From nobody Mon Apr 1 22:12:26 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5BA9D120086 for ; Mon, 1 Apr 2019 22:12:24 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.901 X-Spam-Level: X-Spam-Status: No, score=-6.901 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9NDLBpRWK7Yh for ; Mon, 1 Apr 2019 22:12:20 -0700 (PDT) Received: from gecko.sbs.de (gecko.sbs.de [194.138.37.40]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5E44B12001E for ; Mon, 1 Apr 2019 22:12:20 -0700 (PDT) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by gecko.sbs.de (8.15.2/8.15.2) with ESMTPS id x325CHet006104 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 2 Apr 2019 07:12:17 +0200 Received: from DEFTHW99ERNMSX.ww902.siemens.net (defthw99ernmsx.ww902.siemens.net [139.22.70.141]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id x325CHlo020123 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for ; Tue, 2 Apr 2019 07:12:17 +0200 Received: from DENBGAT9ER2MSX.ww902.siemens.net (139.22.70.79) by DEFTHW99ERNMSX.ww902.siemens.net (139.22.70.141) with Microsoft SMTP Server (TLS) id 14.3.435.0; Tue, 2 Apr 2019 07:12:18 +0200 Received: from DENBGAT9EJ5MSX.ww902.siemens.net ([169.254.12.162]) by DENBGAT9ER2MSX.ww902.siemens.net ([139.22.70.79]) with mapi id 14.03.0435.000; Tue, 2 Apr 2019 07:12:17 +0200 From: "Fries, Steffen" To: "spasm@ietf.org" Thread-Topic: Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile Thread-Index: AdTpEqMJe7nRixUIQJ2pi62nhzW52w== Date: Tue, 2 Apr 2019 05:12:15 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-ID: <1992CF699A457E48975C62D10C45921A@internal.siemens.com> Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2019 05:12:25 -0000 Hi, during the LAMPS session in IETF-104 we presented a draft for a lightweight= industrial CMP profile. The document as such bases on CMP and targets to s= implify the very versatile CMP.=20 During the presentation we have been asked to also talk to the ACE WG chair= regarding potential interest in this work, as it was not sure if LAMPS is = the right home. I talked to Jim Schaad and as we only work on CMP directly,= not with the transport nor specific considerations for constraint devices,= ACE may not be the right home. Also, Jim was asking if the draft needs to = be a standards track RFC and thus be adopted in a WG. An alternative approa= ch could also be an independent submission. To make this decision, we need = some guidance.=20 For this, let me enumerate the main points we addressed in the draft: - Generally Section 1.4 enlists the exceptions from the mandatory CMP Profi= le as defined in RFC4210 Appendix D: o signature-based protection is the default protection; initial transacti= ons may also use HMAC, o certification of a second key pair within the same transaction is not s= upported, o proof-of-possession (POPO) with self-signature of the certTemplate acco= rding to [RFC4211] section 4.1 clause 3 is the only supported POPO method, o confirmation of newly enrolled certificates may be omitted, and especia= lly o all transactions consist of request-response message pairs originating = at the end entity (EE), i.e., announcement messages are omitted. - In section 4.1.5 the proceeding of central key generation needed extensio= ns at least for ECC key pairs. - In section 4.4.1 the RootCAUpdate is specified as request-response transa= ction and differs from the announcement message as specified in RFC4210 sec= tion 4.4 and Appendix E. - In section 5 the new Extended Key Usages id-kp-cmpRA is introduced to ind= icate that a key pair is entitled to be used by an LRA/RA for signature-bas= ed protection of a CMP message. - Generally further topics to clarify CMP or CRMF may come up during WG rev= iew. Based on this list, are these point to be handled as profiling of the base = protocol or are they rather seen as technical change/enhancement?=20 My understanding is that for profiling an independent RFC would be fine, as= the base spec can be normatively referenced by other standards. In this ca= se the CMP profile document can be informational.=20 If some of the points listed qualify rather for technical changes of the ba= se protocol, my understanding is that we need to find a home for the draft = and target the standard track. @Jim, I hope my conclusion based on our conv= ersation is right. Regarding interest in the resulting RFC there is work ongoing in ANIMA WG a= nd EAP WG, that can directly leverage the lightweight CMP. In either case your view is appreciated. Best regards Steffen =20 From nobody Mon Apr 1 23:22:58 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE2D120089 for ; Mon, 1 Apr 2019 23:22:56 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.647 X-Spam-Level: X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YKabwLlP5G3E for ; Mon, 1 Apr 2019 23:22:54 -0700 (PDT) Received: from mail-it1-f176.google.com (mail-it1-f176.google.com [209.85.166.176]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B8A5712001E for ; Mon, 1 Apr 2019 23:22:54 -0700 (PDT) Received: by mail-it1-f176.google.com with SMTP id y10so3319347itc.1 for ; Mon, 01 Apr 2019 23:22:54 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=PzJiS6IGhupAtO9V++pgtz2wJC5eieJYVZlgMSTAfl0=; b=LnsoWouq5baCZ+dMQ1AKpCh75jthMMv9w56SF3DlWXJ3oE7BSR0pRjxmaKmhd9vxO3 Eu2UVPbwuk5x2JI1Pfut8DkcOsMr71yNSAYaCY12ib47c5LCjoSCFeyFCB18S0pXuBX4 oc1bvC7MVKg/ZrniubVJWWCWDD6lI2vxNKrUaAvtdO0GZYN8x669CMoNBe5JKF0snLKE d0FFuo4EAQst0Pz0t9zHMUeAu8RIP3V61+BPnFG9LVNBh0XVIOLSi/1wRk5vRbJ9Fu+g mduNI4nhBuesPlPG/Xl/a8S5eS8SkcH0EFQ0JtXm3aiSdXhumSx2oj+4NIEhrZgc5nSx g6lQ== X-Gm-Message-State: APjAAAWzRjxH86ydse1ntQjcDrAT0Uhv2pYhXU2Drxsk8+T2r7RteBIU AznX3q6HX7Iql8cpwUFA4mV+KAyhEfc= X-Google-Smtp-Source: APXvYqwP6BYKKgNxq+33mbyf7Rn0KW+Qpi1wZj/mtXooJO9CJQI11Od1Iz7X0W9rFUHKJNx74IZCvg== X-Received: by 2002:a24:628b:: with SMTP id d133mr2858402itc.32.1554186173605; Mon, 01 Apr 2019 23:22:53 -0700 (PDT) Received: from mail-io1-f47.google.com (mail-io1-f47.google.com. [209.85.166.47]) by smtp.gmail.com with ESMTPSA id k201sm3925058itb.10.2019.04.01.23.22.53 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 01 Apr 2019 23:22:53 -0700 (PDT) Received: by mail-io1-f47.google.com with SMTP id d201so9931406iof.7 for ; Mon, 01 Apr 2019 23:22:53 -0700 (PDT) X-Received: by 2002:a5e:c204:: with SMTP id v4mr3073870iop.252.1554186173200; Mon, 01 Apr 2019 23:22:53 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: From: Ryan Sleevi Date: Tue, 2 Apr 2019 15:22:42 +0900 X-Gmail-Original-Message-ID: Message-ID: To: Russ Housley Cc: SPASM Content-Type: multipart/alternative; boundary="000000000000c4c4740585862a30" Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2019 06:22:57 -0000 --000000000000c4c4740585862a30 Content-Type: text/plain; charset="UTF-8" Opposed. It does not seem the concerns raised in the November thread - e.g. https://mailarchive.ietf.org/arch/msg/spasm/4EP3bX2adJBCmTjBMYazAKQJFU0 - have been addressed. Much like we should be careful about introducing CBC or other non-AEAD constructions in TLS, we should be very careful in introducing algorithms with critical system failures in the presence of issues widespread in existing PKIs. Moving from a stateful signature algorithm to a stateless one seems the best way to achieve the goals stated in the draft, and without such (significant) risks. On Tue, Mar 26, 2019 at 9:56 PM Russ Housley wrote: > We talked about the "Algorithm Identifiers for HSS and XMSS for Use in the > Internet X.509 Public Key Infrastructure" < > https://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> document > today dat the face-to-face meeting session. It was suggested that the > document is read for WG adoption. Please voice your support or concerns on > the list. > > Russ > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm > --000000000000c4c4740585862a30 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
Opposed.

It does not seem the concerns raised in the November thread -= e.g.=C2=A0
Much like we should be careful about introducing C= BC or other non-AEAD constructions in TLS, we should be very careful in int= roducing algorithms with critical system failures in the presence of issues= widespread in existing PKIs. Moving from a stateful signature algorithm to= a stateless one seems the best way to achieve the goals stated in the draf= t, and without such (significant) risks.

On Tue, Mar 26, 2019 at = 9:56 PM Russ Housley <housley@vi= gilsec.com> wrote:
We talked about the &qu= ot;Algorithm Identifiers for HSS and XMSS for Use in the Internet X.509 Pub= lic Key Infrastructure" <https://www.ietf.org/id/dr= aft-vangeest-x509-hash-sigs-03.txt>=C2=A0document today dat the face= -to-face meeting session.=C2=A0 It was suggested that the document is read = for WG adoption.=C2=A0 Please voice your support or concerns on the list.

Russ

______________= _________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm
--000000000000c4c4740585862a30-- From nobody Tue Apr 2 08:37:41 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 343B3120220 for ; Tue, 2 Apr 2019 08:37:31 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.852 X-Spam-Level: X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, KHOP_DYNAMIC=0.85, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=akamai.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Tpbr4wrBXVDh for ; Tue, 2 Apr 2019 08:37:29 -0700 (PDT) Received: from mx0b-00190b01.pphosted.com (mx0b-00190b01.pphosted.com [IPv6:2620:100:9005:57f::1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 648201201D0 for ; Tue, 2 Apr 2019 08:37:28 -0700 (PDT) Received: from pps.filterd (m0050102.ppops.net [127.0.0.1]) by m0050102.ppops.net-00190b01. (8.16.0.27/8.16.0.27) with SMTP id x32FScL3017007; Tue, 2 Apr 2019 16:37:27 +0100 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=akamai.com; h=from : to : subject : date : message-id : content-type : content-id : content-transfer-encoding : mime-version; s=jan2016.eng; bh=J7b5En8WCZW0MTBm+rBHqIG2wYSeFZ3ayZ/GJT+0O1c=; b=nZ7pBXnWdUCqJo5aTid9+NcLwfYRKiowcrsHxE9HXnnXp0haGPSfhDndQI37D6LVNxa1 PH49+HIUaSmzWizoy9k0wfrBIVU9F//7+4IxbmE0Y303nVYYvfM9rLtnrAUVyGQoJW4E GFbe8405pr6jXoVebP+uWSzRmpsdLsA8VtapUWgAWYqjuSulmMbikwG04dM0Izjx9bY4 I+edDI6uewrkyoCm0x5mwNuGIWEsln8V6MPwlWQ1ynQ6n00EOeEOli/m8BPu1+hfElpb SGJBAXuoDxTREC/SM3I4xyol6sfyrDkXQdujlLZpATWZBZLgwGyygwg5j3HbO1JbkdRl mw== Received: from prod-mail-ppoint1 (prod-mail-ppoint1.akamai.com [184.51.33.18]) by m0050102.ppops.net-00190b01. with ESMTP id 2rm67q111b-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 02 Apr 2019 16:37:26 +0100 Received: from pps.filterd (prod-mail-ppoint1.akamai.com [127.0.0.1]) by prod-mail-ppoint1.akamai.com (8.16.0.27/8.16.0.27) with SMTP id x32FXBDF030428; Tue, 2 Apr 2019 11:37:25 -0400 Received: from email.msg.corp.akamai.com ([172.27.25.33]) by prod-mail-ppoint1.akamai.com with ESMTP id 2rj3svn156-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-SHA384 bits=256 verify=NOT); Tue, 02 Apr 2019 11:37:25 -0400 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com (172.27.27.101) by ustx2ex-dag1mb6.msg.corp.akamai.com (172.27.27.107) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Tue, 2 Apr 2019 08:37:22 -0700 Received: from USTX2EX-DAG1MB1.msg.corp.akamai.com ([172.27.6.131]) by ustx2ex-dag1mb1.msg.corp.akamai.com ([172.27.6.131]) with mapi id 15.00.1473.003; Tue, 2 Apr 2019 10:37:22 -0500 From: "Salz, Rich" To: "Fries, Steffen" , "spasm@ietf.org" Thread-Topic: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile Thread-Index: AQHU6Wn2Dvygrx2LZEKIw/hN3uQcBg== Date: Tue, 2 Apr 2019 15:37:21 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: user-agent: Microsoft-MacOutlook/10.17.1.190326 x-ms-exchange-messagesentrepresentingtype: 1 x-ms-exchange-transport-fromentityheader: Hosted x-originating-ip: [172.19.37.16] Content-Type: text/plain; charset="utf-8" Content-ID: Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-02_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 suspectscore=0 malwarescore=0 phishscore=0 bulkscore=0 spamscore=0 mlxscore=0 mlxlogscore=423 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904020104 X-Proofpoint-Virus-Version: vendor=fsecure engine=2.50.10434:, , definitions=2019-04-02_06:, , signatures=0 X-Proofpoint-Spam-Details: rule=notspam policy=default score=0 priorityscore=1501 malwarescore=0 suspectscore=0 phishscore=0 bulkscore=0 spamscore=0 clxscore=1011 lowpriorityscore=0 mlxscore=0 impostorscore=0 mlxlogscore=456 adultscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.0.1-1810050000 definitions=main-1904020104 Archived-At: Subject: Re: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2019 15:37:39 -0000 SWYgZXZlcnl0aGluZyB5b3UgbmVlZCB3YXMgcG9zc2libGUgYnkganVzdCAidHJpbW1pbmcgZG93 biIgQ01QIHRoZW4gaXQgc2VlbXMgdG8gbWUgdGhhdCBhbiBpbmRpdmlkdWFsL2luZm9ybWF0aXZl IFJGQyBpcyBhcHByb3ByaWF0ZS4gQnV0IGFzIHlvdSBoYXZlIHRvIGNoYW5nZSB0aGluZ3MsIGhv d2V2ZXIsIGl0IG1ha2VzIG1vcmUgc2Vuc2UgdG8gZ28gZm9yIFdHL3N0YW5kYXJkcy10cmFjayBS RkMuIEl0IGNvdWxkIHN0aWxsIGJlIHB1Ymxpc2hlZCBhcyBpbmRlcGVuZGVudCBzdHJlYW0gZXhw ZXJpbWVudGFsLg0KDQpUaGVyZSBzZWVtcyB0byBiZSBpbnRlcmVzdCBmcm9tIG90aGVyIFdHJ3Mg aW4gdGhpcywgc28gSSdkIGdvIGZvciB0aGUgbWlkZGxlIHJvdXRlLg0KDQo= From nobody Tue Apr 2 11:57:56 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A3CE21201A9 for ; Tue, 2 Apr 2019 11:57:55 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CSO16vam6kar for ; Tue, 2 Apr 2019 11:57:53 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B854E1201BA for ; Tue, 2 Apr 2019 11:57:46 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Tue, 2 Apr 2019 11:57:36 -0700 From: Jim Schaad To: "'Fries, Steffen'" , References: In-Reply-To: Date: Tue, 2 Apr 2019 11:57:30 -0700 Message-ID: <027301d4e985$efd03970$cf70ac50$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQEHESUWYxk/kOgyMDAiu0FwMkKFA6fE3rog Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Apr 2019 18:57:56 -0000 This is a quick walk through what you have below. It would have been helpful to have pointers to the sections/bullet points where things are meant to be modified. > -----Original Message----- > From: Spasm On Behalf Of Fries, Steffen > Sent: Monday, April 1, 2019 10:12 PM > To: spasm@ietf.org > Subject: [lamps] Seeking guidance on proceeding with question from IETF- > 104 presentation on lightweight CMP profile > > > Hi, > > during the LAMPS session in IETF-104 we presented a draft for a lightweight > industrial CMP profile. The document as such bases on CMP and targets to > simplify the very versatile CMP. > > During the presentation we have been asked to also talk to the ACE WG chair > regarding potential interest in this work, as it was not sure if LAMPS is the > right home. I talked to Jim Schaad and as we only work on CMP directly, not > with the transport nor specific considerations for constraint devices, ACE may > not be the right home. Also, Jim was asking if the draft needs to be a > standards track RFC and thus be adopted in a WG. An alternative approach > could also be an independent submission. To make this decision, we need > some guidance. > > For this, let me enumerate the main points we addressed in the draft: > - Generally Section 1.4 enlists the exceptions from the mandatory CMP > Profile as defined in RFC4210 Appendix D: > o signature-based protection is the default protection; initial