IETF Logo Mail Archive

Re: [lamps] Proposed re-charter text for hybrid and dual crypto modes

Russ Housley <housley@vigilsec.com> Mon, 01 February 2021 16:18 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DF43F3A12A3 for <spasm@ietfa.amsl.com>; Mon, 1 Feb 2021 08:18:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3E6ooXIpvp8o for <spasm@ietfa.amsl.com>; Mon, 1 Feb 2021 08:18:08 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5AC4D3A1292 for <spasm@ietf.org>; Mon, 1 Feb 2021 08:18:08 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id B0CEB300BD4 for <spasm@ietf.org>; Mon, 1 Feb 2021 11:18:05 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id R5QHSVds8rdJ for <spasm@ietf.org>; Mon, 1 Feb 2021 11:18:04 -0500 (EST)
Received: from a860b60074bd.fios-router.home (pool-141-156-161-153.washdc.fios.verizon.net [141.156.161.153]) by mail.smeinc.net (Postfix) with ESMTPSA id 01F5D300B0D; Mon, 1 Feb 2021 11:18:03 -0500 (EST)
From: Russ Housley <housley@vigilsec.com>
Message-Id: <1CEDB0C7-234E-4169-A787-6EBF1CE39920@vigilsec.com>
Content-Type: multipart/signed; boundary="Apple-Mail=_46B4CE94-E7EB-47AE-AA26-99056EF766BB"; protocol="application/pgp-signature"; micalg="pgp-sha1"
Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\))
Date: Mon, 01 Feb 2021 11:18:05 -0500
In-Reply-To: <6498.1612046333@localhost>
Cc: LAMPS <spasm@ietf.org>
To: Michael Richardson <mcr+ietf@sandelman.ca>
References: <DM6PR11MB43808FA7D74229A5997965649FBA9@DM6PR11MB4380.namprd11.prod.outlook.com> <E64102E4-AA88-4B87-814A-6C79F6655102@vigilsec.com> <6498.1612046333@localhost>
X-Mailer: Apple Mail (2.3445.104.17)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/w8oEG6U6WLYMC3VMfy0jmCX77e4>
Subject: Re: [lamps] Proposed re-charter text for hybrid and dual crypto modes
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 01 Feb 2021 16:18:11 -0000


> On Jan 30, 2021, at 5:38 PM, Michael Richardson <mcr+ietf@sandelman.ca> wrote:
> 
> 
> Russ Housley <housley@vigilsec.com> wrote:
>> full confidence in the PQC public key algorithms.  Therefore,
>> transition mechanisms that combine traditional algorithms with PQC
>> algorithms will be needed for "hybrid key establishment" and "dual
>> signatures".
> 
>> NIST defines "hybrid key establishment" as any key
>> establishment scheme that is a combination of two or more components
>> that are themselves cryptographic key-establishment schemes.
> 
> To be clear for me, such a system would get a unique algorithm OID,
> and would count as a single signature outside of the crypto function.

That is my understanding as well.

> 
>> NIST
>> defines "dual signatures" as any signature scheme that consists of two
>> or more signatures on a common message.  The specifications developed
>> will enable PKIX and S/MIME protocols to support hybrid key
>> establishment and dual signature mechanisms.
> 
> Such as system would be visible as having two algorithmOIDs, and this would
> be visible outside of the crypt function.  The length discussion about
> matching the two identities, etc. deals with this side of things.

That is not the proposal in draft-ounsworth-pq-composite-sigs-04.

> 
> My understanding is that we might have situations where we have dual
> signatures, and the second signature might be a hybrid signature.
> 
> RFC5280 only provides for one algorithmIdentifier (signatureAlgorithm) at the
> top-level sequence, which is not contained under the signature.
> We had some document a few years ago that dealt with coordinating this with
> the section 4.1.2.3 Signature which *is* the signature. (I think Russ wrote that)
> 
> I know that some of the proposals (maybe all) put the second algorithm into
> various extensions, and that is really the only way to do the dual-signatures
> in a backwards compatible way.
> 
> I note that RFC5280 is only at Proposed Standard.
> It was suggested it was more mature, but I can't find any evidence of that:
> not in the DT nor on the rfc-editor page.
> 
> I believe that write a few "Updates" (Amends) RFC5280 documents is
> appropriate, but I think that given that this is going to be a long
> transition, that I think the charter should include text that would allow
> RFC5280bis to be produced.  That might not be a near-term priority, but I
> think that it needs to get done for a number of technical and marketing reasons.

The RFC index does shoe RFC 5280 as PROPOSED STANDARD.  It seems like we should figure out the minimum work needed to advance it.  Clearly there are more that two interoperable implementations.

Russ

v2.23.0 | Report a Bug | By Email