Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
John Gray <John.Gray@entrust.com> Tue, 12 July 2022 05:57 UTC
Return-Path: <John.Gray@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 17AB2C159482 for <spasm@ietfa.amsl.com>; Mon, 11 Jul 2022 22:57:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.106
X-Spam-Level:
X-Spam-Status: No, score=-7.106 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WcSDjadNEg0P for <spasm@ietfa.amsl.com>; Mon, 11 Jul 2022 22:57:31 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 18AEAC157B4B for <spasm@ietf.org>; Mon, 11 Jul 2022 22:56:26 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.5/8.17.1.5) with ESMTP id 26C40dSW006867; Tue, 12 Jul 2022 00:56:20 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h=from : to : cc : subject : date : message-id : references : in-reply-to : content-type : content-transfer-encoding : mime-version; s=mail1; bh=gaLx/kUraR9POz2pL2a+KV2Tn269FSuZDVhUF21Vtak=; b=Ogc37qPucMNiY7f7A1DiAWZ7lEr69jjfE7ZAWvxLfRZxDI/tf42P3du2C6HIYZtl44b+ iU+lxOHI7XWvLUrzdceuyau9yvPcsohabjnKq8amvD1rz57E9Ojq+Eo4/lAXpRBjwNi5 Z1GbFHJ8RIr5sugIUFjOLflvsfpsXWKIaGM9WZJwO26ST2YJG1CFkii945HSjPbKxUMJ 7xggvY4oE1WkPdLV7EKim+dfVtnMtcmcyZeE/d+Qt4TFyqowkBbxQ1/6hZOKbrfhglnd vIqgBhB69yqwknF429kB3DFv1UokDhuWIJ1hhldssRfa+HHoNgrT3NjI8o8IsA0/1IPP vw==
Received: from nam12-bn8-obe.outbound.protection.outlook.com (mail-bn8nam12lp2168.outbound.protection.outlook.com [104.47.55.168]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3h74nq84xb-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 12 Jul 2022 00:56:20 -0500
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=KDXo8lMbmtMknjMPFMuNcf0VK4Kc2xZrsOqrRvQ3DuoDo6QN6yvgTlYmYhY/WvG0G65S74c2zOHqLgdLZLkKwCpFyB2qdck+DNs2lK8e6AML0Vsz+cpQIcdqWa2eaMmAsdndCZTW8cQ7IDpiWS2VyMwK7WpVpu6PNIw7Y3ZXpit3R1CMoCXNSQEwA1c1MFDNG/uKxoniMiGU9PK4/UR89Da4+ta6lpQN6NxziExqdk7jCdFYv1dHHFqyWP32wVCkb3Z0/XelUfIKV46A/1RoW1zvEblXqzENPyA0AX7TAG6esN1c5yDOdMsL21NHJ3HoIPBcjCYCt6WApcQz7YvIHQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=gaLx/kUraR9POz2pL2a+KV2Tn269FSuZDVhUF21Vtak=; b=DenJrRuLlDvtt2ce0z93ghVnO//hylKat3dGdOZHlvfTSHk5JsdSMQUoEqn8tncFQa7W39ld6LlEU1Z+C8HFVEH9xjaQtyQnGwtEdi9qASiaPPW57cSaXBHXasTHksUyyS5v2w4r+kYZYL/ny7/h2LQKJ0ACHD68Ov4dao1ED7VEATxfkEEVZkH5hSS/wv1AlZ0FRacwaXgAB1Zo/eCk2ton6T6sOb8Qy5ptu+VwR7hn9vd0hJdok7V5D5uCQKBH9zktIwiQF7K6RZ/vMMMNinMQXY3YfvlV34VeQNeRc+TZQ+OkAQtbu3ciXXg9XdoZYCZ/SMhcCCCTziRHVOQFtQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from DM6PR11MB2585.namprd11.prod.outlook.com (2603:10b6:5:ce::22) by BL1PR11MB6050.namprd11.prod.outlook.com (2603:10b6:208:392::8) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5417.26; Tue, 12 Jul 2022 05:56:15 +0000
Received: from DM6PR11MB2585.namprd11.prod.outlook.com ([fe80::3931:9c0c:51b2:8d45]) by DM6PR11MB2585.namprd11.prod.outlook.com ([fe80::3931:9c0c:51b2:8d45%5]) with mapi id 15.20.5417.026; Tue, 12 Jul 2022 05:56:15 +0000
From: John Gray <John.Gray@entrust.com>
To: Russ Housley <housley@vigilsec.com>, Uri Blumenthal <uri@ll.mit.edu>, "Massimo, Jake" <jakemas@amazon.com>
CC: "spasm@ietf.org" <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
Thread-Index: AQHYkvm/+Voqsss3lECP5NDeNCPk4q10cagAgAPW+SCAAAzvgIAAzKrwgAB9GYCAAJCDUA==