transactions may also use HMAC, Depending on what is being proven this is reasonable. I would consider this to be profiling > o certification of a second key pair within the same transaction is not supported, I would consider this to be profiling > o proof-of-possession (POPO) with self-signature of the certTemplate according to [RFC4211] section 4.1 clause 3 is the only supported POPO method, I would consider this to be profiling > o confirmation of newly enrolled certificates may be omitted, and especially I would consider this to be profiling > o all transactions consist of request-response message pairs originating at the end entity (EE), i.e., announcement messages are omitted. I would consider this to be profiling > - In section 4.1.5 the proceeding of central key generation needed > extensions at least for ECC key pairs. Not sure what you think falls here and the document is not forth coming. This may have already been done. > - In section 4.4.1 the RootCAUpdate is specified as request-response > transaction and differs from the announcement message as specified in > RFC4210 section 4.4 and Appendix E. Depending on how this is done, it will require an update of RFC 4211. I believe that this means it must be an IETF consensus document and may need to be standards track. > - In section 5 the new Extended Key Usages id-kp-cmpRA is introduced to > indicate that a key pair is entitled to be used by an LRA/RA for signature- > based protection of a CMP message. This can be considered to be a profile. > - Generally further topics to clarify CMP or CRMF may come up during WG > review. > > Based on this list, are these point to be handled as profiling of the base > protocol or are they rather seen as technical change/enhancement? > My understanding is that for profiling an independent RFC would be fine, as > the base spec can be normatively referenced by other standards. In this case > the CMP profile document can be informational. > If some of the points listed qualify rather for technical changes of the base > protocol, my understanding is that we need to find a home for the draft and > target the standard track. @Jim, I hope my conclusion based on our > conversation is right. > > Regarding interest in the resulting RFC there is work ongoing in ANIMA WG > and EAP WG, that can directly leverage the lightweight CMP. Have either of these groups expressed any active interest in this work? This is not something that EAP would normally be looking at as far as I know as they normally consider the act of setting up the EAP credentials to be a "Not My Problem" space. Jim > > In either case your view is appreciated. > > Best regards > Steffen > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Wed Apr 3 09:12:02 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 70A8012017D for ; Wed, 3 Apr 2019 09:12:00 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ImZwqn0PRUza for ; Wed, 3 Apr 2019 09:11:57 -0700 (PDT) Received: from lizzard.sbs.de (lizzard.sbs.de [194.138.37.39]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 49CA012017A for ; Wed, 3 Apr 2019 09:11:57 -0700 (PDT) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by lizzard.sbs.de (8.15.2/8.15.2) with ESMTPS id x33GBogb014818 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 3 Apr 2019 18:11:50 +0200 Received: from DEFTHW99ERKMSX.ww902.siemens.net (defthw99erkmsx.ww902.siemens.net [139.22.70.147]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id x33GBojB016937 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 3 Apr 2019 18:11:50 +0200 Received: from DENBGAT9ERFMSX.ww902.siemens.net (139.22.70.83) by DEFTHW99ERKMSX.ww902.siemens.net (139.22.70.147) with Microsoft SMTP Server (TLS) id 14.3.435.0; Wed, 3 Apr 2019 18:11:50 +0200 Received: from DENBGAT9EJ5MSX.ww902.siemens.net ([169.254.12.162]) by DENBGAT9ERFMSX.ww902.siemens.net ([139.22.70.83]) with mapi id 14.03.0435.000; Wed, 3 Apr 2019 18:11:49 +0200 From: "Fries, Steffen" To: Jim Schaad , "spasm@ietf.org" Thread-Topic: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile Thread-Index: AdTpEqMJe7nRixUIQJ2pi62nhzW52wAYoVsAACq2+aA= Date: Wed, 3 Apr 2019 16:11:48 +0000 Message-ID: References: <027301d4e985$efd03970$cf70ac50$@augustcellars.com> In-Reply-To: <027301d4e985$efd03970$cf70ac50$@augustcellars.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [139.22.70.31] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 16:12:00 -0000 Hi Jim,=20 > This is a quick walk through what you have below. It would have been hel= pful to have pointers to the sections/bullet points where > things are meant to be modified. First of all, thank you for the walk through. I made some comments to your = questions.=20 > > Hi, > > > > during the LAMPS session in IETF-104 we presented a draft for a > lightweight > > industrial CMP profile. The document as such bases on CMP and targets > > to simplify the very versatile CMP. > > > > During the presentation we have been asked to also talk to the ACE WG > chair > > regarding potential interest in this work, as it was not sure if LAMPS > > is > the > > right home. I talked to Jim Schaad and as we only work on CMP > > directly, > not > > with the transport nor specific considerations for constraint devices, > > ACE > may > > not be the right home. Also, Jim was asking if the draft needs to be a > > standards track RFC and thus be adopted in a WG. An alternative > > approach could also be an independent submission. To make this > > decision, we need some guidance. > > > > For this, let me enumerate the main points we addressed in the draft: > > - Generally Section 1.4 enlists the exceptions from the mandatory CMP > > Profile as defined in RFC4210 Appendix D: > > o signature-based protection is the default protection; initial > transactions may also use HMAC, >=20 > Depending on what is being proven this is reasonable. I would consider t= his to be profiling >=20 > > o certification of a second key pair within the same transaction is > > not > supported, >=20 > I would consider this to be profiling >=20 > > o proof-of-possession (POPO) with self-signature of the certTemplate > according to [RFC4211] section 4.1 clause 3 is the only supported POPO me= thod, >=20 > I would consider this to be profiling >=20 > > o confirmation of newly enrolled certificates may be omitted, and > especially >=20 > I would consider this to be profiling >=20 > > o all transactions consist of request-response message pairs > > originating > at the end entity (EE), i.e., announcement messages are omitted. >=20 > I would consider this to be profiling >=20 > > - In section 4.1.5 the proceeding of central key generation needed > > extensions at least for ECC key pairs. >=20 > Not sure what you think falls here and the document is not forth coming. > This may have already been done. Our understanding was that the current approach in RFC 4210 requires at lea= st some support for RSA even if the generated key pair is ECDSA. This is du= e to the statement for encrypting the private key when sending the generate= d material back to the client. Here, the encryption key is to be encrypted = with a short term asymmetric key of the client.=20 >=20 > > - In section 4.4.1 the RootCAUpdate is specified as request-response > > transaction and differs from the announcement message as specified in > > RFC4210 section 4.4 and Appendix E. >=20 > Depending on how this is done, it will require an update of RFC 4211. I = believe that this means it must be an IETF consensus document > and may need to be standards track. The intention here was to avoid the announce messages for the RootCA update= completely to better support application in constraint devices, which may = be temporarily offline or my not feature a server part listening for announ= ce messages. Using a request response allows the client to simply ask for a= n update.=20 Why do you think this will influence also RFC 4211? >=20 > > - In section 5 the new Extended Key Usages id-kp-cmpRA is introduced > > to indicate that a key pair is entitled to be used by an LRA/RA for > signature- > > based protection of a CMP message. >=20 > This can be considered to be a profile. >=20 > > - Generally further topics to clarify CMP or CRMF may come up during > > WG review. > > > > Based on this list, are these point to be handled as profiling of the > > base protocol or are they rather seen as technical change/enhancement? > > My understanding is that for profiling an independent RFC would be > > fine, > as > > the base spec can be normatively referenced by other standards. In > > this > case > > the CMP profile document can be informational. > > If some of the points listed qualify rather for technical changes of > > the > base > > protocol, my understanding is that we need to find a home for the > > draft > and > > target the standard track. @Jim, I hope my conclusion based on our > > conversation is right. > > > > Regarding interest in the resulting RFC there is work ongoing in ANIMA > > WG and EAP WG, that can directly leverage the lightweight CMP. >=20 > Have either of these groups expressed any active interest in this work? > This is not something that EAP would normally be looking at as far as I k= now as they normally consider the act of setting up the EAP > credentials to be a "Not My Problem" space. Both groups are not active regarding CMP adaptation to my knowledge. But th= ere are documents discussed (currently individual submissions and not WG it= ems), which can leverage a lightweight CMP without the need of specifying s= omething by their own.=20 In EAP draft-pala-eap-creds targets enrollment over EAP and specifically ad= dresses CMP. We also talked to Max (the author) and he is interested in uti= lizing a lightweight CMP for this.=20 In ANIMA, we proposed BRSKI-AE to allow for enrollment in domains, which ar= e not always online or which do not feature an on-site PKI. Here, self-cont= ained objects are necessary to bind the initial authentication of an enroll= ing device to the certification request directly, instead of binding it to = the underlying transport protocol. CMP would be applicable as one option fo= r providing such a self-contained object.=20 Best regards Steffen >=20 > Jim >=20 >=20 > > > > In either case your view is appreciated. > > > > Best regards > > Steffen > > > > _______________________________________________ > > Spasm mailing list > > Spasm@ietf.org > > https://www.ietf.org/mailman/listinfo/spasm From nobody Wed Apr 3 11:26:43 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9A90A120153 for ; Wed, 3 Apr 2019 11:26:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Df7NyiPbuEff for ; Wed, 3 Apr 2019 11:26:38 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01D2012006B for ; Wed, 3 Apr 2019 11:26:38 -0700 (PDT) Received: from Jude (207.55.8.10) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Wed, 3 Apr 2019 11:26:31 -0700 From: Jim Schaad To: "'Fries, Steffen'" , References: <027301d4e985$efd03970$cf70ac50$@augustcellars.com> In-Reply-To: Date: Wed, 3 Apr 2019 11:26:28 -0700 Message-ID: <001a01d4ea4a$c27453b0$475cfb10$@augustcellars.com> MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Outlook 16.0 Content-Language: en-us Thread-Index: AQEHESUWYxk/kOgyMDAiu0FwMkKFAwF/szvuAhPOtmCnqdSDMA== X-Originating-IP: [207.55.8.10] Archived-At: Subject: Re: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 18:26:42 -0000 > -----Original Message----- > From: Spasm On Behalf Of Fries, Steffen > Sent: Wednesday, April 3, 2019 9:12 AM > To: Jim Schaad ; spasm@ietf.org > Subject: Re: [lamps] Seeking guidance on proceeding with question from > IETF-104 presentation on lightweight CMP profile > > Hi Jim, > > This is a quick walk through what you have below. It would have been > > helpful to have pointers to the sections/bullet points where things are > meant to be modified. > First of all, thank you for the walk through. I made some comments to your > questions. > > > > Hi, > > > > > > during the LAMPS session in IETF-104 we presented a draft for a > > lightweight > > > industrial CMP profile. The document as such bases on CMP and > > > targets to simplify the very versatile CMP. > > > > > > During the presentation we have been asked to also talk to the ACE > > > WG > > chair > > > regarding potential interest in this work, as it was not sure if > > > LAMPS is > > the > > > right home. I talked to Jim Schaad and as we only work on CMP > > > directly, > > not > > > with the transport nor specific considerations for constraint > > > devices, ACE > > may > > > not be the right home. Also, Jim was asking if the draft needs to be > > > a standards track RFC and thus be adopted in a WG. An alternative > > > approach could also be an independent submission. To make this > > > decision, we need some guidance. > > > > > > For this, let me enumerate the main points we addressed in the draft: > > > - Generally Section 1.4 enlists the exceptions from the mandatory > > > CMP Profile as defined in RFC4210 Appendix D: > > > o signature-based protection is the default protection; initial > > transactions may also use HMAC, > > > > Depending on what is being proven this is reasonable. I would > > consider this to be profiling > > > > > o certification of a second key pair within the same transaction is > > > not > > supported, > > > > I would consider this to be profiling > > > > > o proof-of-possession (POPO) with self-signature of the > > > certTemplate > > according to [RFC4211] section 4.1 clause 3 is the only supported POPO > > method, > > > > I would consider this to be profiling > > > > > o confirmation of newly enrolled certificates may be omitted, and > > especially > > > > I would consider this to be profiling > > > > > o all transactions consist of request-response message pairs > > > originating > > at the end entity (EE), i.e., announcement messages are omitted. > > > > I would consider this to be profiling > > > > > - In section 4.1.5 the proceeding of central key generation needed > > > extensions at least for ECC key pairs. > > > > Not sure what you think falls here and the document is not forth coming. > > This may have already been done. > Our understanding was that the current approach in RFC 4210 requires at > least some support for RSA even if the generated key pair is ECDSA. This is > due to the statement for encrypting the private key when sending the > generated material back to the client. Here, the encryption key is to be > encrypted with a short term asymmetric key of the client. Profiling to use EncryptedKey rather than EncryptedValue would deal with this issue. It would also provide all of the other good things that might show up in the future such as quantum crypto as they would be done for the CMS work. This would not change any existing implementations that are still RSA. > > > > > > - In section 4.4.1 the RootCAUpdate is specified as request-response > > > transaction and differs from the announcement message as specified > > > in > > > RFC4210 section 4.4 and Appendix E. > > > > Depending on how this is done, it will require an update of RFC 4211. > > I believe that this means it must be an IETF consensus document and may > need to be standards track. > The intention here was to avoid the announce messages for the RootCA > update completely to better support application in constraint