kSUJnjdqDhe8Ak7Q+TgfSyzwHGwqG /f9kCq2et7pri2PDCmFTKGrqO6P1RZI9XfCEi3SM3rjfrBZe1uLNyOv6p5L1DsmxDhB9 bWuw==
X-Gm-Message-State: AOAM5317WyVFrgAnQYhBswlHvq5gOOoujt1o+UyMoJsHAWBfwDWyWV9i pnkQaAkcK9Ia9XZAB7NB1F3NbTVTs+dkZw==
X-Google-Smtp-Source: ABdhPJwMMlWrni2ZeiRRdhYxzTaTP8K0TP9RbSn1kiGqc+RIy7cTH20LaK1YnlaJ+0oQbozQOCwWvQ==
X-Received: by 2002:a05:620a:290c:b0:67e:c51d:40d with SMTP id m12-20020a05620a290c00b0067ec51d040dmr6418882qkp.145.1648209625941; Fri, 25 Mar 2022 05:00:25 -0700 (PDT)
Received: from smtpclient.apple (pool-71-178-177-131.washdc.fios.verizon.net. [71.178.177.131]) by smtp.gmail.com with ESMTPSA id v12-20020a05622a130c00b002e1b3ccd9adsm4884493qtk.79.2022.03.25.05.00.25 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 25 Mar 2022 05:00:25 -0700 (PDT)
Content-Type: text/plain; charset="utf-8"
Mime-Version: 1.0 (Mac OS X Mail 14.0 \(3654.120.0.1.13\))
From: Sean Turner <sean@sn3rd.com>
In-Reply-To: <CH0PR11MB5739B640691C4692D6343E219F1A9@CH0PR11MB5739.namprd11.prod.outlook.com>
Date: Fri, 25 Mar 2022 08:00:24 -0400
Cc: LAMPS <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <8D72DBAB-C8CC-4FC8-B721-09C98933087D@sn3rd.com>
References: <CH0PR11MB5739B640691C4692D6343E219F1A9@CH0PR11MB5739.namprd11.prod.outlook.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>
X-Mailer: Apple Mail (2.3654.120.0.1.13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/ueGdni78rAjwe-ih8BKsjwYUhT0>
Subject: Re: [lamps] Security Consideration for draft-turner-lamps-nist-pqc-kem-certificates
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 25 Mar 2022 12:00:33 -0000
Mike, I will make sure to note this as an issue the GH repo. spt > On Mar 25, 2022, at 07:17, Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org> wrote: > > The comment I was going to make at the mic: > > At the TLS WG this week, Douglas Stebila presented on a known issue in the hybrid KEM combiner they’re proposing for TLS (draft-ietf-tls-hybrid-design): it gets into trouble if the attacker gets to play with the lengths of the shared secrets at runtime. Obvious solution: KEM codepoints need to fix the SS length in the spec so that it’s not variable at runtime. > > We’re putting together a draft which provides essentially the same combiner for hybrid CMS content encryption (yuck terminology hell. Florence D. please save us and write a terminology draft!). > For that combiner to avoid the attack, I think we need Sean’s KEM OIDs draft to fix the shared secret length for each KEM that it specifies. > > So for now I think I’m just asking @Sean to throw a Security Consideration into his draft so we don’t forget that it’s important. > > --- > Mike Ounsworth > Software Security Architect, Entrust > > Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system._______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm
- [lamps] Security Consideration for draft-turner-l… Mike Ounsworth
- Re: [lamps] Security Consideration for draft-turn… Sean Turner
- Re: [lamps] Security Consideration for draft-turn… Florence D
- Re: [lamps] Security Consideration for draft-turn… Mike Ounsworth
- Re: [lamps] Security Consideration for draft-turn… Douglas Stebila
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Ilari Liusvaara
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Nimrod Aviram
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Mike Ounsworth
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Douglas Stebila
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Douglas Stebila
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] [EXTERNAL] Re: Security Consideration… Blumenthal, Uri - 0553 - MITLL