Date: Tue, 12 Jul 2022 05:56:14 +0000
Message-ID: <DM6PR11MB25856515B179F6845BF1668FEA869@DM6PR11MB2585.namprd11.prod.outlook.com>
References: <DM6PR11MB2585CB30B5A19BDB39400B95EA879@DM6PR11MB2585.namprd11.prod.outlook.com> <00AF3B52-729F-4E14-B69D-83E4D4B35863@ll.mit.edu> <DM6PR11MB2585E20AE659FB328C6D13FAEA879@DM6PR11MB2585.namprd11.prod.outlook.com> <6B34C5E9-744E-4304-83CF-D906E41027A6@vigilsec.com>
In-Reply-To: <6B34C5E9-744E-4304-83CF-D906E41027A6@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 9e20bcde-a177-4086-340f-08da63cb3b40
x-ms-traffictypediagnostic: BL1PR11MB6050:EE_
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: IiZ2IEhNS5O1AQX6Q6pTg/MNxHe+AjHNDodKZLRg9C7DnelQuGkC1uY8WGBlU0ywjEd3e8enIbTGpWNpQobNcrq5uEW64XoQ32COmcmFmfESczTbRT6oSUkkMbDHn4FW7IansRIesWfwS5nXuFMr81yWPIqOxnqrzpRGzSC7qxW0cb7X1j9iXzhIUqyQrEWxjCO+8qZJj7TAZhZSMN03tCXzFAndI3y0qAUAQab+YSfNkQeaoEk3vtY0oPmQLWI0BVPy08azreZI2tZVJdVHBiTU/ppAeM+ziMeKlMNKaGT5Pc3euK6pMfr5jK3biHtDyGuRXZUyaQE6GSa9x/utdgj/RiWyibeKdgb43i1iSMeHa74b2qd+qQPJ8mE5vIaH04R5xFiqnhD3OjEiXpwjd6ic9uCPU3hRQpiaeOUmcVvod82sitTT02TFUnmfOzRJPx6ytRGp87JK0CrLK5yO2ITIHXqMqbtJVPxYtyjfQVbDnaA5bAtTAZJpvUhaSBkpDmD8lSvfQtB44sWDnKkXyVBy9vWq1JypJU0Q2yFSSrbANmXbaSLT7183jlxlbc5jfHLscwT6ydh/FI3ekyDEuHiv32OYjfActSbmjzodI3y1Fbq3U/Z/CzZMuSs26Qiv2m7/TcoyNrH6P0h29KI880UOH9x0vCGTbWR9zRPVIr+D2Ecnt4IMSVdZOk0JqaA4TQd/uGIulVJhObznmxbRN6egNvREQ4X0xF1u+k8m3w2MF87dr5v71JrbXbzBl85XtI42Wi4RWWT3RViDhAehlg8PgQGI4O0PO5Zl4QJqsGqAcpoy0q5OSJzDLsuXTBsMYxH4MJhKN8dGfKVpTwESL4yyK4Tirsy/z7/19kc2L3Iew3+fvQwac5AzQG9pYDtS
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:DM6PR11MB2585.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230016)(396003)(39860400002)(366004)(136003)(376002)(346002)(41300700001)(186003)(30864003)(33656002)(71200400001)(26005)(9686003)(52536014)(5660300002)(15650500001)(8936002)(7696005)(38100700002)(6506007)(122000001)(8676002)(64756008)(4326008)(86362001)(66446008)(66476007)(66556008)(76116006)(966005)(110136005)(83380400001)(478600001)(66946007)(53546011)(66574015)(316002)(55016003)(38070700005)(2906002); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: MhfJArkHX+m/rSKnVG1OfYG2ZPgIKjnvF4xL9veRiT7Ld8IVDM0V/VKzzeCHjBVvfgGItUB1emEFI8ZaC9hshFJl5rofVYiD6kFG9DOrT9qokTbxSRtzCB6BzJqBEUGSG5tiVUUI5WuXaVhbosHFWs288Z3NGe9oLgvNOXHvbLsQx70Hcg7u862OzEgiqehYETrmTvjuq7Dh/bg1OlkpUbYJNMzLMwaNIVuXo9N7UCiWf8FIqbR/jKgpFVlxo4S/e/OjwrYzLRxzPe+8jLiiDVPk1B26iGgV/LiHAsdPubIpgeMMq9hevZzKuGQx2Gygej5JKETNRUMiU8A8tXxrxyiK7TFMJXOqQZS3++SXYffmv+Ipn0bSnBXK4U9Z0B7MuPbfP0rm68HCsImygNgLT4iHn10McsLOXFTAvO63tnUxxRCMYFwJfx7g9A1OQ5oSyoQV2LoTdbUBl/RLdwN5lEejj5ILKfK+hxbfMBPLylmrU+/XZeDnLTZB2gFfNCSvEpIQVr0AkWPQKUqWDBcjqIlUgMDrJ+Zk1CzXBV42jMX4qSbmYenpiuPeC7FNiTd2QqbHu/1GqkwDg1AcEN+1ra1y1gCg07yIp3FohrxTlPpxKBUH1lhD4/GDPQkstjDrQqk6rJKjBnlnX43wU7t4S6hSChOVXDZP6hZmjkk7PIoKI5Af8TKHDcDi7D9LFRVSlZ++1lr8CQ5bYBb0Tpv/gJtpZOX0vcYYIeUiucNZoLs7/WXMZc6uxSBFMuqkul9w+i8DgU8Ad9hHBDbze5OfDMhXyRvQz8npVNGJkjmswCO1S/fPBoU3OwquLouTzt7XcLCvdEvw0LV7PNf5Ap7TGLUB867j5xTFmflbdzaczo2GOyjt0Oa5ksAjDS+Rdzl5quCnPjiKo10Ap22OoVDSLoQWjdaiX7hLWnUo1ZcmVlHSONniiOiN/dcXJllNAYrMw6Gkb1CrQQLWv0bLmXO0Xfyz9uWM/piB6hmNqCqjczPGaCfa90T2xs9U0i5Q+zlSV9qK8Lp2Yh2Vv/u0Fwigr8TjFBYy8EoxiqLd87mn03QGHPidSynxcRHwXzNpkwOQzpyVaOTGKITtm15LlmyTq+ov9