devices, which > may be temporarily offline or my not feature a server part listening for > announce messages. Using a request response allows the client to simply ask > for an update. > Why do you think this will influence also RFC 4211? Typo - I think of RFC4210 and RFC 4211 as being together and had both open. I meant to type RFC 4210. I am not sure how much this is needed depending on how often this is used and why you think this is needed. If you have a directory or similar then pointers to where they can be found. > > > > > > - In section 5 the new Extended Key Usages id-kp-cmpRA is introduced > > > to indicate that a key pair is entitled to be used by an LRA/RA for > > signature- > > > based protection of a CMP message. > > > > This can be considered to be a profile. > > > > > - Generally further topics to clarify CMP or CRMF may come up during > > > WG review. > > > > > > Based on this list, are these point to be handled as profiling of > > > the base protocol or are they rather seen as technical > change/enhancement? > > > My understanding is that for profiling an independent RFC would be > > > fine, > > as > > > the base spec can be normatively referenced by other standards. In > > > this > > case > > > the CMP profile document can be informational. > > > If some of the points listed qualify rather for technical changes of > > > the > > base > > > protocol, my understanding is that we need to find a home for the > > > draft > > and > > > target the standard track. @Jim, I hope my conclusion based on our > > > conversation is right. > > > > > > Regarding interest in the resulting RFC there is work ongoing in > > > ANIMA WG and EAP WG, that can directly leverage the lightweight CMP. > > > > Have either of these groups expressed any active interest in this work? > > This is not something that EAP would normally be looking at as far as > > I know as they normally consider the act of setting up the EAP credentials > to be a "Not My Problem" space. > Both groups are not active regarding CMP adaptation to my knowledge. But > there are documents discussed (currently individual submissions and not WG > items), which can leverage a lightweight CMP without the need of specifying > something by their own. > In EAP draft-pala-eap-creds targets enrollment over EAP and specifically > addresses CMP. We also talked to Max (the author) and he is interested in > utilizing a lightweight CMP for this. > In ANIMA, we proposed BRSKI-AE to allow for enrollment in domains, which > are not always online or which do not feature an on-site PKI. Here, self- > contained objects are necessary to bind the initial authentication of an > enrolling device to the certification request directly, instead of binding it to > the underlying transport protocol. CMP would be applicable as one option for > providing such a self-contained object. Ok - I was just making sure it was real. I don't remember the draft from Max. Jim > > Best regards > Steffen > > > > > Jim > > > > > > > > > > In either case your view is appreciated. > > > > > > Best regards > > > Steffen > > > > > > _______________________________________________ > > > Spasm mailing list > > > Spasm@ietf.org > > > https://www.ietf.org/mailman/listinfo/spasm > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Wed Apr 3 12:06:07 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 954E1120180 for ; Wed, 3 Apr 2019 12:06:05 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -6.9 X-Spam-Level: X-Spam-Status: No, score=-6.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ELXC_jLf7kKG for ; Wed, 3 Apr 2019 12:06:02 -0700 (PDT) Received: from goliath.siemens.de (goliath.siemens.de [192.35.17.28]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7B64E120167 for ; Wed, 3 Apr 2019 12:06:02 -0700 (PDT) Received: from mail1.sbs.de (mail1.sbs.de [192.129.41.35]) by goliath.siemens.de (8.15.2/8.15.2) with ESMTPS id x33J5tYV021981 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 3 Apr 2019 21:05:55 +0200 Received: from DEFTHW99ERGMSX.ww902.siemens.net (defthw99ergmsx.ww902.siemens.net [139.22.70.132]) by mail1.sbs.de (8.15.2/8.15.2) with ESMTPS id x33J5siD019262 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK); Wed, 3 Apr 2019 21:05:55 +0200 Received: from DENBGAT9ERLMSX.ww902.siemens.net (139.22.70.146) by DEFTHW99ERGMSX.ww902.siemens.net (139.22.70.132) with Microsoft SMTP Server (TLS) id 14.3.435.0; Wed, 3 Apr 2019 21:05:54 +0200 Received: from DENBGAT9EJ5MSX.ww902.siemens.net ([169.254.12.162]) by DENBGAT9ERLMSX.ww902.siemens.net ([139.22.70.146]) with mapi id 14.03.0435.000; Wed, 3 Apr 2019 21:05:53 +0200 From: "Fries, Steffen" To: Jim Schaad CC: "spasm@ietf.org" Thread-Topic: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile Thread-Index: AdTpEqMJe7nRixUIQJ2pi62nhzW52wAYoVsAACq2+aAABn4sAAAFkTzD Date: Wed, 3 Apr 2019 19:05:52 +0000 Message-ID: <4EAA90F4-E8E1-4FE4-B0C9-1D814E49E30C@siemens.com> References: <027301d4e985$efd03970$cf70ac50$@augustcellars.com> , <001a01d4ea4a$c27453b0$475cfb10$@augustcellars.com> In-Reply-To: <001a01d4ea4a$c27453b0$475cfb10$@augustcellars.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: Re: [lamps] Seeking guidance on proceeding with question from IETF-104 presentation on lightweight CMP profile X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Apr 2019 19:06:06 -0000 > On 3. Apr 2019, at 20:26, Jim Schaad wrote: >=20 >=20 >=20 >> -----Original Message----- >> From: Spasm On Behalf Of Fries, Steffen >> Sent: Wednesday, April 3, 2019 9:12 AM >> To: Jim Schaad ; spasm@ietf.org >> Subject: Re: [lamps] Seeking guidance on proceeding with question from >> IETF-104 presentation on lightweight CMP profile >>=20 >> Hi Jim, >>> This is a quick walk through what you have below. It would have been >>> helpful to have pointers to the sections/bullet points where things are >> meant to be modified. >> First of all, thank you for the walk through. I made some comments to yo= ur >> questions. >>=20 >>>> Hi, >>>>=20 >>>> during the LAMPS session in IETF-104 we presented a draft for a >>> lightweight >>>> industrial CMP profile. The document as such bases on CMP and >>>> targets to simplify the very versatile CMP. >>>>=20 >>>> During the presentation we have been asked to also talk to the ACE >>>> WG >>> chair >>>> regarding potential interest in this work, as it was not sure if >>>> LAMPS is >>> the >>>> right home. I talked to Jim Schaad and as we only work on CMP >>>> directly, >>> not >>>> with the transport nor specific considerations for constraint >>>> devices, ACE >>> may >>>> not be the right home. Also, Jim was asking if the draft needs to be >>>> a standards track RFC and thus be adopted in a WG. An alternative >>>> approach could also be an independent submission. To make this >>>> decision, we need some guidance. >>>>=20 >>>> For this, let me enumerate the main points we addressed in the draft: >>>> - Generally Section 1.4 enlists the exceptions from the mandatory >>>> CMP Profile as defined in RFC4210 Appendix D: >>>> o signature-based protection is the default protection; initial >>> transactions may also use HMAC, >>>=20 >>> Depending on what is being proven this is reasonable. I would >>> consider this to be profiling >>>=20 >>>> o certification of a second key pair within the same transaction is >>>> not >>> supported, >>>=20 >>> I would consider this to be profiling >>>=20 >>>> o proof-of-possession (POPO) with self-signature of the >>>> certTemplate >>> according to [RFC4211] section 4.1 clause 3 is the only supported POPO >>> method, >>>=20 >>> I would consider this to be profiling >>>=20 >>>> o confirmation of newly enrolled certificates may be omitted, and >>> especially >>>=20 >>> I would consider this to be profiling >>>=20 >>>> o all transactions consist of request-response message pairs >>>> originating >>> at the end entity (EE), i.e., announcement messages are omitted. >>>=20 >>> I would consider this to be profiling >>>=20 >>>> - In section 4.1.5 the proceeding of central key generation needed >>>> extensions at least for ECC key pairs. >>>=20 >>> Not sure what you think falls here and the document is not forth coming= . >>> This may have already been done. >> Our understanding was that the current approach in RFC 4210 requires at >> least some support for RSA even if the generated key pair is ECDSA. This > is >> due to the statement for encrypting the private key when sending the >> generated material back to the client. Here, the encryption key is to be >> encrypted with a short term asymmetric key of the client. >=20 > Profiling to use EncryptedKey rather than EncryptedValue would deal with > this issue. It would also provide all of the other good things that migh= t > show up in the future such as quantum crypto as they would be done for th= e > CMS work. This would not change any existing implementations that are st= ill > RSA. That is a nice approach not requiring own additions and using what is alrea= dy there. Much appreciated. >>>=20 >>>> - In section 4.4.1 the RootCAUpdate is specified as request-response >>>> transaction and differs from the announcement message as specified >>>> in >>>> RFC4210 section 4.4 and Appendix E. >>>=20 >>> Depending on how this is done, it will require an update of RFC 4211. >>> I believe that this means it must be an IETF consensus document and may >> need to be standards track. >> The intention here was to avoid the announce messages for the RootCA >> update completely to better support application in constraint devices, > which >> may be temporarily offline or my not feature a server part listening for >> announce messages. Using a request response allows the client to simply > ask >> for an update. >> Why do you think this will influence also RFC 4211? >=20 > Typo - I think of RFC4210 and RFC 4211 as being together and had both ope= n. > I meant to type RFC 4210. >=20 > I am not sure how much this is needed depending on how often this is used > and why you think this is needed. If you have a directory or similar the= n > pointers to where they can be found. >=20 We just wanted to avoid that a client has to listen for the announce messag= es. Pointing to a directory would then be out of the definition from CMP an= d rather a client side configuration? Yes, this could be done. Alternativel= y the CMP request/response may be used. >>=20 >>>=20 >>>> - In section 5 the new Extended Key Usages id-kp-cmpRA is introduced >>>> to indicate that a key pair is entitled to be used by an LRA/RA for >>> signature- >>>> based protection of a CMP message. >>>=20 >>> This can be considered to be a profile. >>>=20 >>>> - Generally further topics to clarify CMP or CRMF may come up during >>>> WG review. >>>>=20 >>>> Based on this list, are these point to be handled as profiling of >>>> the base protocol or are they rather seen as technical >> change/enhancement? >>>> My understanding is that for profiling an independent RFC would be >>>> fine, >>> as >>>> the base spec can be normatively referenced by other standards. In >>>> this >>> case >>>> the CMP profile document can be informational. >>>> If some of the points listed qualify rather for technical changes of >>>> the >>> base >>>> protocol, my understanding is that we need to find a home for the >>>> draft >>> and >>>> target the standard track. @Jim, I hope my conclusion based on our >>>> conversation is right. >>>>=20 >>>> Regarding interest in the resulting RFC there is work ongoing in >>>> ANIMA WG and EAP WG, that can directly leverage the lightweight CMP. >>>=20 >>> Have either of these groups expressed any active interest in this work? >>> This is not something that EAP would normally be looking at as far as >>> I know as they normally consider the act of setting up the EAP > credentials >> to be a "Not My Problem" space. >> Both groups are not active regarding CMP adaptation to my knowledge. But >> there are documents discussed (currently individual submissions and not = WG >> items), which can leverage a lightweight CMP without the need of > specifying >> something by their own. >> In EAP draft-pala-eap-creds targets enrollment over EAP and specifically >> addresses CMP. We also talked to Max (the author) and he is interested i= n >> utilizing a lightweight CMP for this. >> In ANIMA, we proposed BRSKI-AE to allow for enrollment in domains, which >> are not always online or which do not feature an on-site PKI. Here, self= - >> contained objects are necessary to bind the initial authentication of an >> enrolling device to the certification request directly, instead of bindi= ng > it to >> the underlying transport protocol. CMP would be applicable as one option > for >> providing such a self-contained object. >=20 > Ok - I was just making sure it was real. I don't remember the draft from > Max. >=20 We had some conversation with Max regarding the profiling and he was in fav= or as it eases the application over EAP to only the necessary exchanges. Best regards Steffen > Jim >=20 >>=20 >> Best regards >> Steffen >>=20 >>>=20 >>> Jim >>>=20 >>>=20 >>>>=20 >>>> In either case your view is appreciated. >>>>=20 >>>> Best regards >>>> Steffen >>>>=20 >>>> _______________________________________________ >>>> Spasm mailing list >>>> Spasm@ietf.org >>>> https://www.ietf.org/mailman/listinfo/spasm >>=20 >> _______________________________________________ >> Spasm mailing list >> Spasm@ietf.org >> https://www.ietf.org/mailman/listinfo/spasm >=20 From nobody Wed Apr 3 21:49:43 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7DF08120403 for ; Wed, 3 Apr 2019 21:49:41 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1u5l1qm9o2Fz for ; Wed, 3 Apr 2019 21:49:39 -0700 (PDT) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A52FD1203D5 for ; Wed, 3 Apr 2019 21:49:39 -0700 (PDT) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 3E4842753F for ; Thu, 4 Apr 2019 00:49:38 -0400 (EDT) From: Sean Leonard To: SPASM Message-ID: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> Date: Wed, 3 Apr 2019 21:48:02 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Sent-To: X-Sender: tuffmail.com Archived-At: Subject: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2019 04:49:41 -0000 I have a need to identify SHAKE128 and SHAKE256 algorithms by text string= s. There is an IANA registry aptly named =E2=80=9CHash Function Textual Name= s=E2=80=9D:=20 . I request the following change to draft-ietf-lamps-pkix-shake: Change 6. IANA Considerations to read: ~~~ IANA is directed to update the Hash Function Textual Names registry [RFC8122] with two additional entries for SHAKE128 and SHAKE256. Table 1 contains the new values of this registry. +--------------------+-------------------------+-----------+ | Hash Function Name | OID | Reference | +--------------------+-------------------------+-----------+ | "shake256" | 2.16.840.1.101.3.4.2.11 | [THIS] | | "shake512" | 2.16.840.1.101.3.4.2.12 | [THIS] | +--------------------+-------------------------+-----------+ Table 1: IANA Hash Function Textual Names Registry ~~~ Furthermore, RFC 8122 says that the registering Standards Track RFC has=20 to update RFC 3279. So, the status of draft-ietf-lamps-pkix-shake is=20 supposed to be changed to Updates: RFC 3279. Thank you, Sean From nobody Thu Apr 4 07:50:13 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E60BF1204AD for ; Thu, 4 Apr 2019 07:50:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=TCne3urV; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=XXIA912L Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vTxzchvuKk7z for ; Thu, 4 Apr 2019 07:50:08 -0700 (PDT) Received: from alln-iport-7.cisco.com (alln-iport-7.cisco.com [173.37.142.94]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 682661206A5 for ; Thu, 4 Apr 2019 07:50:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2858; q=dns/txt; s=iport; t=1554389408; x=1555599008; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=HtlmM/5zpTg4vNt9g4gFDycguZ5FCLEvfwA15rIoIXo=; b=TCne3urVTgvsRqI6ZBg/9Ah2EDBFAhhhCh5QtGEpk8RVIig9TRE6LIPp otO+KE94sUpIU3ANI4F8VbAZXysjhYqG52areJC1F8jQL8ZRn/aW1IyfJ eLriAm5Rday4gljthqcl4lHsEaosuhHXoBK8U8V20UbTVEPMX3yuDn0kl 0=; IronPort-PHdr: =?us-ascii?q?9a23=3AN0ANrh8QIkZacP9uRHGN82YQeigqvan1NQcJ65?