Re: [lamps] draft-housley-cms-mix-with-psk-03

Russ Housley <housley@vigilsec.com> Fri, 09 March 2018 17:27 UTC

Return-Path: <housley@vigilsec.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4CD9712E039 for <spasm@ietfa.amsl.com>; Fri, 9 Mar 2018 09:27:40 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id A8cTjvj3cwil for <spasm@ietfa.amsl.com>; Fri, 9 Mar 2018 09:27:36 -0800 (PST)
Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3EAB312D946 for <spasm@ietf.org>; Fri, 9 Mar 2018 09:27:36 -0800 (PST)
Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 177AE3005DB for <spasm@ietf.org>; Fri, 9 Mar 2018 12:27:34 -0500 (EST)
X-Virus-Scanned: amavisd-new at mail.smeinc.net
Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id QQ-pSpG3MhiQ for <spasm@ietf.org>; Fri, 9 Mar 2018 12:27:32 -0500 (EST)
Received: from a860b60074bd.home (pool-108-45-101-150.washdc.fios.verizon.net [108.45.101.150]) by mail.smeinc.net (Postfix) with ESMTPSA id 4692A300435; Fri, 9 Mar 2018 12:27:32 -0500 (EST)
Content-Type: text/plain; charset=utf-8
Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\))
From: Russ Housley <housley@vigilsec.com>
In-Reply-To: <B4849071-AFEE-40FC-BDC7-D0DE290E775A@isara.com>
Date: Fri, 9 Mar 2018 12:27:33 -0500
Cc: SPASM <spasm@ietf.org>
Content-Transfer-Encoding: quoted-printable
Message-Id: <1A02FB20-9018-43ED-BE2B-BFC3CE82B168@vigilsec.com>
References: <836CB2DA-9A82-4DEC-845A-15A7ED195C8A@vigilsec.com> <B4849071-AFEE-40FC-BDC7-D0DE290E775A@isara.com>
To: Daniel Van Geest <Daniel.VanGeest@isara.com>
X-Mailer: Apple Mail (2.3273)
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/yZqlTtzPzewahYfqqohd43wDrAQ>
Subject: Re: [lamps] draft-housley-cms-mix-with-psk-03
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Mar 2018 17:27:43 -0000

Thanks for reading the document.  I will go through your comments and update the document.

You are correct.  I was probably being too subtle with the "may" in the security considerations.  I will come up with better wording.

Russ


> On Mar 8, 2018, at 7:24 PM, Daniel Van Geest <Daniel.VanGeest@isara.com> wrote:
> 
> Hi Russ,
> 
> I have a few minor nits and one (still minor) comment.
> 
> Section 2:
> 
> (nit) s/then all recipient obtain/then all recipients obtain/
> (nit) s/then key-derivation key is mixed/then the key-derivation key is mixed/ (x2)
> 
> Section 6:
> 
> “Compromise of the key transport private key or the agreement private key may result in the disclosure of all contents protected with that key. Compromise of the key-derivation key that is established with the key transport private key or the agreement private key may result in disclosure of the associated encrypted content.”
> 
> In this draft, disclosure of these keys would not result in the disclosure of the protected content unless the PSK was also disclosed.  I guess the “may” hedges those statements and makes them still technically true.  RFC 5652 says the same thing about the private keys, except in that case the disclosure of the keys would definitely allow disclosure of the protect content.  So maybe in this draft you want to qualify that if the private keys and the PSK are disclosed, the protected content may also be disclosed.
> 
> (nit) s/randomly generate key-derivation key/randomly generate key-derivation keys/
> (nit?) s/as well as the content-encryption key/as well as the content-encryption keys/
> (nit?) s/or content-authenticated-encryption key/or content-authenticated-encryption keys/
> (nit) s/If the key-encryption algorithm is different that/If the key-encryption algorithm is different than/
> (nit) s/Implementer should not/Implementers should not/
> (nit) s/send the same content in different in separate messages/send the same content in different/
> 
> Thanks,
> Dan
> 
> On 2018-03-05, 8:23 PM, "Spasm on behalf of Russ Housley" <spasm-bounces@ietf.org on behalf of housley@vigilsec.com> wrote:
> 
>    I would like to make people on this mail list aware of this Internet-Draft.
> 
>    Russ
> 
>    = = = = = = = = = =
> 
>    A new version of I-D, draft-housley-cms-mix-with-psk-03.txt
>    has been successfully submitted by Russell Housley and posted to the
>    IETF repository.
> 
>    Name:		draft-housley-cms-mix-with-psk
>    Revision:	03
>    Title:		Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)
>    Document date:	2018-03-05
>    Group:		Individual Submission
>    Pages:		13
>    URL:            https://www.ietf.org/internet-drafts/draft-housley-cms-mix-with-psk-03.txt
>    Status:         https://datatracker.ietf.org/doc/draft-housley-cms-mix-with-psk/
>    Htmlized:       https://tools.ietf.org/html/draft-housley-cms-mix-with-psk-03
>    Htmlized:       https://datatracker.ietf.org/doc/html/draft-housley-cms-mix-with-psk-03
>    Diff:           https://www.ietf.org/rfcdiff?url2=draft-housley-cms-mix-with-psk-03
> 
>    Abstract:
>      The invention of a large-scale quantum computer would pose a serious
>      challenge for the cryptographic algorithms that are widely deployed
>      today.  The Cryptographic Message Syntax (CMS) supports key transport
>      and key agreement algorithms that could be broken by the invention of
>      such a quantum computer.  By storing communications that are
>      protected with the CMS today, someone could decrypt them in the
>      future when a large-scale quantum computer becomes available.  Once
>      quantum-secure key management algorithms are available, the CMS will
>      be extended to support them, if current syntax the does not
>      accommodated them.  In the near-term, this document describes a
>      mechanism to protect today's communication from the future invention
>      of a large-scale quantum computer by mixing the output of key
>      transport and key agreement algorithms with a pre-shared key.
> 
>    _______________________________________________
>    Spasm mailing list
>    Spasm@ietf.org
>    https://www.ietf.org/mailman/listinfo/spasm
> 
>