OK5ATGz2rf6MfQNnFEsdgC31lQpXC52GCyP5ULzlcQIhpSorXSqbKfpvO+ZVgCO8SBp+e6BlNw2UJGgFzhJCkZZzBoSJt2bC77ohk89q1o7TkYigkOiKGAbPx1hsM7hHJXNkwpSp93qX9W4UqpwG+9ojV1hnlwdV5m/Kc4MMWT/mmQLMY2hb1Z5TWF5pyD+VTjWCw66EcekVe13G4pKanUkWpC7JuH5HhFpFfX/dbFiE7oxJ2TQ5GX/wfCRokwIpB9ixp48USWK2kHs8PpC1G2fDdY+tVsJB2BBvRfcS9f/++g2pueqyUa9beUbDsZDWcnpHr4K40xBI+9VifrBuyYOzDeapdINHn8Dk1CJ3TWKdUIXfvfFwD+ZB1YhMfj+44DzcXNq2ffRx6TJZJMTvsSNWTvjaeYCBKdt7uH7rMskYVRHnDr6wUznj7ndMSj6cur3bMUmcSooejVas5KfKKTgJnFl+qfDNVnUmFw7
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: DM6PR11MB2585.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 9e20bcde-a177-4086-340f-08da63cb3b40
X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Jul 2022 05:56:14.9764 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: +8XJBzDzH7pKipYn0BMir97EuPT0Cj/XhJXLDBVi2z7Tc23y0sGhe+awEpxh6nh/cN/8nTga/vCIwtT5EQzMCA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: BL1PR11MB6050
X-Proofpoint-ORIG-GUID: v2tWgi0IO8rPHZkLjvoKgyqdWB7QE5Qg
X-Proofpoint-GUID: v2tWgi0IO8rPHZkLjvoKgyqdWB7QE5Qg
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.205,Aquarius:18.0.883,Hydra:6.0.517,FMLib:17.11.122.1 definitions=2022-07-12_03,2022-07-08_01,2022-06-22_01
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 phishscore=0 spamscore=0 impostorscore=0 lowpriorityscore=0 malwarescore=0 suspectscore=0 clxscore=1011 priorityscore=1501 bulkscore=0 mlxlogscore=999 adultscore=0 mlxscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.12.0-2206140000 definitions=main-2207120023
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/_XPp5HfayONYpSS1BnmB_X-S2po>
Subject: Re: [lamps] [EXTERNAL] Re: New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 12 Jul 2022 05:57:35 -0000
Thanks Russ, I agree, we just need to know how to encode the public key structure into a BIT STRING. So I am just looking forward to clarity on the encoding of the DilithiumPublicKey. For example, here is a Dilithium2 Public Key (using the Round 3 implementation from open quantum safe), encoded as a BIT STRING: The OIDs I'm using are not standard as they still need to be defined... 😊 -----BEGIN PUBLIC KEY----- MIIFNDANBgsrBgEEAQKCCwcEBAOCBSEAsmWAVrlRRdacWdEWHbtO2yy0X6wNyejL n8+9SFISsz9CD2dgBNbNj5p3nCoLmow64wFRSrJqbiiS62rvP19H8I1L8WnIfYSO gJ54Pa1ncLiroxtUyabwe0S7kqbT2SWiuVFTutbF4XdeK+SLFuBHufcPXHwu5DWW xQSQk1bWng3ZZAb/684gzWb6dpo73bOVOiXHZJ4YBAMUfEiwbsBKzsHghKfZirTC S3ttBmLaMORSq2sE2RDyVHpnn2IGlq3n7wMX9ywlu9SNzp5xcS2jxWak0KWsiDLI eKtyYAvDteQxtdEbza5rfJNAGuBHcvQ22UFkGdgKIOcNKsjbH6h2oxn2qVQDGTXh lv0vCWZFpqf4ApXxIr6rj346AkiDXUfD13+r1ojO22FDirD6DVzMzJLn9ObjKthm y1a3/5uIXTvmNKi1DeEBbjtHaGd0tqyUYdIG9aWPuUUypXKHUx9lK3pcF3oBDQ1W Uo05QJZVw7gISFjdiaqkoNLW/14GdC+AzQVJxyOs8fggRqDDZT3p0PUFg7OgZB+m BwHE1eG2OE5JEYWc+BVVsxyyAgfrygMAPmsmx3XpZ3c6I7s/VSP6XTWYK0fsnPDL dYuAprInswARsINE2z5+SIcr9pnNUwQWJvgwh1TvB1rC1f4+mgZO1+Y6YA220Obg dkX1VNZ2/ETmv7U0D3kDpEMV+VyRdFfzACdg/MBt2tqBkQVPQk/g4BP5Dnmrteyc bZg7A6MSCZGYPFiv6byAwJX7q4GF066phrq1QXW2G6YWQXFtvuh/RwYqbVm0L9pW wcnlYU98rATWaw8uexG/wlGSh7CWlxk8JuOdz45nmvp8o6sV06jhVtVBbyvTL1CG fD2wCOWuiqkPpPMejnMc/kLPFPJVe5D83JpKDj+4dzLotwBR/VuBNwKJWJ6sLe3z +glg0qQPmueV2wSPlV141+hz7i9nJFlLUGE99HSj4gIdTiENoFJyviTfcn70MO5C ko9zkrliKGn2k798RE6Ksp3Y78FFJ8/7xoxq9J8Wq1JeWp5OMkFgptGrZkVQbwl/ yabFITk7Er6kT93uGGoUvagJWMo4l46CHzB93CqquLWuGJWNPlYb7wGD+gG2i/rz e0a3uDlWF1NkN8y9zaU1Ms6NUQnsTt5eEUNnZ6pmBJ+nWCU1I4eosbjNYX/PGESw grykYBwYvthzWaL0b2j+jKEKdr2rCh6rGTTx56e31RLeqsD+udp22Lw98VOGqSVw ZmkGnHbreuSe7KSLdsPmXF1lojgPElWU9cN/xumc9n0f0mDEWBFBjwpAuf/NmNQp g038JYuwqGT61gcDHX4fYBek7zLKMY4L06+zvu1kGPueh5pf9Po9mFGbFFn4cZ/f CHzRNs6AJnMVG86LrQK/91XbM4EWuJwIPJlw4B/f6NBnp+e9kQHOnIieOHyNmHzj NwNumaoqIYUCDWKPUellqY+CR1SDbYwV6fHo5sTfequnfXCnM6D/3NoseuD+klP5 t9IJEC0dqD6edQw06Gf5LVN6tqfNGtC1Rsu2K6wm4Tf3PIq+Tt5Xi5g1Es3KJSrm DV03KDBBM49gI07USE+79DW0DjYwpSuD+lA/pUU4MgPnuoH4COZBU1NtGJ06dVW3 ZVmxJa/tZwKRZx00/JCxjYJJ+6H5EBsUUjoQl9rPb8gz1iuw9yNBE1mAx/ClFkUS fwF+2cUdQRA/B0tsi3QWNPICWVhZJWq851MUMA43VnwR2/8p37SzUA== -----END PUBLIC KEY----- Here is a Dilithium2 Public Key encoding using the OCTET STRING encoding which is then encoded into the BIT STRING. This is what I think the current draft is saying how it should be encoded. -----BEGIN PUBLIC KEY----- MIIFODANBgsrBgEEAQKCCwcEBAOCBSUABIIFIH7hnTDc14tyQ7OrajCMhcpzInsZ JOpDwQJrDZlKICTMGqMbpQMSa85XKX/2o6kkXY60aTpx3QrnsnUrAuAjIvygyo5K JtKE3xePCClymhAjxBeAX3lvFd+y+STwDesclytVXMFfA8MFGeDxNi4j7JbNLUVT d2YeIm8IFdSlU/HYNcOwKqHnYphvvMXaHvRrlwryH5aN5iCtPTenTUKl3nCf8ZsW hkQ7JJP7uAGfLokCsH7pTLkLiN5ricPP0yfPqjd0lST4pvL/MoLrouM89YlAWVAT sjjMB9EJTlJHHyiG4tGXpltNcQSKFHdJcM7LT094GTFf8Xfmj5FeFpnyz0x4TEFP GMSj27OeOBoJOX7DM+e6yBxjpJ+27MYIl2F1i9mTHFboJZb0vBKO5itYOi32Et6D q66xd+t3dSrP0ruK5/iw6nzHb8NIf8+JRgrC/9GdEVpo6uM7BPDe+pDWROLFVCS3 wExJgrA6ljykLcst1q7mQnIyegrPXsouUgNzQErgxrYrg58FGHBrrQun9U767MNR 94fCLRTFXY9YlGE93dlgetXXa3Wk80zOV8Pt73KyHWJAgLwfefybXirP8k/gEBIi IgCO97tmQp5GH4vDhWa1kk4qwD6b9zf5ZfzQHNXIyh78xJ2nxchVvtqui1GS82oQ +2WUGoOlZdcb94Szjecqa/eIC+1WWcLH1+gEtwE0pAefbDqpIa3dFTK6NQUYoaXL F/EdhEr7zwcL5oH/VU88tdXtYWoWISVYkM5qzlmNe8MB+uo85A1DHs35m0RgPMGX WNiKblscd6bK+60FBNHHMuhn9fD0WT7PlN/YAhbgH/SKjE0hyqF8Kz5WASvFL9G1 W557+sdU6PtUNOdrZF4lXhz7oESOv79RVDv3ObgvQZ6RMf0wdUrdzIJhd09fOQA4 aqS4Uu7B2md/WLNUc9IxH4ectlBPxos43NnnJYK6DPOcdammdE8QdkQ+D1MhzNIA R8FWZQktirl8OwcmG66MGmXWmRs6WZHl+S/ZFzZBhRlIOo5+t5zC48u4u6dqYScF lRBfyffysM2mANNt7wkdpKyY5puTHx+ua2NParRWJ3sG6yVTBM0dYqenjGbk7HQ2 rUoCt+qDS7MBwgIl7DNZbHkoA/CH8Z2MtDaT7CmDAuhuxY8Xd91BvJDqsxsnljtx m3AW0WPge2Fq45FxjnP1DQEuMiAezpriZBTEkEG0FfF1ZVGWtd+m1nhPEaEeENZ2 lV5yJQBb9uNmJYJ81SdHfSVT7HMFyvnxxncZX7/V3kGmz2rsz4B8OEiiJxNP7yn7 HKb4j/gYp5ltQHJ7gx+e3WrRoc35B2zqQK1QbEtjZWMS+AItxytjibKjfSQpLUPe kqRzC+5yF5ZNocSdPQ+6vzC3XJyIW3KwZF/A+tAaaxJEkTcMSW2L3/yCCVRITLp6 76/6YJMb5PKVlZuZhw8QvmAR4K+ctN2Y7KlSNZN5YHCmlYIMV8OONx4nTsrhXi2I 5diWGGBSt/I4r+OG5n7p7Yqm3xe9kt6C6NpIMmD97fN14/LWlPg4hnwyDal//HmL CnDS9nGYUkki4apV1m79a65pgk6fGZ7HiAwpht1cgarG93rlBUrVEuP+BZW3DiYc IQhGFFXIFQgh2uXijoRVU/N6h8tKZEVPCSoWdZFvNpQtbgcvVWJNo4Atd/t24+4O dgItsA1WUUlD/L00O6xTubIpmfWCa8cpYIN2AlX9RIwy5Xjme2OYmx6T5Jg= -----END PUBLIC KEY----- Russ, in regards to the PrivateKeyInfo structure, I was just pointing out the difference that I see in 5280 (OCTET STRING for privateKey vs BIT STRING for public key). I think the way they have defined the DilithiumPrivateKey as an OCTET STRING is fine as it complies with 5280. My only question in relation to the private key is why there has to be an option to have the public key in there? If it is not there and an implementation required it