IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022

"Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu> Fri, 16 September 2022 16:58 UTC

Return-Path: <prvs=72589f1afd=uri@ll.mit.edu>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 21942C1524A1; Fri, 16 Sep 2022 09:58:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.904
X-Spam-Level:
X-Spam-Status: No, score=-6.904 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fqKLXeC0S4bH; Fri, 16 Sep 2022 09:58:28 -0700 (PDT)
Received: from MX3.LL.MIT.EDU (mx3.ll.mit.edu [129.55.12.52]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 90939C14CE39; Fri, 16 Sep 2022 09:58:28 -0700 (PDT)
Received: from LLEX2019-2.mitll.ad.local (llex2019-2.llan.ll.mit.edu [172.25.4.124] (may be forged)) by MX3.LL.MIT.EDU (8.17.1.5/8.17.1.5) with ESMTPS id 28GGw0D9084616 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=FAIL); Fri, 16 Sep 2022 12:58:00 -0400
ARC-Seal: i=1; a=rsa-sha256; s=arcselector5401; d=microsoft.com; cv=none; b=u6siVqFfzkYQJOELOzrue9DE7ePu6hdu7t4slTGrR8RtfFs100wbR4Kc8sKdKG/mQ3AHLdxE03W+p+J1vpewva9Rk4Lzon8dVJrwbND52qHdynryP1hgoZg7+jWe4ApGlKR6Htc7hdUWMrdZ2PbiLioFS8FUMFx8uqHpdHB6EvfJ41Mkepafu5bPOdAyav3pxDHywdkRHtWS9Kp7LthxenBAyRsTUB1qFOkXckNf53wpRSGMy87LhJ931pBA5giSl5obEhE5PyuiB8nXx2wc+79z1Xna4lfnpYm1/iHWXAEAb9rVYvNo0lY0Lrt0lxRqLxhFPm/3O9MHZWZRtLathg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector5401; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=hjJX1J4jaE2ip6JwHaWPYDx/u296o51/WY5lKP3EI34=; b=0EsxqgT2Rl0RhjB0rYY2kCogzra+rrw3jYoaDOqmwShwp0uLJKNKvjZ+O5FMIBTzPg3cN8SBIg4UMS1mQNdEYCGyq2Qujvmqcrp9UdplVWLk52tpJgr0bx5fKmoK841Eb3yDGmgR+gJN8LVRVSSVspvkcgzV12oO/cHS4vv6lyTZWy9u6Qio6gYBaOWddPQmYpuMMpIleM9dbtV+2j2eEqFsiDMPjDGQ9X2kHyGlbdFsxI4/QJ2eRBVf+qTPfjmZqcOt0KJYgFGftl02CExftW08uJEGCPgX/bdGP5/jsRJgjcVemFs8I1QuyWP2h3p0SQiZxBQTKjOSavuqoKOhwQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ll.mit.edu; dmarc=pass action=none header.from=ll.mit.edu; dkim=pass header.d=ll.mit.edu; arc=none
From: "Blumenthal, Uri - 0553 - MITLL" <uri@ll.mit.edu>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>, LAMPS <spasm@ietf.org>, "cfrg@irtf.org" <cfrg@irtf.org>
CC: Tim Hollebeek <tim.hollebeek@digicert.com>
Thread-Topic: [lamps] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022
Thread-Index: AQHYyevQobrSzYJEx0+viPfZIIFR9q3iBCgA
Date: Fri, 16 Sep 2022 16:58:22 +0000
Message-ID: <38067E9F-7C3D-4AC9-83E2-FF56B400B511@ll.mit.edu>
References: <4026D3B2-9390-484F-8A10-43E135441998@vigilsec.com> <CADqLbzJjBpPF+6bZ2E2r_eXKFmzCcd5i8H_ZV7O0Dg9Kg+i1xw@mail.gmail.com> <AB126236-D280-4922-A711-CE4C2948C6B3@vigilsec.com> <CADqLbzJF1YYPMpHF3q4NfD-VMG6UM3QdtT33WcL7QE7D8mUvTA@mail.gmail.com> <CADqLbz+ZgNvynnOOH0g13GKMegKrgAghJmTJr=C2pAtYo45X5Q@mail.gmail.com> <02E791EC-13CF-4C23-9BAD-A29938C9B2CF@vigilsec.com> <CADqLbzJtuxY9wdPE1iC3O=NFS8JnojuspbJBXN_=FZ2=4dfg=Q@mail.gmail.com> <D49B24A7-10D1-424E-B1C6-6202343F99F3@vigilsec.com> <68F68C22-B0DC-452D-B8BC-CE4B8B53B664@vigilsec.com> <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB57397348405207DC6733877E9F489@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach: yes
X-MS-TNEF-Correlator:
user-agent: Microsoft-MacOutlook/16.65.22091101
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: BN0P110MB1419:EE_|BN0P110MB1751:EE_
x-ms-office365-filtering-correlation-id: 2cb514f7-3208-4e0d-16ee-08da9804aa3f
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: /vL7dZgQKcD3numxDmWb6EN2HVTNaqpqw6PCw6yUHXHs341Fv4qG3Ua82W4NHRB5e1KpAnq+6/mKlraYp34Bc3UEwMG/FfeNBGVHJhEdkOj5xSOKwZXQIXDAenFIfo1JUW+wRLXwxiUP0aXsjDyTouPhx/6Aan7DAks6qbDBLb6oz868BeCaoOEGkCcvIycA3JPKfEnxhoXJLS0z4v3/C08m4vq2pSkttQVRPP2+tNaL7+HvQDIWHvbxIynDkYBkbe2yiZ89qvkLZKZIN6/Db7ZSH9Nl7wYxbXE4Mza750Pbn4HmOho3S0Z2PgdzpHO/igMhXvp/0a7swvy6kLYrquFSqrEbYuETBWNqyp9Yj2EYlnF+xHqKsGpFYf3KC/Vf9H+Zr3wi2qy+XjM97S4P3dgI7JP6TKmMCVli8Y0qS+UPMTLEq+uR+G6OhzCSO3blP6R5FduyGKyetxDWUL/H46GWeXM88zwsu/fSQlBHZCqNBAJ5qcJIML+rjCGOOOvzzp0yA3xHvGQPfLF6WcIAsqlJc+mgcvPWR2Q4OTn0WjJnapEImwdfkUzQAyzL5fgFXwCZmH3h/tRBFuZuvqwTWAdimZraRcy26ZrEtO8i74qNPjjD0ADDmPqPMDrkNp/SAfqowAfITuzfQPna5dlx9BrOsPlBeGFRIPJ8RKgDlcS08hH/Q6U2FVNTL5Hd1HJBLIOXJ5GY8jYYC3rHkn3+RxTSd+L8fChG2bc9jJxbgvSgn/oRmJzlcphvhN1GVkb1
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM; PTR:; CAT:NONE; SFS:(13230022)(366004)(451199015)(2616005)(186003)(5660300002)(38100700002)(4326008)(8936002)(66556008)(76116006)(26005)(64756008)(6512007)(66446008)(8676002)(66946007)(66476007)(86362001)(33656002)(122000001)(75432002)(966005)(83380400001)(2906002)(99936003)(53546011)(71200400001)(110136005)(38070700005)(498600001)(6486002)(6506007)(45980500001); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: qvovA4q3L5uCut36sKUSrvVG4NIqFaFyrSo3Oky5pIPslOcWu2TUL5qKxTmf4u8mJvnaVK5u0BwahWhkuGuTkSa5+brIskt0M6cQEjGJtcumpkpLd2V6WDWaxGPKWjh3unrOrDXVpNHea2YTty3Avxv1R0d8AVmQ0WMvPqqHZMN1BWRc9q0CJreBDu/x/+XAkJHGH141ZzmFWyApSP9GGQHZuMkedIc41EvkNLsAojQkHn6jf8C80bugkqtAmNx1rvqzr6QABOLD25NWX126bDNt5isa04dyNu9LbAA8/9sA9aKG8Y5gdeq7muI+FjFaaN+SFKm55PHOJyK9E7XD4KpqlAc6BTn4Vqiz2Hiz75hv0y6fyEWAncye4LiLU+TCpemwbg4TROhVEakVQIBOmhiNBU3wtrwKVCwNBaGjhzA=
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha256"; boundary="B_3746177902_1791681151"
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: BN0P110MB1419.NAMP110.PROD.OUTLOOK.COM
X-MS-Exchange-CrossTenant-Network-Message-Id: 2cb514f7-3208-4e0d-16ee-08da9804aa3f
X-MS-Exchange-CrossTenant-originalarrivaltime: 16 Sep 2022 16:58:22.9430 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 83d1efe3-698e-4819-911b-0a8fbe79d01c
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN0P110MB1751
X-Proofpoint-GUID: 4s1o1E4UmlBgBkG6rv4J1mBXQ5HQasUy
X-Proofpoint-ORIG-GUID: 4s1o1E4UmlBgBkG6rv4J1mBXQ5HQasUy
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.895,Hydra:6.0.528,FMLib:17.11.122.1 definitions=2022-09-16_10,2022-09-16_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 adultscore=0 bulkscore=0 malwarescore=0 mlxscore=0 phishscore=0 mlxlogscore=999 spamscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2209130000 definitions=main-2209160125
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/y9OcQ0SXuKQnh0IKMWInroJC-o0>
Subject: Re: [lamps] [EXTERNAL] Re: LAMPS Virtual Interim in Sept. 2022
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 16 Sep 2022 16:58:33 -0000