= =?us-ascii?q?0hzqhDabmn44+8ZR7E/fs4iljPUM2b8P9Ch+fM+4HYEW0bqdfk0jgZdYBUER?= =?us-ascii?q?oMiMEYhQslVdaGAEjjJfjjRyc7B89FElRi+iLzPA=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A1AAAdGaZc/5pdJa1bChoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgVQCAQEBAQsBgT1QA2hUIAQLJ4QOg0cDjyKCV5cVglIDVA4?= =?us-ascii?q?BARgNB4RAAheFNiI3Bg0BAQMBAQkBAwJtHAyFSgEBAQECAQEBIREMAQEsDAQ?= =?us-ascii?q?HBAIBCBEEAQEDAiYCAgIlCxUICAIEARIIgxuBXQMNCAEOonICihRxgS+CeQE?= =?us-ascii?q?BBYUKGIIMAwWBCyUBizIXgUA/gRFGgh4uPoJhAQECgTQtFYJzMYImilmCNYR?= =?us-ascii?q?HlBgJAod+jBSCBYlwiFqIJoMpgRiFBI1UAgQCBAUCDgEBBYFlIoFWcBU7gmy?= =?us-ascii?q?CCgsBF4NMgX+DFYU/cgELgRyPPQEB?= X-IronPort-AV: E=Sophos;i="5.60,308,1549929600"; d="scan'208";a="253825552" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by alln-iport-7.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 04 Apr 2019 14:50:06 +0000 Received: from XCH-ALN-004.cisco.com (xch-aln-004.cisco.com [173.36.7.14]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x34Eo6Hr017273 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 4 Apr 2019 14:50:06 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-ALN-004.cisco.com (173.36.7.14) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Apr 2019 09:50:05 -0500 Received: from xhs-rtp-002.cisco.com (64.101.210.229) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 4 Apr 2019 10:50:04 -0400 Received: from NAM01-SN1-obe.outbound.protection.outlook.com (64.101.32.56) by xhs-rtp-002.cisco.com (64.101.210.229) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 4 Apr 2019 10:50:04 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=HtlmM/5zpTg4vNt9g4gFDycguZ5FCLEvfwA15rIoIXo=; b=XXIA912Le1s1nOHzdsoJJ12u5jey1HAatwmXF+lvp8Ejcj+iIJV1WdPCPg/jX0+DR09Ui8c0h7fh2HenUOcpNlbuavb70LFxWSXuYblEm/GBKK2hINwnukQxJjIfDFzMSaVFdQU7kjqvbqpKXb93j6kz+ohWex57wi6PQ/Lao4A= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB1335.namprd11.prod.outlook.com (10.169.252.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1750.19; Thu, 4 Apr 2019 14:50:03 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Thu, 4 Apr 2019 14:50:03 +0000 From: "Panos Kampanakis (pkampana)" To: Sean Leonard , SPASM Thread-Topic: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? Thread-Index: AQHU6qHeoogdjLzcwEaYbIaaJw/Dc6YsBXQg Date: Thu, 4 Apr 2019 14:50:03 +0000 Message-ID: References: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> In-Reply-To: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1007::244] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 0a934576-c84c-4d42-0c02-08d6b90cd23b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600139)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(7193020); SRVR:CY4PR11MB1335; x-ms-traffictypediagnostic: CY4PR11MB1335: x-ms-exchange-purlcount: 3 x-microsoft-antispam-prvs: x-forefront-prvs: 0997523C40 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(366004)(396003)(136003)(376002)(346002)(39860400002)(13464003)(199004)(189003)(8936002)(99286004)(52536014)(5660300002)(316002)(6436002)(33656002)(102836004)(476003)(14444005)(7736002)(446003)(110136005)(6506007)(305945005)(186003)(229853002)(106356001)(53546011)(11346002)(25786009)(105586002)(256004)(7696005)(486006)(46003)(966005)(71200400001)(76176011)(9686003)(55016002)(68736007)(8676002)(74316002)(2906002)(81156014)(478600001)(86362001)(97736004)(53936002)(71190400001)(6116002)(6306002)(14454004)(6246003)(81166006); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1335; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: aLgoUqiLNW4XRlDU7SBFBPHFL2aXXhjyqEuddpKZOBXBFC62hVZvQciHvwQe+1+SkbgsLLIPRqXAqub+mRYg0zkrNILBZxOWepCHaZ56posNwgmWPRx9kPj5FJMYg4EdvTc0A/mgp5H9olLkhDoRIICE4b5xPx8lhlGCC4nMUuCEf2WAA0l0/Ej1wzpMApyYj/YADTYEPujhpSSzK1CQcriT+7Wq9uunf0aF9Xt30FXKpV2a0DIYpoydZXvtaMmLx5kiwcZSAr4DW4ElUf5n9qSImikkOhww6HCySwrwrf45E6HLExfuQdarkTO8pLel2yR0+rwGhAJMTFO2BZqhHSLvyChYzvuEdOhQzX/ITioIAMZGlxcRK7esYZYX1H7LY4I9yfBEabGyy46ZVwsdk5SnAGY6Vb/UfGBqIVQ2/4E= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 0a934576-c84c-4d42-0c02-08d6b90cd23b X-MS-Exchange-CrossTenant-originalarrivaltime: 04 Apr 2019 14:50:03.5213 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1335 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.14, xch-aln-004.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2019 14:50:12 -0000 SGkgU2VhbiwNCg0KPiBJIGhhdmUgYSBuZWVkIHRvIGlkZW50aWZ5IFNIQUtFMTI4IGFuZCBTSEFL RTI1NiBhbGdvcml0aG1zIGJ5IHRleHQgc3RyaW5ncy4gDQoNClRoZSBPSURzIGZvciBTSEFLRXMg YXJlIGRlZmluZWQgYnkgTklTVCBodHRwczovL2NzcmMubmlzdC5nb3YvcHJvamVjdHMvY29tcHV0 ZXItc2VjdXJpdHktb2JqZWN0cy1yZWdpc3Rlci9hbGdvcml0aG0tcmVnaXN0cmF0aW9uI0hhc2gg VGhhdCwgYWxvbmcgd2l0aCB0aGUgbmV3IE9JRHMgaW4gdGhlIGRyYWZ0LWlldGYtbGFtcHMtcGtp eC1zaGFrZSBkcmFmdCwgYXJlIGVub3VnaCBmb3IgaW50cm9kdWNpbmcgU0hBS0VzIGluIFguNTA5 IHdoaWNoIGlzIHdoYXQgdGhpcyBkcmFmdCBpcyBkb2luZy4gDQoNCkRvZXMgeW91ciBuZWVkIHJl bGF0ZSB0byBQS0lYIGF0IGFsbD8gDQoNClJncywNClBhbm9zDQoNCg0KLS0tLS1PcmlnaW5hbCBN ZXNzYWdlLS0tLS0NCkZyb206IFNwYXNtIDxzcGFzbS1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhh bGYgT2YgU2VhbiBMZW9uYXJkDQpTZW50OiBUaHVyc2RheSwgQXByaWwgMDQsIDIwMTkgMTI6NDgg QU0NClRvOiBTUEFTTSA8c3Bhc21AaWV0Zi5vcmc+DQpTdWJqZWN0OiBbbGFtcHNdIE5lZWQgU0hB S0UgdGV4dCBzdHJpbmdzLCBhZGQgdG8gZHJhZnQtaWV0Zi1sYW1wcy1wa2l4LXNoYWtlPw0KDQpJ IGhhdmUgYSBuZWVkIHRvIGlkZW50aWZ5IFNIQUtFMTI4IGFuZCBTSEFLRTI1NiBhbGdvcml0aG1z IGJ5IHRleHQgc3RyaW5ncy4NCg0KVGhlcmUgaXMgYW4gSUFOQSByZWdpc3RyeSBhcHRseSBuYW1l ZCDigJxIYXNoIEZ1bmN0aW9uIFRleHR1YWwgTmFtZXPigJ06IA0KPGh0dHBzOi8vd3d3LmlhbmEu b3JnL2Fzc2lnbm1lbnRzL2hhc2gtZnVuY3Rpb24tdGV4dC1uYW1lcy9oYXNoLWZ1bmN0aW9uLXRl eHQtbmFtZXMueGh0bWw+Lg0KDQpJIHJlcXVlc3QgdGhlIGZvbGxvd2luZyBjaGFuZ2UgdG8gZHJh ZnQtaWV0Zi1sYW1wcy1wa2l4LXNoYWtlOg0KDQpDaGFuZ2UgNi4gSUFOQSBDb25zaWRlcmF0aW9u cyB0byByZWFkOg0KDQp+fn4NCg0KICAgIElBTkEgaXMgZGlyZWN0ZWQgdG8gdXBkYXRlIHRoZSBI YXNoIEZ1bmN0aW9uIFRleHR1YWwgTmFtZXMNCiAgICByZWdpc3RyeSBbUkZDODEyMl0gd2l0aCB0 d28gYWRkaXRpb25hbCBlbnRyaWVzIGZvciBTSEFLRTEyOA0KICAgIGFuZCBTSEFLRTI1Ni4gVGFi bGUgMSBjb250YWlucyB0aGUgbmV3IHZhbHVlcyBvZiB0aGlzIHJlZ2lzdHJ5Lg0KDQogICAgICAg ICstLS0tLS0tLS0tLS0tLS0tLS0tLSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0t LS0tKw0KICAgICAgICB8IEhhc2ggRnVuY3Rpb24gTmFtZSB8ICAgICAgICAgIE9JRCAgICAgICAg ICAgIHwgUmVmZXJlbmNlIHwNCiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0t LS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0tLS0tLS0rDQogICAgICAgIHwgICAgICJzaGFrZTI1NiIg ICAgIHwgMi4xNi44NDAuMS4xMDEuMy40LjIuMTEgfCAgW1RISVNdICAgfA0KICAgICAgICB8ICAg ICAic2hha2U1MTIiICAgICB8IDIuMTYuODQwLjEuMTAxLjMuNC4yLjEyIHwgIFtUSElTXSAgIHwN CiAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0r LS0tLS0tLS0tLS0rDQoNCg0KICAgICAgICAgICAgIFRhYmxlIDE6IElBTkEgSGFzaCBGdW5jdGlv biBUZXh0dWFsIE5hbWVzIFJlZ2lzdHJ5DQoNCg0Kfn5+DQoNCkZ1cnRoZXJtb3JlLCBSRkMgODEy MiBzYXlzIHRoYXQgdGhlIHJlZ2lzdGVyaW5nIFN0YW5kYXJkcyBUcmFjayBSRkMgaGFzIHRvIHVw ZGF0ZSBSRkMgMzI3OS4gU28sIHRoZSBzdGF0dXMgb2YgZHJhZnQtaWV0Zi1sYW1wcy1wa2l4LXNo YWtlIGlzIHN1cHBvc2VkIHRvIGJlIGNoYW5nZWQgdG8gVXBkYXRlczogUkZDIDMyNzkuDQoNClRo YW5rIHlvdSwNCg0KU2Vhbg0KDQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fXw0KU3Bhc20gbWFpbGluZyBsaXN0DQpTcGFzbUBpZXRmLm9yZw0KaHR0cHM6Ly93 d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zcGFzbQ0K From nobody Thu Apr 4 10:13:21 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7B184120176 for ; Thu, 4 Apr 2019 10:13:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.599 X-Spam-Level: X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id TCOOZPYWANub for ; Thu, 4 Apr 2019 10:13:17 -0700 (PDT) Received: from smtp-out-2.mxes.net (smtp-out-2.mxes.net [205.237.194.127]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3D02212008D for ; Thu, 4 Apr 2019 10:13:17 -0700 (PDT) Received: from Customer-MUA (mua.mxes.net [10.0.0.1]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.mxes.net (Postfix) with ESMTPSA id 8DF5B2755E; Thu, 4 Apr 2019 13:13:15 -0400 (EDT) To: "Panos Kampanakis (pkampana)" , SPASM References: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> From: Sean Leonard Message-ID: Date: Thu, 4 Apr 2019 10:11:40 -0700 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: quoted-printable X-Sent-To: X-Sender: tuffmail.com Archived-At: Subject: Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 04 Apr 2019 17:13:20 -0000 Hi Panos, On 4/4/2019 7:50 AM, Panos Kampanakis (pkampana) wrote: > Hi Sean, > >> I have a need to identify SHAKE128 and SHAKE256 algorithms by text str= ings. > The OIDs for SHAKEs are defined by NIST https://csrc.nist.gov/projects/= computer-security-objects-register/algorithm-registration#Hash That, alon= g with the new OIDs in the draft-ietf-lamps-pkix-shake draft, are enough = for introducing SHAKEs in X.509 which is what this draft is doing. > > Does your need relate to PKIX at all? Yes, and no. The need relates to protocols that depend on PKIX. RFC 8122 is "Connection-Oriented Media Transport over the Transport=20 Layer Security (TLS) Protocol in the Session Description Protocol=20 (SDP)". So basically it is SDP, and is a product of the MMUSIC WG (in ART= ). Sometimes people need to identify hash algorithms with text strings. RFC=20 8122 (obsoletes RFC 4572) defines such a registry. No need to reinvent=20 the wheel. There is no change to OIDs. The textual registration requires that the=20 OIDs already be allocated for identification. The alternate plan is to draft a Standards Track RFC specifically for=20 the purpose of making the textual registration, referring to=20 draft-ietf-lamps-pkix-shake. That seems like unnecessary work, but I=20 will do it if that is what is required. Best regards, Sean > > Rgs, > Panos > > > -----Original Message----- > From: Spasm On Behalf Of Sean Leonard > Sent: Thursday, April 04, 2019 12:48 AM > To: SPASM > Subject: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-= shake? > > I have a need to identify SHAKE128 and SHAKE256 algorithms by text stri= ngs. > > There is an IANA registry aptly named =E2=80=9CHash Function Textual Na= mes=E2=80=9D: > . > > I request the following change to draft-ietf-lamps-pkix-shake: > > Change 6. IANA Considerations to read: > > ~~~ > > IANA is directed to update the Hash Function Textual Names > registry [RFC8122] with two additional entries for SHAKE128 > and SHAKE256. Table 1 contains the new values of this registry. > > +--------------------+-------------------------+-----------+ > | Hash Function Name | OID | Reference | > +--------------------+-------------------------+-----------+ > | "shake256" | 2.16.840.1.101.3.4.2.11 | [THIS] | > | "shake512" | 2.16.840.1.101.3.4.2.12 | [THIS] | > +--------------------+-------------------------+-----------+ > > > Table 1: IANA Hash Function Textual Names Registry > > > ~~~ > > Furthermore, RFC 8122 says that the registering Standards Track RFC has= to update RFC 3279. So, the status of draft-ietf-lamps-pkix-shake is sup= posed to be changed to Updates: RFC 3279. > > Thank you, > > Sean > > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Mon Apr 8 05:06:38 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E2D82120045 for ; Mon, 8 Apr 2019 05:06:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z5L8BpjHsviB for ; Mon, 8 Apr 2019 05:06:35 -0700 (PDT) Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2823B1201EB for ; Mon, 8 Apr 2019 05:06:35 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id D7E50171C074 for ; Mon, 8 Apr 2019 14:06:32 +0200 (CEST) Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id liwXEmvXx4uQ for ; Mon, 8 Apr 2019 14:06:30 +0200 (CEST) Received: from [192.168.77.110] (212-51-138-240.fiber7.init7.net [212.51.138.240]) by dragon.pibit.ch (Postfix) with ESMTPSA id 520FF171C05E for ; Mon, 8 Apr 2019 14:06:30 +0200 (CEST) From: Claudio Luck To: spasm@ietf.org References: <87tvfia3k5.fsf@fifthhorseman.net> Message-ID: <6067219c-c971-20d2-8df6-28a061869696@pep.foundation> Date: Mon, 8 Apr 2019 14:06:29 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <87tvfia3k5.fsf@fifthhorseman.net> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 8bit Archived-At: Subject: Re: [lamps] New Version Notification for draft-luck-lamps-pep-header-protection-01.txt (fwd) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 12:06:38 -0000 Hi Daniel Thanks a lot for your comments! In the current draft in section 5 and onwards we shamelessly described pEp's current implementation, keeping the emphasis on completeness, thus expanding a bit bejond header protection alone. This should now change as we progress with our other drafts in the MEDUP WG, so that we can reference them properly. I'm looking forward in settling all your objections. Please find detailed comments inline. On 01.04.19 03:59, Daniel Kahn Gillmor wrote: > On Thu 2019-03-14 15:24:51 +0100, Bernie Hoeneisen wrote: >> draft-luck-lamps-pep-header-protection-01.txt > > Thanks for raising this to the group, Bernie! As i said at the mic in > Prague, I like the framing of this draft, and i think it's asking the > right questions. > > In particular, i like that it breaks down different types of > protections, and calls out a clear set of interactions that need to be > accounted for. And i like that it aims to be comprehensive across both > S/MIME and PGP/MIME. > > A few concerns about the draft itself: > > * OpenPGP Radix-64 § 2.1 -- inaccurate (missing newline), and its > subsection 2.1.1 sneaks in action recommendations within a broader > "Terms" section. Also "Radix-64" not used elsewhere in the draft -- > i think it's safest to strike this section. This is a leftover and I'll remove it in the next revision. > > * Formalized MIME subset (described as "pEp implementation" in § 5.1) > -- this seems like a huge design decision that is probably out of > scope. If this draft tries to define something about the structure > of the cryptographic protections of the message, that would be in > scope, but making it affect the structure of the payload seems too > radical for what this draft aims to do. I can imagine that we can abstract this away. > > * § 5.5 "Outer Message" and § 5.3 "pEp inner message" together seem > similarly problematic, as they introduce another change to the > payload MIME structure that is unrelated to header protection. While > that might be worthwhile in some contexts, this is not the place to > make that proposal. Section 5.3 indeed re-iterates section 5.1 and probably will go. For 5.5 we need to discuss the intersection of various usecases which all work with signatures: qualified signatures on attachments and full