to be there then wouldn't that cause interop issues? I notice in RFC 5915 (EC Private Keys) there is language to try and mitigate incompatibilities by suggesting the public key SHOULD always be in the ECPrivateKey, and then if it is not it can just be recomputed if it was needed. I don't know if it is possible to recompute dilithium public keys from private keys, if it is possible, then I suppose something similar could be explained. In any case, I just think an expanded explanation for that optional field and language to try and mitigate incompatibility between implementations should be considered. Since I have already come across this exact incompatibility in practice, it isn't just hypothetical. I could send samples of this incompatibility as well if that is helpful... 😊 From 5915: publicKey contains the elliptic curve public key associated with the private key in question. The format of the public key is specified in Section 2.2 of [RFC5480]. Though the ASN.1 indicates publicKey is OPTIONAL, implementations that conform to this document SHOULD always include the publicKey field. The publicKey field can be omitted when the public key has been distributed via another mechanism, which is beyond the scope of this document. Given the private key and the parameters, the public key can always be recomputed; this field exists as a convenience to the consumer. Cheers, John Gray -----Original Message----- From: Russ Housley <housley@vigilsec.com> Sent: Monday, July 11, 2022 4:13 PM To: John Gray <John.Gray@entrust.com>; Uri Blumenthal <uri@ll.mit.edu>; Massimo, Jake <jakemas@amazon.com> Cc: spasm@ietf.org Subject: [EXTERNAL] Re: [lamps] New Version Notification for draft-massimo-lamps-pq-sig-certificates-00.txt WARNING: This email originated outside of Entrust. DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. ______________________________________________________________________ John and Uri and Jake: RFC 5280 does carry the subject public key in a BIT STRING, but that does not mean that each element of the DilithiumPrivateKey SEQUENCE needs to be a BIT STRING. Quite the opposite. Please use the most natural structure, and then tell how to encode that structure into a BIT STRING. Please take a look at RFC 8017 to see how this was done for RSAPublicKey. I would hope that DilithiumPrivateKey can be done in a manner that has no parameters, even if that means that there are several different OIDs that need to be assigned. Russ > On Jul 11, 2022, at 9:06 AM, John Gray <John.Gray=40entrust.com@dmarc.ietf.org> wrote: > > 5280 says that the subjectPublicKey has to be a BIT STRING, so even if we don't like it I don't think we can change the fact that the subjectPublicKey will eventually be held in a BIT STRING. So wrapping the subjectPublicKey material in OCTET STRING before the final BIT STRING is just an extra layer of wrapping is it not? I was just wondering if there is a technical reason for having that extra layer? > > SubjectPublicKeyInfo ::= SEQUENCE { > algorithm AlgorithmIdentifier, > subjectPublicKey BIT STRING } > > I have created Dilithium certificates both ways and both work equally well (encoded the subjectPublicKey BIT STRING with the DilithiumKey encoded as an OCTET STRING), and