Mike Ounsworth wrote:
> Could I get a slot at the LAMPS interim to discuss the hash-then-sign issue for Dilithium and Falcon?

I think this issue is worth discussing.

> Issue summary:
>
> - Needing to stream your entire message to your crypto module is dumb
> (think streaming an entire firmware image to your network HSM for code-signing,
> or to your TPM for secure boot validation; yuck).

I'm not sure I agree here - if you sign a hash of something, you can't be sure it's a hash of what you wanted to sign.

> - You want to send just a hash.

Majority (but not all!) of the cases are exactly as you say - sending just a hash...

> - Both Dilithium and Falcon have, as their first internal step' a hash of the
> message prepended with a nonce (the pubkey for Dilithium, and a random r for Falcon),
> I assume in order to block pre-computed collision attacks.
> - If you, for example, do SHA256(m) before calling Dilithium.sign(), then
> you have re-introduced that collision attack.

This assumes one can find collisions in the hash function used. For SHA2 and SHA3 it's a tall assumption.
AFAIK, the main reason SHA3 hasn't superseded SHA2 at this point (despite that SHA3 is cryptographically 
nicer and better) is that SHA2 proved to be "strong enough".

> - You can externalize that first hashing step of the Dilithium / Falcon sign / verify
> algs outside of the crypto module without breaking interop, but doing so will need to
> be mentioned in the standards, and will need security review.

Offhand, I doubt this can be secure...



    -----Original Message-----
    From: Spasm <spasm-bounces@ietf.org> On Behalf Of Russ Housley
    Sent: September 8, 2022 3:21 PM
    To: LAMPS <spasm@ietf.org>
    Cc: Tim Hollebeek <tim.hollebeek@digicert.com>
    Subject: [EXTERNAL] Re: [lamps] LAMPS Virtual Interim in Sept. 2022

    WARNING: This email originated outside of Entrust.
    DO NOT CLICK links or attachments unless you trust the sender and know the content is safe.

    ______________________________________________________________________
    A few things for tomorrow have come up, which prevented us from picking that date.  So, we care going to hold the LAMPS Virtual Interim on 19 Sept. 2022 at 9:00 Eastern.

    We already have two agenda items.  Please let us know if you want to present on another topic.

    Russ & Tim


    > On Aug 24, 2022, at 12:07 PM, Russ Housley <housley@vigilsec.com> wrote:
    >
    > Two agenda topics did not get covered at IETF 114:
    > - draft-perret-prat-lamps-cms-pq-kem
    > - draft-kario-pkcs12-pbmac1
    >
    > There may be other topics that have progressed enough to need some discussion.
    >
    > Tim and I think that 60 minutes will be enough to to cover these topics.
    >
    > Please fill out the following poll to help us find the best time for the meeting:
    > https://urldefense.com/v3/__https://doodle.com/meeting/participate/id/dN9x14vb__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfYwZA0K4$
    >
    > Russ & Tim
    >
    >
    > _______________________________________________
    > Spasm mailing list
    > Spasm@ietf.org
    > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$

    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org
    https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!ZDZM1GgJw-UNsq7N5jg8dUYx470A6dFZyNqiwQrJRoRhH73AH0b35-Kl0QnYNyJLmi_5VMh0JJP1FOEFWwmtfZyACGq2$
    Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

    _______________________________________________
    Spasm mailing list
    Spasm@ietf.org
    https://www.ietf.org/mailman/listinfo/spasm

v2.37.1 | Report a Bug | By Email | System Status