emails vs. automated transport security. We need to make sure we don't step on each other's feets by using the same standard for slightly different purposes. > > * § 7 seems to suggest that Bcc: should be present in any of the > headers. having the Bcc explicitly present on a generated e-mail is > unusual in modern mailers (though not impossible, of course). If we > want to call it out here as being potentially present, we might want > to reference the guidance on page 24 of RFC 5322, to make it clear > that we don't mean to encourage the introduction of Bcc anywhere else > ("if included in the original message" could mean different things > for Bcc depending upon which variant of Bcc practice is followed, and > when you consider the Bcc hedaer being "included") Good point, we need to better separate the sendmail interface perspective from the SMTP based MUA-to-MTA submission. > > * § 7 again: the Subject: masking header offers "p≡p" or "pEp" or > "Encrypted message" -- I've seen a growing consensus among several > MUA developers that this kind of in-band signalling is problematic. > In the event that this subject line leaks to the receivers with any > regularity, users will take this string as though it were an > indicator from the UI that the message is actually protected. This > can result in confusion around the status of a message, if a subject > line like "Re: p≡p" shows up on cleartext, unsigned messages, which > is a very likely accidental scenario for e-mail messages that are (some text went missing?) What value would you suggest for the Subject of the wrapper and outer messages? The Subject header is mandatory, but the value can be arbitrary (including empty). Note that pEp ignores the outer subject, we use the "X-Pep-Version" header. A remark has been made that a MIME Content-Type property would probably be more appropriate here. But... a subject reading "Re: p≡p" is a strong indication for a buggy MUA with does not follow the pEp protocols correctly, or applies various draft standards concurrently. In any case it's not a good benchmark at this point... > > * "trusted server" option (various subsections of § 8) seems like > implementation details that shouldn't be normatively referenced in > this draft -- if a draft describes interaction modes between MUAs and > MTAs, then that draft could normatively reference this one, and > describe the interaction there. I'm partly with you here. I still wonder how much we should consider server- and client-side message filtering (inbound and outbound), as much of it relies in accessing the header values. In this case we'll need to consider transport to/from the mailbox and to mail submission as separate protocols and transmissions. > > nitpicking: > > * General Requirement § 4.1 -- seems to skip from G1 to G3. what > happened to G2? G2 was merged to G1, and we missed re-numbering. Further revisions are likely here. > > Overall, i see a lot of similarities between this and > melnikov-lamps-header-protection -- it seems to me like we should try to > consolidate the ideas in both of these drafts to make a single draft as > a clear set of guidelines. I'm happy to try to help with that effort if > others agree that this would be useful. > We still see these drafts as complementary, but we are definitely open to discuss consolidation. -- Best Claudio Luck pEp Security SA / pEp Foundation From nobody Mon Apr 8 07:21:38 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ACE21203C3 for ; Mon, 8 Apr 2019 07:21:37 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Cwru0qmq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Q+UNPBO1 Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lx1H8cR10V32 for ; Mon, 8 Apr 2019 07:21:35 -0700 (PDT) Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEE8E1201A3 for ; Mon, 8 Apr 2019 07:21:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5252; q=dns/txt; s=iport; t=1554733294; x=1555942894; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=kNl/eFbFGKriA+diC6/ymIJE54Ko16VPxi8Do7NacMg=; b=Cwru0qmqxd3RVtY8nM/AN3g+uehJAjM0XNIXzaIMre0B3s6u24KwQzZ9 kmIZeQNXUHTcgcSTmxg9UtX6kjamoeCv59BpYtQfiS0kw0WBWs0qw9iKl yTXXHwBWm59EBRTCLGOJV1fZtaeldk/ZdII3OjY6b8NR85Ap481TYr+mB I=; IronPort-PHdr: =?us-ascii?q?9a23=3AP75o0hNTstDzj7u2FA8l6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CCAADYV6tc/51dJa1bChoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgVQCAQEBAQsBgT1QA2hUIAQLJ4QOg0cDjydKgg2XGIJSA1Q?= =?us-ascii?q?OAQEYDQeEQAIXhU4iNwYNAQEDAQEJAQIBAm0cDIVKAQEBAwEBASERDAEBLAw?= =?us-ascii?q?LBAIBCBEEAQEBAgImAgICJQsVCAgCBAESCIMbgV0DDQgBDqMSAooUcYEvgnk?= =?us-ascii?q?BAQWBMQGDRhiCDAMFgQslAYtGF4FAP4ERRoIeLj6CYQEBAoE0LRWCczGCJop?= =?us-ascii?q?ggjaETJQnCQKIAYwaggWJeYheiCmDKoEahQiNXAIEAgQFAg4BAQWBZSKBVnA?= =?us-ascii?q?VO4JsggoLAReDTIF/gxWFP3IBCQKBHI9FAQE?= X-IronPort-AV: E=Sophos;i="5.60,325,1549929600"; d="scan'208";a="543031640" Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2019 14:21:33 +0000 Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x38ELXCQ015432 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Apr 2019 14:21:33 GMT Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 09:21:32 -0500 Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 09:21:32 -0500 Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 8 Apr 2019 09:21:32 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kNl/eFbFGKriA+diC6/ymIJE54Ko16VPxi8Do7NacMg=; b=Q+UNPBO16u9kgPftLbcxWzISJQUhO0VElBMqjIxS/2fTx5UBFb1kGrkYRgzUKjKzva7ECFxILKKYgtj5qXDBil4GwmgVmyLULEUFi72zKodarbzlNHxn35Wen6FP2ftlrdKTz2GcZj/ADuJRAgFv1xDUePsElECfoKR53TWmbPI= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB2005.namprd11.prod.outlook.com (10.173.16.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Mon, 8 Apr 2019 14:21:31 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Mon, 8 Apr 2019 14:21:31 +0000 From: "Panos Kampanakis (pkampana)" To: Sean Leonard , SPASM Thread-Topic: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? Thread-Index: AQHU6qHeoogdjLzcwEaYbIaaJw/Dc6YsBXQggAA4OACABhlfEA== Date: Mon, 8 Apr 2019 14:21:31 +0000 Message-ID: References: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1005::f1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 3d4cb1b7-4981-4484-3e49-08d6bc2d7f83 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB2005; x-ms-traffictypediagnostic: CY4PR11MB2005: x-ms-exchange-purlcount: 4 x-microsoft-antispam-prvs: x-forefront-prvs: 0001227049 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(366004)(346002)(136003)(39860400002)(396003)(376002)(13464003)(189003)(199004)(99286004)(186003)(446003)(74316002)(102836004)(9686003)(6306002)(55016002)(46003)(53936002)(86362001)(229853002)(53546011)(6506007)(11346002)(476003)(76176011)(7696005)(6246003)(6436002)(486006)(33656002)(478600001)(966005)(14454004)(6116002)(97736004)(105586002)(52536014)(7736002)(305945005)(2906002)(106356001)(68736007)(316002)(8676002)(110136005)(71200400001)(81166006)(8936002)(71190400001)(81156014)(25786009)(256004)(14444005)(5660300002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB2005; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: ji7Dyx0yX834tLn7s34BWHgaLW7RxbFcfqaKWYhNwYinLPu2ErKU0jUuI3l2jHaBi9bbm56hvmXfaQWRVb2KhRlQqFIqxBYvq9rGIRJl71I7NYXMoGt8Q2BLBlPMQ9DZz8tMHSdg8vbrS7PVbdj4xBncPuMwXiag2KijtiNVjOfLlkKxkZ3Iq0aWXLHKAQ15RKuOJy9NErwpt214XmtUdP/LdJW2Y+vKJ0WxKt7tPRfABK0XV2SFUaJjBEd0s951PfSAgHCUBecuSIZx564iIL2W7pZRs1M59OLoO7KhvCWsK6oYJMWlmDzSyY7Gn8KfPtEpBzchvTvTfQ4wG9plxEeUAjtXL1Qm16PHyAXwTKdskEZTeN0oHh9aurpPPnPcxwk0/1FCLD99LNzsWOfCh8XjXg6Lf5WVzP3MpQnh9PI= Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 3d4cb1b7-4981-4484-3e49-08d6bc2d7f83 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 14:21:31.7160 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB2005 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.25, xch-aln-015.cisco.com X-Outbound-Node: rcdn-core-6.cisco.com Archived-At: Subject: Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake? X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 14:21:38 -0000 VGhhbmtzIFNlYW4uIA0KSSB1cGRhdGVkIHRoZSBkcmFmdCB0byBhY2NvbW1vZGF0ZSB5b3VyIGNv bW1lbnQuIFRoZSBjb21taXQgdGhhdCBhZGRyZXNzZXMgaXQgaXMgaGVyZSBodHRwczovL2dpdGh1 Yi5jb20vY3Nvc3RvLXBrL2FkZGluZy1zaGFrZS10by1wa2l4L2NvbW1pdC9iNjdjNDY0MTE3MmY2 NzFiMjcxZWNlYzAyZjQ2Y2RlMmI5MjA1YjIzIA0KDQpJIHdpbGwgcmV1cGxvYWQgdGhlIGRyYWZ0 IGF0IHRoZSBlbmQgb2YgdGhpcyB3ZWVrIHByb2JhYmx5IHVubGVzcyB0aGVyZSBhcmUgbW9yZSBj b21tZW50cyB3aGlsZSBpbiBJRVNHIHJldmlldy4gDQoNClBhbm9zDQoNCg0KLS0tLS1PcmlnaW5h bCBNZXNzYWdlLS0tLS0NCkZyb206IFNwYXNtIDxzcGFzbS1ib3VuY2VzQGlldGYub3JnPiBPbiBC ZWhhbGYgT2YgU2VhbiBMZW9uYXJkDQpTZW50OiBUaHVyc2RheSwgQXByaWwgMDQsIDIwMTkgMTox MiBQTQ0KVG86IFBhbm9zIEthbXBhbmFraXMgKHBrYW1wYW5hKSA8cGthbXBhbmFAY2lzY28uY29t PjsgU1BBU00gPHNwYXNtQGlldGYub3JnPg0KU3ViamVjdDogUmU6IFtsYW1wc10gTmVlZCBTSEFL RSB0ZXh0IHN0cmluZ3MsIGFkZCB0byBkcmFmdC1pZXRmLWxhbXBzLXBraXgtc2hha2U/DQoNCkhp IFBhbm9zLA0KDQpPbiA0LzQvMjAxOSA3OjUwIEFNLCBQYW5vcyBLYW1wYW5ha2lzIChwa2FtcGFu YSkgd3JvdGU6DQo+IEhpIFNlYW4sDQo+DQo+PiBJIGhhdmUgYSBuZWVkIHRvIGlkZW50aWZ5IFNI QUtFMTI4IGFuZCBTSEFLRTI1NiBhbGdvcml0aG1zIGJ5IHRleHQgc3RyaW5ncy4NCj4gVGhlIE9J RHMgZm9yIFNIQUtFcyBhcmUgZGVmaW5lZCBieSBOSVNUIGh0dHBzOi8vY3NyYy5uaXN0Lmdvdi9w cm9qZWN0cy9jb21wdXRlci1zZWN1cml0eS1vYmplY3RzLXJlZ2lzdGVyL2FsZ29yaXRobS1yZWdp c3RyYXRpb24jSGFzaCBUaGF0LCBhbG9uZyB3aXRoIHRoZSBuZXcgT0lEcyBpbiB0aGUgZHJhZnQt aWV0Zi1sYW1wcy1wa2l4LXNoYWtlIGRyYWZ0LCBhcmUgZW5vdWdoIGZvciBpbnRyb2R1Y2luZyBT SEFLRXMgaW4gWC41MDkgd2hpY2ggaXMgd2hhdCB0aGlzIGRyYWZ0IGlzIGRvaW5nLg0KPg0KPiBE b2VzIHlvdXIgbmVlZCByZWxhdGUgdG8gUEtJWCBhdCBhbGw/DQoNClllcywgYW5kIG5vLiBUaGUg bmVlZCByZWxhdGVzIHRvIHByb3RvY29scyB0aGF0IGRlcGVuZCBvbiBQS0lYLg0KDQpSRkMgODEy MiBpcyAiQ29ubmVjdGlvbi1PcmllbnRlZCBNZWRpYSBUcmFuc3BvcnQgb3ZlciB0aGUgVHJhbnNw b3J0IExheWVyIFNlY3VyaXR5IChUTFMpIFByb3RvY29sIGluIHRoZSBTZXNzaW9uIERlc2NyaXB0 aW9uIFByb3RvY29sIChTRFApIi4gU28gYmFzaWNhbGx5IGl0IGlzIFNEUCwgYW5kIGlzIGEgcHJv ZHVjdCBvZiB0aGUgTU1VU0lDIFdHIChpbiBBUlQpLg0KDQpTb21ldGltZXMgcGVvcGxlIG5lZWQg dG8gaWRlbnRpZnkgaGFzaCBhbGdvcml0aG1zIHdpdGggdGV4dCBzdHJpbmdzLiBSRkMNCjgxMjIg KG9ic29sZXRlcyBSRkMgNDU3MikgZGVmaW5lcyBzdWNoIGEgcmVnaXN0cnkuIE5vIG5lZWQgdG8g cmVpbnZlbnQgdGhlIHdoZWVsLg0KDQpUaGVyZSBpcyBubyBjaGFuZ2UgdG8gT0lEcy4gVGhlIHRl eHR1YWwgcmVnaXN0cmF0aW9uIHJlcXVpcmVzIHRoYXQgdGhlIE9JRHMgYWxyZWFkeSBiZSBhbGxv Y2F0ZWQgZm9yIGlkZW50aWZpY2F0aW9uLg0KDQpUaGUgYWx0ZXJuYXRlIHBsYW4gaXMgdG8gZHJh ZnQgYSBTdGFuZGFyZHMgVHJhY2sgUkZDIHNwZWNpZmljYWxseSBmb3IgdGhlIHB1cnBvc2Ugb2Yg bWFraW5nIHRoZSB0ZXh0dWFsIHJlZ2lzdHJhdGlvbiwgcmVmZXJyaW5nIHRvIGRyYWZ0LWlldGYt bGFtcHMtcGtpeC1zaGFrZS4gVGhhdCBzZWVtcyBsaWtlIHVubmVjZXNzYXJ5IHdvcmssIGJ1dCBJ IHdpbGwgZG8gaXQgaWYgdGhhdCBpcyB3aGF0IGlzIHJlcXVpcmVkLg0KDQpCZXN0IHJlZ2FyZHMs DQoNClNlYW4NCg0KPg0KPiBSZ3MsDQo+IFBhbm9zDQo+DQo+DQo+IC0tLS0tT3JpZ2luYWwgTWVz c2FnZS0tLS0tDQo+IEZyb206IFNwYXNtIDxzcGFzbS1ib3VuY2VzQGlldGYub3JnPiBPbiBCZWhh bGYgT2YgU2VhbiBMZW9uYXJkDQo+IFNlbnQ6IFRodXJzZGF5LCBBcHJpbCAwNCwgMjAxOSAxMjo0 OCBBTQ0KPiBUbzogU1BBU00gPHNwYXNtQGlldGYub3JnPg0KPiBTdWJqZWN0OiBbbGFtcHNdIE5l ZWQgU0hBS0UgdGV4dCBzdHJpbmdzLCBhZGQgdG8gZHJhZnQtaWV0Zi1sYW1wcy1wa2l4LXNoYWtl Pw0KPg0KPiBJIGhhdmUgYSBuZWVkIHRvIGlkZW50aWZ5IFNIQUtFMTI4IGFuZCBTSEFLRTI1NiBh bGdvcml0aG1zIGJ5IHRleHQgc3RyaW5ncy4NCj4NCj4gVGhlcmUgaXMgYW4gSUFOQSByZWdpc3Ry eSBhcHRseSBuYW1lZCDigJxIYXNoIEZ1bmN0aW9uIFRleHR1YWwgTmFtZXPigJ06DQo+IDxodHRw czovL3d3dy5pYW5hLm9yZy9hc3NpZ25tZW50cy9oYXNoLWZ1bmN0aW9uLXRleHQtbmFtZXMvaGFz aC1mdW5jdGlvbi10ZXh0LW5hbWVzLnhodG1sPi4NCj4NCj4gSSByZXF1ZXN0IHRoZSBmb2xsb3dp bmcgY2hhbmdlIHRvIGRyYWZ0LWlldGYtbGFtcHMtcGtpeC1zaGFrZToNCj4NCj4gQ2hhbmdlIDYu IElBTkEgQ29uc2lkZXJhdGlvbnMgdG8gcmVhZDoNCj4NCj4gfn5+DQo+DQo+ICAgICAgSUFOQSBp cyBkaXJlY3RlZCB0byB1cGRhdGUgdGhlIEhhc2ggRnVuY3Rpb24gVGV4dHVhbCBOYW1lcw0KPiAg ICAgIHJlZ2lzdHJ5IFtSRkM4MTIyXSB3aXRoIHR3byBhZGRpdGlvbmFsIGVudHJpZXMgZm9yIFNI QUtFMTI4DQo+ICAgICAgYW5kIFNIQUtFMjU2LiBUYWJsZSAxIGNvbnRhaW5zIHRoZSBuZXcgdmFs dWVzIG9mIHRoaXMgcmVnaXN0cnkuDQo+DQo+ICAgICAgICAgICstLS0tLS0tLS0tLS0tLS0tLS0t LSstLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tKw0KPiAgICAgICAgICB8IEhh c2ggRnVuY3Rpb24gTmFtZSB8ICAgICAgICAgIE9JRCAgICAgICAgICAgIHwgUmVmZXJlbmNlIHwN Cj4gICAgICAgICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0t LS0rLS0tLS0tLS0tLS0rDQo+ICAgICAgICAgIHwgICAgICJzaGFrZTI1NiIgICAgIHwgMi4xNi44 NDAuMS4xMDEuMy40LjIuMTEgfCAgW1RISVNdICAgfA0KPiAgICAgICAgICB8ICAgICAic2hha2U1 MTIiICAgICB8IDIuMTYuODQwLjEuMTAxLjMuNC4yLjEyIHwgIFtUSElTXSAgIHwNCj4gICAgICAg ICAgKy0tLS0tLS0tLS0tLS0tLS0tLS0tKy0tLS0tLS0tLS0tLS0tLS0tLS0tLS0tLS0rLS0tLS0t LS0tLS0rDQo+DQo+DQo+ICAgICAgICAgICAgICAgVGFibGUgMTogSUFOQSBIYXNoIEZ1bmN0aW9u IFRleHR1YWwgTmFtZXMgUmVnaXN0cnkNCj4NCj4NCj4gfn5+DQo+DQo+IEZ1cnRoZXJtb3JlLCBS RkMgODEyMiBzYXlzIHRoYXQgdGhlIHJlZ2lzdGVyaW5nIFN0YW5kYXJkcyBUcmFjayBSRkMgaGFz IHRvIHVwZGF0ZSBSRkMgMzI3OS4gU28sIHRoZSBzdGF0dXMgb2YgZHJhZnQtaWV0Zi1sYW1wcy1w a2l4LXNoYWtlIGlzIHN1cHBvc2VkIHRvIGJlIGNoYW5nZWQgdG8gVXBkYXRlczogUkZDIDMyNzku DQo+DQo+IFRoYW5rIHlvdSwNCj4NCj4gU2Vhbg0KPg0KPiBfX19fX19fX19fX19fX19fX19fX19f X19fX19fX19fX19fX19fX19fX19fX19fXw0KPiBTcGFzbSBtYWlsaW5nIGxpc3QNCj4gU3Bhc21A aWV0Zi5vcmcNCj4gaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1hbi9saXN0aW5mby9zcGFzbQ0K DQpfX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fX19fXw0KU3Bhc20g bWFpbGluZyBsaXN0DQpTcGFzbUBpZXRmLm9yZw0KaHR0cHM6Ly93d3cuaWV0Zi5vcmcvbWFpbG1h bi9saXN0aW5mby9zcGFzbQ0K From nobody Mon Apr 8 10:16:30 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 193021200B7; Mon, 8 Apr 2019 10:16:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=cNRwgUN5; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=dDMXcZiX Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9Xgyw_e-S_sK; Mon, 8 Apr 2019 10:16:20 -0700 (PDT) Received: from rcdn-iport-4.cisco.com (rcdn-iport-4.cisco.com [173.37.86.75]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D65BC120103; Mon, 8 Apr 2019 10:16:19 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2634; q=dns/txt; s=iport; t=1554743780; x=1555953380; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=oc5GspCFN4BWWIjb5Ifk12QHe17bE22IxL2KMY18yxc=; b=cNRwgUN5zTm/caXA/b1VhoarhHPdsDaB+CKFG/hXZMVZCI3IMYTBZGwU UPRUqTuc4RYLqg6kzfrWyr/5ik7a870Y8WZqHsjoHr2sE6GOwpbEVa4s3 Y9gGthj1FUZfdI8A53yVSjGGHEBuDkPQ7SwrkrhSzjdJtWU5haGVFwcP0 A=; IronPort-PHdr: =?us-ascii?q?9a23=3AJJsgKxI/hEtS+lRrFdmcpTVXNCE6p7X5OBIU4Z?= =?us-ascii?q?M7irVIN76u5InmIFeBvKd2lFGcW4Ld5roEkOfQv636EU04qZea+DFnEtRXUg?= =?us-ascii?q?Mdz8AfngguGsmAXFX4JfvyZiozNM9DT1RiuXq8NBsdFQ=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0AUAAAWgatc/4wNJK1lGQEBAQEBAQE?= =?us-ascii?q?BAQEBAQcBAQEBAQGBUQQBAQEBAQsBgT1QA2hUIAQLJ4dVA4RSilaCV5cYgS6?= =?us-ascii?q?BJANUDgEBGAsJhEAChWUiNAkNAQEDAQEJAQIBAm0cDIVKAQEBBAEBOAYBASw?= =?us-ascii?q?LAQsEAgEIDgMEAQEfECcLHQgCBAENBQiDG4FdAxUBDqMcAooUgiCCeQEBBYR?= =?us-ascii?q?6GIIMAwWBMAGLRheBQD+BEUaCTD6CYQEBgWODOYImpgkJAogBjBqUXItThiK?= =?us-ascii?q?NXAIEAgQFAg4BAQWBTziBVnAVO4JsggoLAReDTIUUhT9ygSiPRQEB?= X-IronPort-AV: E=Sophos;i="5.60,326,1549929600"; d="scan'208";a="544977749" Received: from alln-core-7.cisco.com ([173.36.13.140]) by rcdn-iport-4.