the DilithiumKey encoded as a BIT STRING. The second way saves a few bytes is all, but there are no issues I can see other than causing incompatibility between different parsers if one only works with one format or the other. > > I notice that the PrivateKeyInfo uses OCTET STRING for its key encoding, which is different than the public key. I would have expected them to be the same, but I guess that is part of history why that happened... ☹ > > PrivateKeyInfo ::= SEQUENCE { > version Version, > privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, > privateKey PrivateKey, > attributes [0] IMPLICIT Attributes OPTIONAL } > > Version ::= INTEGER > > PrivateKeyAlgorithmIdentifier ::= AlgorithmIdentifier > > PrivateKey ::= OCTET STRING > > > Cheers, > > John Gray > > > -----Original Message----- > From: Blumenthal, Uri - 0553 - MITLL <uri@ll.mit.edu> > Sent: Sunday, July 10, 2022 8:33 PM > To: John Gray <John.Gray@entrust.com> > Cc: Massimo, Jake <jakemas@amazon.com>; spasm@ietf.org > Subject: [EXTERNAL] Re: [lamps] New Version Notification for > draft-massimo-lamps-pq-sig-certificates-00.txt > > WARNING: This email originated outside of Entrust. > DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. > > ______________________________________________________________________ > I am strongly against wrapping keys into BIT STRING. > > This is a relict from the past, originally caused by insufficient experience, and a relict that proved itself useless. > > Stick with OCTET STRING. > > Regards, > Uri > >> On Jul 10, 2022, at 20:19, John Gray <John.Gray=40entrust.com@dmarc.ietf.org> wrote: >> >> Thank you for posting this draft. It looks very well formed, almost as if you were just waiting for an announcement to be made... 😊 >> >> I am glad to see there are no algorithm parameters. We have already been doing experiments with Dilithium certificates based on the round 3 candidates, and had to pick our own OIDs (due to lack of standard) and chose NOT to use parameters because we didn't know if there would be any. So it looks like there won't be a lot of changes required to our early non-standard prototype implementations. 😊 >> >> That being said, I have a couple of comments: >> >> In regards to wrapping the public key in an OCTET_STRING: >> >> The Dilithium public key MUST be encoded using the ASN.1 type >> DilithiumPublicKey: >> >> DilithiumPublicKey ::= OCTET STRING >> >> In testing interop with other implementations (openSSL with open quantum safe for example), I noticed they DO NOT wrap the DilithiumPublicKey in an OCTET_STRING. We did that in our initial implementation, but after going through RFC 5280 again, I don't see a specific need to first wrap the DilithiumKey (or in fact any of the other Post Quantum Signature types such as SPHINCS+ or Falcon) in an OCTET_STRING as that OCTET_STRING then gets wrapped into a BIT STRING as per the SubjectPublicKeyInfo. You actually save 4 bytes without the wrapping.... In any case our current implementation can handle both ways, but it was something I came across and thought I would ask if there was a specific reason why it needed to be wrapped in an OCTET_STRING? >> >> This question underlies why we definitely need a standard... 