Re: [lamps] draft-housley-lamps-crmf-update-algs - proposal on adding text regarding iterationCount and pwd quality
Jonathan Hammell <jfhamme.cccs@gmail.com> Thu, 26 November 2020 18:23 UTC
Return-Path: <jfhamme.cccs@gmail.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF8FB3A160F for <spasm@ietfa.amsl.com>; Thu, 26 Nov 2020 10:23:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id tNe4xmruGo6Y for <spasm@ietfa.amsl.com>; Thu, 26 Nov 2020 10:23:48 -0800 (PST)
Received: from mail-oi1-x22a.google.com (mail-oi1-x22a.google.com [IPv6:2607:f8b0:4864:20::22a]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D8D883A160E for <spasm@ietf.org>; Thu, 26 Nov 2020 10:23:47 -0800 (PST)
Received: by mail-oi1-x22a.google.com with SMTP id k26so3194666oiw.0 for <spasm@ietf.org>; Thu, 26 Nov 2020 10:23:47 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=O+svJ74O+tDMi+7qghmiVCrLUwRO2ZR/JYkGvGs0fLg=; b=IKccjHcviLpQVs7JESU+TiHb3FrCDsoxOUrZYJKLgltOtbHCeklPq3ITghI1+FCpWN rtqB6Df+/JhdeJiMxSrQ2fVf3ru2J21wK2IKz1e5tfZbLYVexm43d9HFAcI82kI5PJ0R dt4w605XqJ4TNQgA1GofyHityDrPJkHwh3si+trKfvghfpIwT5upgkjjVb65U0SeqNQ7 djxf8M+JW9H9yta1jmuUm5lJZfKHk0i/StJztCVNZsyuR1Vb4urTu6QxBoykrSnq1w0W UUo1I88tYslmh0qqE7bK+GNmI5owACesZ0f+xGBesWsGOuDXD3scaFdI5yCsmRW9TD77 0Xyw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=O+svJ74O+tDMi+7qghmiVCrLUwRO2ZR/JYkGvGs0fLg=; b=GCODcShLsrCmF2hS/nmlWaTFs+edffD0BTFKJlcBWYnzL5rDsrp7uEE/Buh2YiZHfX YA+RYaUJtrvp2qb9Oob8JaPZ3oPrps2NG/NzDqPyKh7M3qONwOyXcX/pN/z8mCIgUA+X lDcazN6vlzntM3T4k0VtH2FpSMDRRRkX0SmPsQWRI9IF16ZjY71gg/0IxR5cBA8P5LUH gDqL3RxZSst/7upN9r/CD845c2aUMPGNBf6IgsEZtkdWAOkuJJN+ns+5q1jyP/6XQHuP uRpUbW7+4bYyzB5u4P1N/KSfOHqB1yZ5fla75MXmIrQWenkdvXb/kFw/OJT6BEfg7o5G 0Zwg==
X-Gm-Message-State: AOAM531GXiTy813TFwsK+geurjPhu2xjg3TUV70Kq4rQL4N5AxaOcc0c BzFVRqwNFNe9nqM8EQ0U1u1fRAAqOIvCYhCm4wY=
X-Google-Smtp-Source: ABdhPJymYjXVr0tNnbysbW7o4O9PVIGYV271Zs2rm4N8qUjE1lNlb6/Jxb5rYVnztKz+5/GMSer+EWlsNghrw6OFf0w=
X-Received: by 2002:aca:3956:: with SMTP id g83mr2764721oia.143.1606415027227; Thu, 26 Nov 2020 10:23:47 -0800 (PST)
MIME-Version: 1.0
References: <AM0PR10MB24188049A1B53C88EE19B606FEF90@AM0PR10MB2418.EURPRD10.PROD.OUTLOOK.COM> <86E7B55E-986C-42C1-8E02-20FB70C2F022@vigilsec.com>
In-Reply-To: <86E7B55E-986C-42C1-8E02-20FB70C2F022@vigilsec.com>
From: Jonathan Hammell <jfhamme.cccs@gmail.com>
Date: Thu, 26 Nov 2020 13:23:36 -0500
Message-ID: <CALhKWgiA+kg3OxzZndwiwPNexk6ABJAKn1AQmZ_LL5YcQSFvSw@mail.gmail.com>
To: Russ Housley <housley@vigilsec.com>
Cc: "Brockhaus, Hendrik" <hendrik.brockhaus@siemens.com>, LAMPS <spasm@ietf.org>, "steffen.fries@siemens.com" <steffen.fries@siemens.com>, "hans.aschauer@siemens.com" <hans.aschauer@siemens.com>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/yTt2mn2-hJG2j8LCI7oRc-UFrzY>
Subject: Re: [lamps] draft-housley-lamps-crmf-update-algs - proposal on adding text regarding iterationCount and pwd quality
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Nov 2020 18:23:50 -0000
Russ, Hendrik: On Thu, Nov 26, 2020 at 12:47 PM Russ Housley <housley@vigilsec.com> wrote: > > Driven by the bitcoin business, highly specialized ASIC speeding up hash calculation are available for a relative cheap price. Therefore, we would propose to further update RFC4211 Section 4.4 as follows. > > > > Add a sentence to the end of the first paragraph of Section 4.4 > > "The security of this MAC depends heavily on the entropy of the used password. Using one-time passwords also improves the security." > > I would prefer to say: "The password for this MAC SHOULD NOT be used for any other purpose." I think this avoids potential issues with repeated requests. > > What do others think? I think Russ's proposal is more clear for implementers. The proposed text to add to the Security Considerations discusses the entropy requirements and suggestion for one-time passwords. I agree with the other proposed changes from Hendrick. However, I'm concerned about the ASN.1 for PBMParameter Section 4.4 of RFC 4211 for the following reasons. If one wanted to use scrypt (RFC 7914) for the owf, there is duplication of the salt parameter and the iterationCount in PBMParameter would no longer be relevant. One might even want to use Argon2 (draft-irtf-cfrg-argon2), but unfortunately there is no ASN.1 module in that I-D to specify parameterization. I realize that backwards compatibility needs to be maintained for PBMParameter so those parameters cannot be made OPTIONAL, but perhaps some guidance like the following should be added? "If a salt value is specified in the AlgorithmIdentifier parameters for owf (such as in [RFC7914]), the salt value in PBMParameter MUST NOT be used and it SHOULD be the zero-length octet string. Similarly, if the mechanism specified in owf has its own cost parameter for deriving a key (such as in [RFC7914]), then the iterationCount value in PBMParameter MUST NOT be used and it SHOULD be set to 0." Jonathan
- [lamps] draft-housley-lamps-crmf-update-algs - pr… Brockhaus, Hendrik
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Russ Housley
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Jonathan Hammell
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Russ Housley
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Brockhaus, Hendrik
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Jonathan Hammell
- Re: [lamps] draft-housley-lamps-crmf-update-algs … Russ Housley