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2019 17:16:18 +0000 Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by alln-core-7.cisco.com (8.15.2/8.15.2) with ESMTPS id x38HGI3O006786 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Apr 2019 17:16:18 GMT Received: from xhs-rtp-001.cisco.com (64.101.210.228) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 12:16:17 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rtp-001.cisco.com (64.101.210.228) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 13:16:16 -0400 Received: from NAM05-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 8 Apr 2019 12:16:15 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=rf5sFZfy1N/OtilfylmeqcOZeqxmNw/zupd9ecLTLCs=; b=dDMXcZiXHb8BDm34CxWB212BB8yVuzo7dPIcRJ9KreChqPih7SZBeAKsc8uiPCLoahZwTu/P7jywrTuMJSOIORute588662i+Jxug6Zhhk7XdoxBuL4fH7sOVnfBhDCTOlXin/s5i0L3Nkl3vG4JVaVinqjZissadCMOfGzi3Lk= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB1894.namprd11.prod.outlook.com (10.175.61.13) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Mon, 8 Apr 2019 17:16:14 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Mon, 8 Apr 2019 17:16:14 +0000 From: "Panos Kampanakis (pkampana)" To: Yoav Nir , "secdir@ietf.org" CC: "spasm@ietf.org" , "ietf@ietf.org" , "draft-ietf-lamps-pkix-shake.all@ietf.org" Thread-Topic: [lamps] Secdir last call review of draft-ietf-lamps-pkix-shake-08 Thread-Index: AQHU5/ykXrE8DKHUeE+V24TJfSdmxKYyhOZQ Date: Mon, 8 Apr 2019 17:16:14 +0000 Message-ID: References: <155406252797.12369.12070204875103995275@ietfa.amsl.com> In-Reply-To: <155406252797.12369.12070204875103995275@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1005::f1] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: da184403-edb3-4939-27fe-08d6bc45e7d6 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB1894; x-ms-traffictypediagnostic: CY4PR11MB1894: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 0001227049 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(39860400002)(396003)(376002)(346002)(366004)(136003)(13464003)(51914003)(199004)(189003)(229853002)(106356001)(52536014)(71200400001)(71190400001)(2501003)(99286004)(5660300002)(7736002)(305945005)(74316002)(2906002)(105586002)(256004)(14444005)(86362001)(102836004)(6506007)(53546011)(7696005)(46003)(76176011)(186003)(478600001)(476003)(11346002)(68736007)(6116002)(14454004)(6436002)(6246003)(966005)(54906003)(97736004)(25786009)(8676002)(110136005)(316002)(4326008)(81166006)(81156014)(53936002)(6306002)(9686003)(8936002)(55016002)(446003)(486006)(33656002); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1894; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 9OW8GlQKCW/5vL8EMM4t7lXi7YdASREpW+XjMIWD9wU0176ob6JB76QGpaiPVipky/1Fqcxsz+VquJNx1cW3iIfxou8wuYNTHt5UUKxx3jXZfVySNLl7aCV3lkZU9FQbbLz/9iPGbtcUdhaygpiwF7VKTcEOdWvzOQeutwjD3fQsqMF/bRY6D4jRzq4fJbXQ9BE76SYCRXcf5YNfHp8uejHjrsHQa2P4aqjeATMWU0aKy11wT38KPrKAM9gBZmIBRll+bh8ttDfCeogJTnLzBeYGjyK8uj4mk9QaeP7ZKoFUcEXW2rM2YVDCZgaBnvZrGJaNn8Uqk+BgpBh+IqABKGc8Oif95S9A9Roblsl+5Z9b1wHBxMq5CeUw6SkmKw0XF+U5QmqsLxCidFrA0ekcn04kH6pDg04mgaRw6gfn7Sw= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: da184403-edb3-4939-27fe-08d6bc45e7d6 X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 17:16:14.6459 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1894 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com X-Outbound-Node: alln-core-7.cisco.com Archived-At: Subject: Re: [lamps] Secdir last call review of draft-ietf-lamps-pkix-shake-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 08 Apr 2019 17:16:23 -0000 Thanks for the review Yoav.=20 I made changes in the Sec Considerations to address your comments. The chan= ges are described here https://github.com/csosto-pk/adding-shake-to-pkix/is= sues/42=20 I will reupload the draft at the end of this week probably unless there are= more comments while in IESG review. Panos -----Original Message----- From: Spasm On Behalf Of Yoav Nir via Datatracker Sent: Sunday, March 31, 2019 4:02 PM To: secdir@ietf.org Cc: spasm@ietf.org; ietf@ietf.org; draft-ietf-lamps-pkix-shake.all@ietf.org Subject: [lamps] Secdir last call review of draft-ietf-lamps-pkix-shake-08 Reviewer: Yoav Nir Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing= effort to review all IETF documents being processed by the IESG. These com= ments were written primarily for the benefit of the security area directors= . Document editors and WG chairs should treat these comments just like any = other last call comments. The document is almost ready. The intent is clear and the IANA instructions= are good. I have two issues with the Security Considerations section. That section h= as two paragraphs, and I'll start with the second one. The second paragraph has a SHOULD-level requirement to choose an ECDSA curv= e with an appropriate strength to match that of the hash function (SHAKE128= vs SHAKE256). This seems to me like a compliance requirement. While this i= s not a hard-and-fast rule, these should usually go in the body of the docu= ment, such as in section 5 rather than in security considerations. It's al= so puzzling why there are no similar recommendations for the strength of th= e RSA key. The first paragraph I find confusing. It states that the SHAKE functions a= re deterministic, and goes on to explain that this means that executing the= m on the same input will result in the same output, and that users should n= ot expect this to be the case. Why does this need to be said? Is this not t= he same for any hash function? The paragraph than goes on to tell the reade= r that with different output lengths, the shorter ones are prefixes of the= longer ones, and that this is like hash function truncation. Why do we ne= ed any of this information and why is this related to security? This is es= pecially puzzling considering that the document fixes the output length to = a specific value for each of the two functions. _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Tue Apr 9 19:19:01 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BA424120096 for ; Tue, 9 Apr 2019 19:18:59 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.601 X-Spam-Level: X-Spam-Status: No, score=-2.601 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id qAFqbmMWYY78 for ; Tue, 9 Apr 2019 19:18:58 -0700 (PDT) Received: from outgoing.mit.edu (outgoing-auth-1.mit.edu [18.9.28.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 1FE8812000E for ; Tue, 9 Apr 2019 19:18:57 -0700 (PDT) Received: from kduck.mit.edu (24-107-191-124.dhcp.stls.mo.charter.com [24.107.191.124]) (authenticated bits=56) (User authenticated as kaduk@ATHENA.MIT.EDU) by outgoing.mit.edu (8.14.7/8.12.4) with ESMTP id x3A2IsVx008224 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Tue, 9 Apr 2019 22:18:56 -0400 Date: Tue, 9 Apr 2019 21:18:53 -0500 From: Benjamin Kaduk To: Claudio Luck Cc: spasm@ietf.org Message-ID: <20190410021853.GB18549@kduck.mit.edu> References: <87tvfia3k5.fsf@fifthhorseman.net> <6067219c-c971-20d2-8df6-28a061869696@pep.foundation> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <6067219c-c971-20d2-8df6-28a061869696@pep.foundation> User-Agent: Mutt/1.10.1 (2018-07-13) Archived-At: Subject: Re: [lamps] New Version Notification for draft-luck-lamps-pep-header-protection-01.txt (fwd) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 02:19:00 -0000 On Mon, Apr 08, 2019 at 02:06:29PM +0200, Claudio Luck wrote: > Hi Daniel > > Thanks a lot for your comments! > > In the current draft in section 5 and onwards we shamelessly described > pEp's current implementation, keeping the emphasis on completeness, thus > expanding a bit bejond header protection alone. This should now change > as we progress with our other drafts in the MEDUP WG, so that we can > reference them properly. I'm looking forward in settling all your > objections. [obligatory note that MEDUP is a non-WG mailing list; it is not a working group] -Ben From nobody Tue Apr 9 21:11:16 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 54725120364; Tue, 9 Apr 2019 21:11:01 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: Tianran Zhou via Datatracker To: Cc: spasm@ietf.org, ietf@ietf.org, draft-ietf-lamps-pkix-shake.all@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: Tianran Zhou Message-ID: <155486946127.19649.7242764557830648898@ietfa.amsl.com> Date: Tue, 09 Apr 2019 21:11:01 -0700 Archived-At: Subject: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 10 Apr 2019 04:11:01 -0000 Reviewer: Tianran Zhou Review result: Has Issues I have reviewed this document as part of the Operational directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written with the intent of improving the operational aspects of the IETF drafts. Comments that are not addressed in last call may be included in AD reviews during the IESG review. Document editors and WG chairs should treat these comments just like any other last call comments. Document reviewed: draft-ietf-lamps-pkix-shake-08 Intended Status: Standards Track Summary: In general, this document is clear to me. I did not see any special operational or network management related issue. It's almost ready to be published. There are some issues and nits. Issues: The normative and informative reference in this draft are not clear to me. I think that [RFC8017](Informational) and [RFC8174](BCP) should not be normative reference. And why some standard tack RFC are listed in informative reference? Editorial: line 102: redundand -> redundant line 126,129: Deterministric -> Deterministic line 314: algorithsm -> algorithms line 378: subtitutions -> substitutions line 763,777: Determinstic -> Deterministic From nobody Wed Apr 10 20:57:35 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E8D23120258; Wed, 10 Apr 2019 20:57:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=FOxyLb0E; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Wie6iZNB Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1QK391erZZYz; Wed, 10 Apr 2019 20:57:32 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0CB4712020A; Wed, 10 Apr 2019 20:57:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2875; q=dns/txt; s=iport; t=1554955052; x=1556164652; h=from:to:cc:subject:date:message-id:references: in-reply-to:content-transfer-encoding:mime-version; bh=l790YszbEaWXisLsPg21vOKYEQ7iTJKLP9irT1Nc7yI=; b=FOxyLb0EL6jqRibd1JQc5jz9zuexxJ9MczIHs1zFBNsTLUmID/OkRUDS Gs2PBUKhXWy69h50LqjI0/cjXD24i/Y8mfXTZ18yGLD4DyAPX/nMFLwqT 7Y0wKBRx1pBxTNfopin5NUGE7T3huDhyyBrx4YdES0Pm5U3WWyOwsvNlG Y=; IronPort-PHdr: =?us-ascii?q?9a23=3AFX0omxTt6izLBtbmMgsmH7k0/dpsv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0A4AAB7uq5c/5JdJa1lGgEBAQEBAgE?= =?us-ascii?q?BAQEHAgEBAQGBUgQBAQEBCwGBPSQsA2hUIAQLJ4dVA48fgleXGIEugSQDVA4?= =?us-ascii?q?BARgNB4RAAoVrIjUIDQEBAwEBCQECAQJtHAyFSgEBAQECAQEBJRMGAQEsCwE?= =?us-ascii?q?EBwQCAQgRBAEBHgEQJwsdCAIEAQ0FCIMbgV0DDQgBDqA5AooUgW0zgnkBAQW?= =?us-ascii?q?FAhiCDAMFgTABi0YXgUA/gRFGgkw+gmEBAYFjgzmCJqYNCQKIBIwbggaJeoh?= =?us-ascii?q?ki1aGIo1cAgQCBAUCDgEBBYFRATWBPQUMCHAVO4JsH4FrDBeDTIUUhT9ygSi?= =?us-ascii?q?PRQEB?= X-IronPort-AV: E=Sophos;i="5.60,335,1549929600"; d="scan'208";a="258678713" Received: from rcdn-core-10.cisco.com ([173.37.93.146]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 11 Apr 2019 03:57:31 +0000 Received: from XCH-RCD-006.cisco.com (xch-rcd-006.cisco.com [173.37.102.16]) by rcdn-core-10.cisco.com (8.15.2/8.15.2) with ESMTPS id x3B3vVis016573 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Thu, 11 Apr 2019 03:57:31 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-RCD-006.cisco.com (173.37.102.16) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 10 Apr 2019 22:57:30 -0500 Received: from xhs-rcd-002.cisco.com (173.37.227.247) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Wed, 10 Apr 2019 22:57:30 -0500 Received: from NAM05-CO1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-002.cisco.com (173.37.227.247) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Wed, 10 Apr 2019 22:57:29 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=3HifaSZN5g3mIVrYsBbxHVaPvfLTFlT1sZB4IjTWkH4=; b=Wie6iZNBKcAQWCSagbb9onWrlXtgkNXUE/oxSNzv62H8syA4eCOrscJP+RVFRbq8Jy3jNo0DBcacIhmY+k0yz0QxhAKnI4KCi8W8ie1zP9IAaFHh5BqrwIayEWFC6aOfCvMyjRY0Y3rGGloibHVFyWmeeLpeGBOZsDR+T8cOavY= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB1445.namprd11.prod.outlook.com (10.172.67.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.13; Thu, 11 Apr 2019 03:57:28 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Thu, 11 Apr 2019 03:57:28 +0000 From: "Panos Kampanakis (pkampana)" To: Tianran Zhou , "ops-dir@ietf.org" CC: "spasm@ietf.org" , "ietf@ietf.org" , "draft-ietf-lamps-pkix-shake.all@ietf.org" Thread-Topic: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 Thread-Index: AQHU71OLq3d10ebArkeXoHO8YvndM6Y2U6qg Date: Thu, 11 Apr 2019 03:57:28 +0000 Message-ID: References: <155486946127.19649.7242764557830648898@ietfa.amsl.com> In-Reply-To: <155486946127.19649.7242764557830648898@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1002::12d] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d4554807-27aa-41b3-5aaa-08d6be31d10e x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB1445; x-ms-traffictypediagnostic: CY4PR11MB1445: x-ms-exchange-purlcount: 2 x-microsoft-antispam-prvs: x-forefront-prvs: 00046D390F x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(136003)(39860400002)(396003)(346002)(366004)(199004)(189003)(13464003)(51444003)(7696005)(446003)(74316002)(53936002)(186003)(99286004)(33656002)(9686003)(966005)(486006)(55016002)(76176011)(105586002)(25786009)(478600001)(6436002)(6306002)(6506007)(46003)(71200400001)(106356001)(8936002)(71190400001)(97736004)(14454004)(229853002)(8676002)(256004)(81156014)(81166006)(102836004)(476003)(6116002)(52536014)(11346002)(5660300002)(54906003)(2906002)(316002)(2501003)(7736002)(86362001)(4326008)(53546011)(68736007)(305945005)(6246003)(110136005); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1445; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: cbjSKwGtvBojZ3YhyDt/yitfcGnQQZsDXE9XRpmDuA98quY8Uf8d2CIs97tpcauetv/vOOHzvyi9kFd/mHER0KdTJeJJiBQ2jJCox/p8rRj+au8MEorujlT86tof1L94459ZbTZoic4pWVcUf2pdXCxC8GTmn4DrB/gB9873e7v5AhIB5EGhulespPUyHSv4tqKYLcu/XhVEJm5Ero/7SjZx7n9+pu97GeQbOrlESHV/5ZE+j0VjHk+KLi7OZt7Sf77ARM974JbwB9n0M/+pvjOp+f7Dyn2pT5mQtEJjk1gjLubfVZZ24RZQLe7LIOhyJO9QPREVAAhjeDzfzoCUYWw9F2tfgEOiuMSRLBkwT0+7CnfEeFnVRtHvT2WAhQM5/FIJ1p+O+cklC134r2cok2oumQT3B2MKFB4lr7CRzV8= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: d4554807-27aa-41b3-5aaa-08d6be31d10e X-MS-Exchange-CrossTenant-originalarrivaltime: 11 Apr 2019 03:57:28.8556 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1445 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.16, xch-rcd-006.cisco.com X-Outbound-Node: rcdn-core-10.cisco.com Archived-At: Subject: Re: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 03:57:34 -0000 Thank you Tianran.=20 > The normative and informative reference in this draft are not clear to me= . I think that RFC8017 and RFC8174 should not be normative reference. And w= hy some standard tack RFC are listed in informative reference? Indeed RFC8017 and RFC8174 are Normative References. RFC8017 is Information= al draft but we are keeping it in the Normative References even though idni= ts complains because we need a normative reference for RSASSA-PSS otherwise= someone implementing our draft would not know RSASSA-PSS. RFC4056 does the= same thing with RSASS-PSS v2.1. RFC8174 is Normative because we must be re= ad to understand what the capital letters mean in our draft. It is normativ= e in other standards like RFC8366 as well. We have some Informative Referen= ces that are Standard RFCs. The reason we do that is because someone does n= ot need to read them to understand or implement the proposed draft as per h= ttps://ietf.org/blog/iesg-statement-normative-and-informative-references/ All the Editorial nits are fixed in the next iterations that will be pushed= out soon.