😊 >> >> >> In regards to the Private Key format, I notice you have placed an option to contain the PublicKey inside the private key. >> >> DilithiumPrivateKey ::= SEQUENCE { >> rho BIT STRING, - nonce/seed >> K BIT STRING, - key/seed >> tr BIT STRING, - PRF bytes (CRH in spec.) >> s1 BIT STRING, - vector l >> s2 BIT STRING, - vector k >> t0 BIT STRING, - encoded vector >> PublicKey IMPLICIT DilithiumPublicKey OPTIONAL >> } >> >> Is this to align with other private key formats like RFC 5915 (Elliptic Curve Private Key)? With the larger size of these Dilithium keys (and other Post Quantum Keys), I think there would be less appetite for including the public key inside the private key. If an implementation depends on the public key being there, and it is not there, then I guess it would fail, possibly causing interop issues (I have already come across this with the openSSL - libOQS library as they concatenated the public key in the private key, and our implementation did not). So I guess with it being optional are you saying implementations MUST accept the key in either format (with the public key included or with no public key included)? >> >> >> In section 5, you have this sentence: >> >> Dilithium public keys are >> optionally distributed in the publicKey field of the PrivateKeyInfo >> structure. >> >> I think you mean: >> >> Dilithium public keys are >> optionally distributed in the publicKey field of the >> DilithiumPrivateKey structure. >> >> >> The PrivateKeyInfo structure from RFC 5208 does not contain a public key structure: >> >> PrivateKeyInfo ::= SEQUENCE { >> version Version, >> privateKeyAlgorithm PrivateKeyAlgorithmIdentifier, >> privateKey PrivateKey, >> attributes [0] IMPLICIT Attributes OPTIONAL } >> >> >> Thanks again for putting this draft out so quickly after the NIST announcement! >> >> Cheers, >> >> John Gray >> Entrust >> >> -----Original Message----- >> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Massimo, Jake >> Sent: Friday, July 8, 2022 4:08 PM >> To: spasm@ietf.org >> Subject: [EXTERNAL] [lamps] FW: New Version Notification for >> draft-massimo-lamps-pq-sig-certificates-00.txt >> >> WARNING: This email originated outside of Entrust. >> DO NOT CLICK links or attachments unless you trust the sender and know the content is safe. >> >> _____________________________________________________________________ >> _ >> Hi! >> >> I'd like to introduce the 00 draft of the I-D we discussed @ IETF 113 (and we will discuss again @ IETF 114) that will document algorithm identifiers and ASN.1 encoding format for NIST's PQC signature algorithms in X.509. As discussed by Sean Turner in the introduction of the I-D draft-turner-lamps-nist-pqc-kem-certificates, we are splitting up the KEMs from the signature algorithms into separate I-Ds. This is the signature algorithm part. We focus on single PQC algorithm rather than hybrid constructions that are covered in other drafts. We are planning to use the algorithm identifiers assigned by NIST. The draft discusses the signature algorithm Dilithium. >> >> If there are any feedback or comments to the draft in advance to the meeting, feel free to contact me. >> >> Cheers, >> Jake >> >> >> On 08/07/2022, 11:37, "internet-drafts@ietf.org" <internet-drafts@ietf.org> wrote: >> >> CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe. >> >> >> >> A new version of I-D, draft-massimo-lamps-pq-sig-certificates-00.txt >> has been successfully submitted by Jake Massimo and posted to the >> IETF repository. >> >> Name: draft-massimo-lamps-pq-sig-certificates >> Revision: 00 >> Title: Algorithms and Identifiers for Post-Quantum Algorithms >> Document date: 2022-07-08 >> Group: Individual Submission >> Pages: 12 >> URL: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-massimo-lamps-pq-sig-certificates-00.txt__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdndyJ0lmSg$ >> Status: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/draft-massimo-lamps-pq-sig-certificates/__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd2kZG978$ >> Html: https://urldefense.com/v3/__https://www.ietf.org/archive/id/draft-massimo-lamps-pq-sig-certificates-00.html__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd7ZiJyGA$ >> Htmlized: https://urldefense.com/v3/__https://datatracker.ietf.org/doc/html/draft-massimo-lamps-pq-sig-certificates__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd7k9nM9I$ >> >> >> Abstract: >> Digital signatures are used within X.509 certificates, Certificate >> Revocation Lists (CRLs), and to sign messages. This document >> describes the conventions for using Dilithium quantum-resistant >> signatures in Internet X.509 certificates and certifiate revocation >> lists. The conventions for the associated post-quantum signatures, >> subject public keys, and private key are also described. >> >> >> >> >> The IETF Secretariat >> >> >> >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa >> sm__;!!FJ-Y8qCqXTj2!em5Q_A_k1PMQ0W4omwWUauCCeb4EMshOz6mYYWzWzuQkN7W39 >> uZc2n6qACvqm-IoJWr8lOb4JA7PFy5EbwwaOZJYPgTgSdnd2gf0i_M$ >> Any email and files/attachments transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system. >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spa >> sm__;!!FJ-Y8qCqXTj2!bpBsAYDumiPJtCWh3ECigcLXWuM5DkdpqSr-zsAO3qtAts9vl >> fEDfo2nmwmxdE3FNFtlw7AfX9AAK8VBF8Q$ > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://urldefense.com/v3/__https://www.ietf.org/mailman/listinfo/spas > m__;!!FJ-Y8qCqXTj2!bpBsAYDumiPJtCWh3ECigcLXWuM5DkdpqSr-zsAO3qtAts9vlfEDfo2nmwmxdE3FNFtlw7AfX9AAK8VBF8Q$
- [lamps] FW: New Version Notification for draft-ma… Massimo, Jake
- Re: [lamps] FW: New Version Notification for draf… Russ Housley
- Re: [lamps] FW: New Version Notification for draf… Ilari Liusvaara
- Re: [lamps] New Version Notification for draft-ma… John Gray
- Re: [lamps] New Version Notification for draft-ma… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] New Version Notification for draft-ma… John Gray
- Re: [lamps] New Version Notification for draft-ma… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] New Version Notification for draft-ma… Russ Housley
- Re: [lamps] New Version Notification for draft-ma… Corey Bonnell
- Re: [lamps] New Version Notification for draft-ma… Massimo, Jake
- Re: [lamps] [EXTERNAL] Re: New Version Notificati… John Gray
- Re: [lamps] [EXTERNAL] Re: New Version Notificati… Blumenthal, Uri - 0553 - MITLL
- Re: [lamps] New Version Notification for draft-ma… Russ Housley