=20 Panos -----Original Message----- From: Spasm On Behalf Of Tianran Zhou via Datatrac= ker Sent: Wednesday, April 10, 2019 12:11 AM To: ops-dir@ietf.org Cc: spasm@ietf.org; ietf@ietf.org; draft-ietf-lamps-pkix-shake.all@ietf.org Subject: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 Reviewer: Tianran Zhou Review result: Has Issues I have reviewed this document as part of the Operational directorate's ongo= ing effort to review all IETF documents being processed by the IESG. These= comments were written with the intent of improving the operational aspects= of the IETF drafts. Comments that are not addressed in last call may be in= cluded in AD reviews during the IESG review. Document editors and WG chair= s should treat these comments just like any other last call comments. Document reviewed: draft-ietf-lamps-pkix-shake-08 Intended Status: Standar= ds Track Summary: In general, this document is clear to me. I did not see any special operati= onal or network management related issue. It's almost ready to be published= . There are some issues and nits. Issues: The normative and informative reference in this draft are not clear to me. I think that [RFC8017](Informational) and [RFC8174](BCP) should not be norm= ative reference. And why some standard tack RFC are listed in informative r= eference? Editorial: line 102: redundand -> redundant line 126,129: Deterministric -> Deterministic line 314: algorithsm -> algor= ithms line 378: subtitutions -> substitutions line 763,777: Determinstic ->= Deterministic _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Apr 11 00:46:21 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D8778120289; Thu, 11 Apr 2019 00:46:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.2 X-Spam-Level: X-Spam-Status: No, score=-4.2 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0cOVP_hWOTbQ; Thu, 11 Apr 2019 00:46:16 -0700 (PDT) Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EDF34120287; Thu, 11 Apr 2019 00:46:15 -0700 (PDT) Received: from LHREML711-CAH.china.huawei.com (unknown [172.18.7.108]) by Forcepoint Email with ESMTP id 2A1C3854621B8E3CFF41; Thu, 11 Apr 2019 08:46:14 +0100 (IST) Received: from NKGEML412-HUB.china.huawei.com (10.98.56.73) by LHREML711-CAH.china.huawei.com (10.201.108.34) with Microsoft SMTP Server (TLS) id 14.3.408.0; Thu, 11 Apr 2019 08:46:13 +0100 Received: from NKGEML515-MBX.china.huawei.com ([fe80::a54a:89d2:c471:ff]) by nkgeml412-hub.china.huawei.com ([10.98.56.73]) with mapi id 14.03.0415.000; Thu, 11 Apr 2019 15:46:06 +0800 From: Tianran Zhou To: "Panos Kampanakis (pkampana)" , "ops-dir@ietf.org" CC: "spasm@ietf.org" , "ietf@ietf.org" , "draft-ietf-lamps-pkix-shake.all@ietf.org" Thread-Topic: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 Thread-Index: AQHU8Bq1oQ7TGHGGOkGrtE7ZCJppy6Y2lOvw Date: Thu, 11 Apr 2019 07:46:06 +0000 Message-ID: References: <155486946127.19649.7242764557830648898@ietfa.amsl.com> In-Reply-To: Accept-Language: zh-CN, en-US Content-Language: zh-CN X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.111.156.116] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-CFilter-Loop: Reflected Archived-At: Subject: Re: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-08 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 07:46:19 -0000 I am OK with the update. Thanks, Tianran > -----Original Message----- > From: Panos Kampanakis (pkampana) [mailto:pkampana@cisco.com] > Sent: Thursday, April 11, 2019 11:57 AM > To: Tianran Zhou ; ops-dir@ietf.org > Cc: spasm@ietf.org; ietf@ietf.org; > draft-ietf-lamps-pkix-shake.all@ietf.org > Subject: RE: [lamps] Opsdir last call review of > draft-ietf-lamps-pkix-shake-08 >=20 > Thank you Tianran. >=20 > > The normative and informative reference in this draft are not clear to = me. > I think that RFC8017 and RFC8174 should not be normative reference. And w= hy > some standard tack RFC are listed in informative reference? >=20 > Indeed RFC8017 and RFC8174 are Normative References. RFC8017 is Informati= onal > draft but we are keeping it in the Normative References even though idnit= s > complains because we need a normative reference for RSASSA-PSS otherwise > someone implementing our draft would not know RSASSA-PSS. RFC4056 does th= e > same thing with RSASS-PSS v2.1. RFC8174 is Normative because we must be r= ead > to understand what the capital letters mean in our draft. It is normative > in other standards like RFC8366 as well. We have some Informative Referen= ces > that are Standard RFCs. The reason we do that is because someone does not > need to read them to understand or implement the proposed draft as per > https://ietf.org/blog/iesg-statement-normative-and-informative-reference > s/ >=20 > All the Editorial nits are fixed in the next iterations that will be push= ed > out soon. >=20 > Panos >=20 >=20 > -----Original Message----- > From: Spasm On Behalf Of Tianran Zhou via > Datatracker > Sent: Wednesday, April 10, 2019 12:11 AM > To: ops-dir@ietf.org > Cc: spasm@ietf.org; ietf@ietf.org; > draft-ietf-lamps-pkix-shake.all@ietf.org > Subject: [lamps] Opsdir last call review of draft-ietf-lamps-pkix-shake-0= 8 >=20 > Reviewer: Tianran Zhou > Review result: Has Issues >=20 > I have reviewed this document as part of the Operational directorate's on= going > effort to review all IETF documents being processed by the IESG. These > comments were written with the intent of improving the operational aspect= s > of the IETF drafts. Comments that are not addressed in last call may be > included in AD reviews during the IESG review. Document editors and WG c= hairs > should treat these comments just like any other last call comments. >=20 > Document reviewed: draft-ietf-lamps-pkix-shake-08 Intended Status: > Standards Track >=20 > Summary: > In general, this document is clear to me. I did not see any special opera= tional > or network management related issue. It's almost ready to be published. T= here > are some issues and nits. >=20 > Issues: > The normative and informative reference in this draft are not clear to me= . > I think that [RFC8017](Informational) and [RFC8174](BCP) should not be > normative reference. And why some standard tack RFC are listed in informa= tive > reference? >=20 > Editorial: > line 102: redundand -> redundant > line 126,129: Deterministric -> Deterministic line 314: algorithsm -> > algorithms line 378: subtitutions -> substitutions line 763,777: > Determinstic -> Deterministic >=20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Apr 11 04:50:05 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 69352120099 for ; Thu, 11 Apr 2019 04:50:04 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.6 X-Spam-Level: X-Spam-Status: No, score=-2.6 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hvJuoQanhFoE for ; Thu, 11 Apr 2019 04:50:02 -0700 (PDT) Received: from dragon.pibit.ch (dragon.pibit.ch [94.231.81.244]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 713B5120048 for ; Thu, 11 Apr 2019 04:50:02 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by dragon.pibit.ch (Postfix) with ESMTP id 7A0A9171C06D; Thu, 11 Apr 2019 13:50:00 +0200 (CEST) Received: from dragon.pibit.ch ([127.0.0.1]) by localhost (dragon.pibit.ch [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3YMzwk1Y7X1y; Thu, 11 Apr 2019 13:49:58 +0200 (CEST) Received: from [172.20.88.254] (unknown [193.138.69.8]) by dragon.pibit.ch (Postfix) with ESMTPSA id 1E292171C06B; Thu, 11 Apr 2019 13:49:58 +0200 (CEST) To: Benjamin Kaduk Cc: spasm@ietf.org References: <87tvfia3k5.fsf@fifthhorseman.net> <6067219c-c971-20d2-8df6-28a061869696@pep.foundation> <20190410021853.GB18549@kduck.mit.edu> From: Claudio Luck Message-ID: <5ff492d6-3eaf-fa7f-6592-dd806d2b43bb@pep.foundation> Date: Thu, 11 Apr 2019 13:49:55 +0200 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Thunderbird/60.6.1 MIME-Version: 1.0 In-Reply-To: <20190410021853.GB18549@kduck.mit.edu> Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit Archived-At: Subject: Re: [lamps] MEDUP ML (not WG) (draft-luck-lamps-pep-header-protection-01.txt) X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 11:50:04 -0000 On 10.04.19 04:18, Benjamin Kaduk wrote: > On Mon, Apr 08, 2019 at 02:06:29PM +0200, Claudio Luck wrote: >> Hi Daniel >> >> Thanks a lot for your comments! >> >> In the current draft in section 5 and onwards we shamelessly described >> pEp's current implementation, keeping the emphasis on completeness, thus >> expanding a bit bejond header protection alone. This should now change >> as we progress with our other drafts in the MEDUP WG, so that we can >> reference them properly. I'm looking forward in settling all your >> objections. > > [obligatory note that MEDUP is a non-WG mailing list; it is not a working > group] Whops, you're right - a lapse that can only happen to a total newcomer at IETF :-) -Claudio From nobody Thu Apr 11 11:31:55 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B2E1F120309 for ; Thu, 11 Apr 2019 11:31:54 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id P8KVyga2P5Wj for ; Thu, 11 Apr 2019 11:31:53 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD2BB120144 for ; Thu, 11 Apr 2019 11:31:51 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id AF0B4300ADF for ; Thu, 11 Apr 2019 14:13:33 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id SQoMkEtlUMpG for ; Thu, 11 Apr 2019 14:13:32 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 6F8A2300ADD for ; Thu, 11 Apr 2019 14:13:32 -0400 (EDT) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_E5C0FCD2-06A7-4314-994F-703B4485EF35" Mime-Version: 1.0 (Mac OS X Mail 12.2 \(3445.102.3\)) Date: Thu, 11 Apr 2019 14:31:49 -0400 References: To: SPASM In-Reply-To: Message-Id: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> X-Mailer: Apple Mail (2.3445.102.3) Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 18:31:55 -0000 --Apple-Mail=_E5C0FCD2-06A7-4314-994F-703B4485EF35 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Only three people have spoken so fare (2 support; 1 oppose). We need = more participation to make a consensus call. Russ > On Mar 26, 2019, at 8:56 AM, Russ Housley = wrote: >=20 > We talked about the "Algorithm Identifiers for HSS and XMSS for Use in = the Internet X.509 Public Key Infrastructure" = > document = today dat the face-to-face meeting session. It was suggested that the = document is read for WG adoption. Please voice your support or concerns = on the list. >=20 > Russ >=20 --Apple-Mail=_E5C0FCD2-06A7-4314-994F-703B4485EF35 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii Only = three people have spoken so fare (2 support; 1 oppose).  We need = more participation to make a consensus call.

Russ


On Mar 26, 2019, at 8:56 AM, Russ Housley <housley@vigilsec.com> wrote:

We = talked about the "Algorithm Identifiers for HSS and XMSS for Use in the = Internet X.509 Public Key Infrastructure" <https://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> document today dat the face-to-face meeting session.  It = was suggested that the document is read for WG adoption.  Please = voice your support or concerns on the list.

Russ


= --Apple-Mail=_E5C0FCD2-06A7-4314-994F-703B4485EF35-- From nobody Thu Apr 11 12:00:41 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 44E53120726 for ; Thu, 11 Apr 2019 12:00:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.648 X-Spam-Level: X-Spam-Status: No, score=-1.648 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pQ0fRV9kFoJk for ; Thu, 11 Apr 2019 12:00:31 -0700 (PDT) Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5FB1A1206DC for ; Thu, 11 Apr 2019 12:00:31 -0700 (PDT) Received: by mail-qk1-f169.google.com with SMTP id s81so4138624qke.13 for ; Thu, 11 Apr 2019 12:00:31 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=yPmwA/2KyuVF+ou8DoOw9n/NwRn2V5warKxJWblfd58=; b=Md/f4B+fXb4DSkd71Rah/a78MGdC8f19DIxbLrx1xdOZnsoKQjD0qqcekz73LgQykG bH2+RMxU2lno4YFM0GVnPWbl4crK2UQmYZrVsKUYBFPWmM/Pmi/BLFRmcHhGEdCepFLv y5S+FVIlCFr7nk+rqeyr6GNI3lWWWHPJ/1GEugQyQgE1cOUsnteYs+jdqUhAdmBEjCK+ 0uiQHVKPmdkTiQzSonkgGOl2CO+UvkhBBYNGzqC8d/MtaBtpVH/Vqj9EqIlFAUtPrLpO mnW6DFkTnE3/hu0k1lVSfnPRXmA1OvsC3uzPF+8+cnja17z8jaMtBN4M9+E3L0xM0TQh +Maw== X-Gm-Message-State: APjAAAXjOQ5kg2FM1qoyA3hkOUscegqOMdVnqSeHhkymCoyUDSNAujBa hAjWwSOvgDaoBpzrI+rykkjbC7gidl28bBa4w34= X-Google-Smtp-Source: APXvYqz7hdXSkOUO8Tne58twxadLdCAsUBJFaxQmMXQ3t2umZdIGjZvAyi4C9WTyPJUUWRX8B7bvEnxA9JQPaDxwuIs= X-Received: by 2002:a37:9d06:: with SMTP id g6mr40556014qke.25.1555009230152; Thu, 11 Apr 2019 12:00:30 -0700 (PDT) MIME-Version: 1.0 References: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> In-Reply-To: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> From: Adam Langley Date: Thu, 11 Apr 2019 12:00:18 -0700 Message-ID: To: Russ Housley Cc: SPASM Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 11 Apr 2019 19:00:37 -0000 On Thu, Apr 11, 2019 at 11:31 AM Russ Housley wrote: > We talked about the "Algorithm Identifiers for HSS and XMSS for Use in th= e Internet X.509 Public Key Infrastructure" document today dat the face-to-face meeting= session. It was suggested that the document is read for WG adoption. Ple= ase voice your support or concerns on the list. Since you're asking, my worries remain the same as outlined in November[1] and thus I guess I'm "opposed", although that's a stronger word that I would select. There are firmware-signing contexts where size and verification speed seem to preclude stateless signatures. There one may have to try and invest in lots of infrastructure to manage the state. But such contexts are also not using X.509 because of the same size concerns. SPHINCS isn't an RFC, but it's perfectly sound as a basis for a stateless signature scheme. (There are several, good, marginal improvements in NIST submissions but they're not critical if rushing.) I would go that route rather than throw a stateful primitive at code-signing CAs and wishing them good luck. [1] https://mailarchive.ietf.org/arch/msg/spasm/4EP3bX2adJBCmTjBMYazAKQJFU0 Cheers AGL -- Adam Langley agl@imperialviolet.org https://www.imperialviolet.org From nobody Thu Apr 11 18:32:27 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 036751200B6 for ; Thu, 11 Apr 2019 18:32:26 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.999 X-Spam-Level: X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Io7CXXk-XPBL for ; Thu, 11 Apr 2019 18:32:24 -0700 (PDT) Received: from mail-ed1-x534.google.com (mail-ed1-x534.google.com [IPv6:2a00:1450:4864:20::534]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E8BC41200A4 for ; Thu, 11 Apr 2019 18:32:23 -0700 (PDT) Received: by mail-ed1-x534.google.com with SMTP id s39so6904923edb.2 for ; Thu, 11 Apr 2019 18:32:23 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=NTlyO4HEzC9UDuNzIN5Z+cv8cVbgfK2k6fKRrFboTdU=; b=aZnlBPwt8qnqutiWhEGD4nHCPVLudtVUdi4Ro+ZzWa+kpPFg1mdsamVSSgTedSqfoJ v2xt6Zozkc9yKRdY28Jl2buArtWMd8EWicOqypSTZJww0HLRlxZ4QhuNHaT5o1zfAohC 6AOlBkXQjZFut31963FTgoqaBrbUakvb6nrintlj+QH5eBIYzEmpKGHM3D2F6sHb80I/ Iz/T3xt0g4ZWXHd5U+2L7s20NSQdWNb4BsYVcq6pNCk+/BOqmxKKAPnF+Vb/uFdQEjrF Qj8uKAxuHcENbHJCsV1TYXztLsFevBB/JfhncOb6HJ/bmvLqf20qYe6b9VTAu95R6TMp WmGg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=NTlyO4HEzC9UDuNzIN5Z+cv8cVbgfK2k6fKRrFboTdU=; b=G/PzCjA7iygXg5oWCvryYSrvaWSqpKl+jnjd9RZ5AomIXEa5v3LFLbbHblMlg5R3Jj j0BHmWZRe6RG/KqkWDllJKHmKubxh0KXU21FzLAa1WS+uzPM+VhUX5MiMQozH0U7fDbX V9R95k0urYnonWOh+b5mYI8tc22QANKDBcMYWeWGowFzxe2DizhumVF4nDjsrH4xrB1f 4gHazU57KXVx/7T+oO5xPof30UnRS+nhxvIphnfu2zpZqgY1MRLIQdNZFRd/yvK///Dl IEcgc+KDkhRVz9eNqoApLV0+tftULma9RMXauz6UrbufQHebnASq4TAQUlV4a2ai+b2d 3YOg== X-Gm-Message-State: APjAAAXtUxU78Jr+HSaRFnqzZl1BJlRwzSj1XlVL+vQEuWhh9qDgFTl5 bxtAmyDCHQ7Zr8RhrLFxSdSPWKv/DZL8Chd2fZ/Y+Q== X-Google-Smtp-Source: APXvYqzhJuS3N/te/Rl4DDVBwtKj6COM5JbgutzAl8TXbnXDRp9DmhgSXHvio+XpzZz+gkvdmoW4UO18LaKLJNOmp3s= X-Received: by 2002:a50:e610:: with SMTP id y16mr32186034edm.67.1555032741945; Thu, 11 Apr 2019 18:32:21 -0700 (PDT) MIME-Version: 1.0 From: Jonathan Hammell Date: Thu, 11 Apr 2019 21:32:10 -0400 Message-ID: To: spasm@ietf.org Content-Type: multipart/alternative; boundary="00000000000032a5eb05864b46b9" Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 01:32:26 -0000 --00000000000032a5eb05864b46b9 Content-Type: text/plain; charset="UTF-8" I support adoption of this draft. Much research has been done on how to handle the state of private key in HSMs in a fail-safe manner. Jonathan --00000000000032a5eb05864b46b9 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I support adoption of this draft.=C2=A0=C2=A0

Much research has been done on how to handle the state of private ke= y in HSMs in a fail-safe manner.=C2=A0 =C2=A0

Jona= than
--00000000000032a5eb05864b46b9-- From nobody Thu Apr 11 20:32:53 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id F301112004C; Thu, 11 Apr 2019 20:32:51 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <155503997192.14203.7867958320073441930@ietfa.amsl.com> Date: Thu, 11 Apr 2019 20:32:51 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-09.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 03:32:52 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-09.txt Pages : 16 Date : 2019-04-11 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms, as message digests and message authentication codes. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-09 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-shakes-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 11 20:36:05 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E98F1200C7; Thu, 11 Apr 2019 20:36:03 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <155504016327.13813.124911551368622638@ietfa.amsl.com> Date: Thu, 11 Apr 2019 20:36:03 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-09.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 03:36:03 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-09.txt Pages : 15 Date : 2019-04-11 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-09 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-09 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 11 20:47:38 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EBE4C120478 for ; Thu, 11 Apr 2019 20:47:35 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=b92Ej/HL; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Gbh2nTWZ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1b-792GuZVQb for ; Thu, 11 Apr 2019 20:47:33 -0700 (PDT) Received: from alln-iport-2.cisco.com (alln-iport-2.cisco.com [173.37.142.89]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 88B4F1201A7 for ; Thu, 11 Apr 2019 20:47:33 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2541; q=dns/txt; s=iport; t=1555040853; x=1556250453; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=sg1UJuHGgMEYS6xeVktxqX2AO4ROuNifIzOS4YkV410=; b=b92Ej/HLGCpCjka3PwzpBhxa8Q+JHsShuByAMRuGl7c29pp+JNXAeAk/ HNx1NBhv6v3Riy3Bp91B52dhwx6DZJE3x/oHcbowaAajaxNq4/1vSdMbm /JXhQW+QgtD2rzolPNTrMBC8CcFvx1xHsNOQ8QZW5m6tiimqRGHMyYIrt U=; IronPort-PHdr: =?us-ascii?q?9a23=3AWUmWbxzgsSChNEPXCy+N+z0EezQntrPoPwUc9p?= =?us-ascii?q?sgjfdUf7+++4j5YhWN/u1j2VnOW4iTq+lJjebbqejBYSQB+t7A1RJKa5lQT1?= =?us-ascii?q?kAgMQSkRYnBZudCkT+NPfsZgQxHd9JUxlu+HToeUU=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BdAAAPCbBc/5hdJa1lHAMECQSBUwc?= =?us-ascii?q?NAYE9UANoVCAECyiHVQOPFEqCDZcagS6BJANUDgEBGA8GhEAChXMjNAkNAQE?= =?us-ascii?q?DAQEKAQIBAm0cAQuFSgEBAQQBATgGAQEsDAsEAgEIEQQBAR4BECcLHQgCBBM?= =?us-ascii?q?IgxuBaQMcAQ6hBwKKFIIggnkBAQWBNQIOQYJ6GIINCYEwAYRehmgXgUA/gRF?= =?us-ascii?q?Ggkw+gmEBAQIBARaBICmDOYImpiAJAoIFhTZRjCSCBl2FPYxOi16GKIo3gy4?= =?us-ascii?q?CBAIEBQIOAQEFgU84gVZwFRohgmwJggwYg0yFFIU/cgGBKIx3glEBAQ?= X-IronPort-AV: E=Sophos;i="5.60,339,1549929600"; d="scan'208";a="259218511" Received: from rcdn-core-1.cisco.com ([173.37.93.152]) by alln-iport-2.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Apr 2019 03:47:32 +0000 Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-1.cisco.com (8.15.2/8.15.2) with ESMTPS id x3C3lWwX024603 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 12 Apr 2019 03:47:32 GMT Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Apr 2019 22:47:31 -0500 Received: from xhs-aln-003.cisco.com (173.37.135.120) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Apr 2019 22:47:31 -0500 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 11 Apr 2019 22:47:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=sm2oxOjtKtyC9vXQs8u0ZE/GrX/skdSg8qPGuApjnDA=; b=Gbh2nTWZ3ht/hQlSmvDwdspZgRt/EGfLcy44Isk8CCY4GCXOECh/xUTbBg64EaTp9NNrbCL/BjYvS8A/+iLopW2q7DEUkhst2rt3vfkB840VJK7zOUypmj19roiV0k5ZWfXv72xFYkMD+veWsZYhORAfr709K2GQ8Q/MlO5QpOQ= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB1734.namprd11.prod.outlook.com (10.175.80.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.17; Fri, 12 Apr 2019 03:47:30 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Fri, 12 Apr 2019 03:47:30 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-09.txt Thread-Index: AQHU8ODp3mcDTt5b60ixHlcwuQYUOKY34IUA Date: Fri, 12 Apr 2019 03:47:30 +0000 Message-ID: References: <155504016327.13813.124911551368622638@ietfa.amsl.com> In-Reply-To: <155504016327.13813.124911551368622638@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1001::b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: c6e60178-74b3-4b63-1066-08d6bef996cc x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB1734; x-ms-traffictypediagnostic: CY4PR11MB1734: x-ms-exchange-purlcount: 7 x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(39860400002)(366004)(396003)(136003)(13464003)(189003)(199004)(86362001)(256004)(55016002)(25786009)(2501003)(6916009)(74316002)(53546011)(2906002)(71200400001)(7736002)(71190400001)(6506007)(14454004)(97736004)(186003)(46003)(76176011)(7696005)(53936002)(105586002)(106356001)(6246003)(5640700003)(99286004)(81156014)(81166006)(446003)(52536014)(478600001)(1730700003)(476003)(11346002)(8676002)(486006)(33656002)(5660300002)(68736007)(6116002)(66574012)(2351001)(305945005)(316002)(6306002)(8936002)(6436002)(229853002)(966005)(102836004)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1734; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 37pZHwjIsJ/FZqh0Nj2NiboKoZyv7QW+/cl82wtNrs8bI0NynomE0zxxpdDRDnU9PBCyr8HluKuInfJRVV0S866BsGA+11NAiuxsjZzdSPMQsClggaqrlQiQTAHd1Z3iA6h77apjqFaMfpdHRsH5PpCsFOi88fDZ589uhPdpOfMHxMMCjoeqNxhC5yWvACfr/LC+GNJKIJQu+Ggx78FylRerVIToEbYaStwDVJwoRRCcai6VwuCAaRvg9DtHBJBObse76IAhA4JZnjRWlpyUxRPVRwE3Z76kiApol6geiyRUjPvtWdLMtCTvnHrwoGDcSCg6qyxxgGwKDKzqiE3nMIwZ/1cZi3eZDa6X3BIGIk/i7YCckx2XwO6rOF47m3nxtR2GViHmpMEYIhZkd42XlqkxD09jERi4QTlRPPauYms= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: c6e60178-74b3-4b63-1066-08d6bef996cc X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 03:47:30.4843 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1734 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com X-Outbound-Node: rcdn-core-1.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-09.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 03:47:36 -0000 Hello,=20 This -09 version of the draft-ietf-lamps-pkix-shake draft addresses all com= ments and nits identified so far in the IESG review.=20 The issues brought up and addressed can be found in https://github.com/csos= to-pk/adding-shake-to-pkix/issues?utf8=3D%E2%9C%93&q=3Dis%3Aissue+is%3Aclos= ed+%22IESG+Review%22+OR+%22Sean%22=20 The diff from the -08 is at https://tools.ietf.org/rfcdiff?url2=3Ddraft-iet= f-lamps-pkix-shake-09.txt=20 Thank you to all reviewers and Russ for his guidance,=20 Panos -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Thursday, April 11, 2019 11:36 PM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-09.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additio= nal Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-09.txt Pages : 15 Date : 2019-04-11 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-09 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-09 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Apr 11 20:47:44 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 671231201A7 for ; Thu, 11 Apr 2019 20:47:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.5 X-Spam-Level: X-Spam-Status: No, score=-14.5 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=l/+SyYl/; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=A6baEevJ Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rfMhlekD_UkH for ; Thu, 11 Apr 2019 20:47:34 -0700 (PDT) Received: from alln-iport-3.cisco.com (alln-iport-3.cisco.com [173.37.142.90]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 198C6120476 for ; Thu, 11 Apr 2019 20:47:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2473; q=dns/txt; s=iport; t=1555040854; x=1556250454; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=p9rspwvwK2jdDwx9u7qpkelGn8vTZTkAcLNLUHhXtkA=; b=l/+SyYl/buOaaoHDyzt6c45FVuXgo3AWts/IEMM5RA+T+0n34lAskrB5 1sOkz02umywxPXfIADg5+gWt54LnqiTJlcw2aGVachNld7tKWIojwSH+s MgPwghk5OYmIwSl5DZIWDvMX/xGXzkfxB8GtsRNuxouU4Lqirlore+Wwc M=; IronPort-PHdr: =?us-ascii?q?9a23=3AyNAqNRfh6uXwDqHwe2wL6jr/lGMj4e+mNxMJ6p?= =?us-ascii?q?chl7NFe7ii+JKnJkHE+PFxlwGQD57D5adCjOzb++D7VGoM7IzJkUhKcYcEFn?= =?us-ascii?q?pnwd4TgxRmBceEDUPhK/u/dy8zGdxLUlZN9HCgOk8TE8H7NBXf?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BNAABXCbBc/5FdJa1lHAECBAEIBAG?= =?us-ascii?q?BUgcBDAGBPVADaFQgBAsoh1UDhFKKQkqCDZcagS6BJANUDgEBGA8GhEAChXM?= =?us-ascii?q?jNAkNAQEDAQEKAQIBAm0cAQuFSgEBAQQBATgGAQEsDAsEAgEIEQQBAR4BECc?= =?us-ascii?q?LHQgCBBMIgxuBaQMcAQ6hAAKKFIIggnkBAQWBNQIOQYJ6GIINCYEwAYRehmg?= =?us-ascii?q?XgUA/gRFGgkw+gmEBAQIBARaBICmDOYImpiAJAoIFhTZRjCSCBl2FPYxOi16?= =?us-ascii?q?GKIo3gy4CBAIEBQIOAQEFgU84gVZwFRohgmwJggwYg0yFFIU/cgGBKIx3glE?= =?us-ascii?q?BAQ?= X-IronPort-AV: E=Sophos;i="5.60,339,1549929600"; d="scan'208";a="261571435" Received: from rcdn-core-9.cisco.com ([173.37.93.145]) by alln-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 12 Apr 2019 03:47:33 +0000 Received: from XCH-ALN-010.cisco.com (xch-aln-010.cisco.com [173.36.7.20]) by rcdn-core-9.cisco.com (8.15.2/8.15.2) with ESMTPS id x3C3lW2G005734 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Fri, 12 Apr 2019 03:47:32 GMT Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-010.cisco.com (173.36.7.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Apr 2019 22:47:32 -0500 Received: from xhs-aln-002.cisco.com (173.37.135.119) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 11 Apr 2019 22:47:32 -0500 Received: from NAM02-CY1-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-002.cisco.com (173.37.135.119) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 11 Apr 2019 22:47:31 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=6BBinraZRR3XZdxnR4ENymJBNmB3Ek8vG4skf1U6hgg=; b=A6baEevJPA/OyWndV8wPFA/VS7JsWX0VPThRNgrb0ZstUnfgMs2mQxVTUZO9AjnGgTmqHE3aJ2eUbwj+w1fRKdAKlHrZ29fscLvyjJSxyOtU+9Zk6XufmYYgy0T07UQHEMe3u0ad9v00Rt5LcFQCUQDjBCmget1p9OfKJt2sSV4= Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB1734.namprd11.prod.outlook.com (10.175.80.148) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.17; Fri, 12 Apr 2019 03:47:31 +0000 Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Fri, 12 Apr 2019 03:47:31 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-09.txt Thread-Index: AQHU8OB68k/pf+Zo+EiXUb2yevsBuqY3329Q Date: Fri, 12 Apr 2019 03:47:30 +0000 Message-ID: References: <155503997192.14203.7867958320073441930@ietfa.amsl.com> In-Reply-To: <155503997192.14203.7867958320073441930@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1001::b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 697f0819-0f76-4fbc-b524-08d6bef99730 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB1734; x-ms-traffictypediagnostic: CY4PR11MB1734: x-ms-exchange-purlcount: 7 x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(346002)(39860400002)(366004)(396003)(136003)(13464003)(189003)(199004)(86362001)(256004)(55016002)(25786009)(2501003)(6916009)(74316002)(53546011)(2906002)(71200400001)(7736002)(71190400001)(6506007)(14454004)(97736004)(186003)(46003)(76176011)(7696005)(53936002)(105586002)(106356001)(6246003)(5640700003)(99286004)(81156014)(81166006)(446003)(52536014)(478600001)(1730700003)(476003)(11346002)(8676002)(486006)(33656002)(5660300002)(68736007)(6116002)(66574012)(2351001)(305945005)(316002)(6306002)(8936002)(6436002)(229853002)(966005)(102836004)(9686003); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB1734; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: OoTaowIOd3HK5tb6+2v5AiPU9H8TMIQXM98d4FZFywCh51ogb0XYRABFItCSRh2aKGBX5k5Lsd2NvJGwk4tQROWxAc2GtHuMFurjcERPjFwo/AmrFDcnkFgiPoZ7/GUq39L/4HQ+Kgl3p77m/6iaIKxBblrthCbfvNdCAS5QDxFqlC6A1DyovRkLuY6NxRAYvCc16DBvn6OQdPlg9AnA5v7y/fJTW81RCvRs1xsS7Tci6OvbOXM63hXHheXDQgL2ETod3+yUfbzv/wtpJ/tmy0Lrbx10Dn8sAlsv65V94jWyGLCGQt0uucnY8txbCe93nLWHBgMU88GHGIRNQqTGklTImvSaoYc02zqpubgxlTe6MlL6Aa8Z5x1e7OIjaWKeTIsXQwoJ6kVVvsgEFZLW1TVqB43y37uwoBIDoW42GjM= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 697f0819-0f76-4fbc-b524-08d6bef99730 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 03:47:30.9207 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB1734 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.20, xch-aln-010.cisco.com X-Outbound-Node: rcdn-core-9.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-09.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 03:47:37 -0000 Hello,=20 This -09 version of the draft-ietf-lamps-cms-shakes draft addresses all com= ments and nits identified so far in the IESG review.=20 The issues brought up and addressed can be found in https://github.com/csos= to-pk/adding-shake-to-pkix/issues?utf8=3D%E2%9C%93&q=3Dis%3Aissue+is%3Aclos= ed+%22IESG+Review%22+OR+%22Sean%22=20 The diff from the -08 is at https://tools.ietf.org/rfcdiff?url2=3Ddraft-iet= f-lamps-cms-shakes-09.txt=20 Thank you to all reviewers and Russ for his guidance,=20 Panos -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Thursday, April 11, 2019 11:33 PM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-09.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cr= yptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-09.txt Pages : 16 Date : 2019-04-11 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms, as message digests and message authentication codes. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-09 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-09 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-cms-shakes-09 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Fri Apr 12 12:38:11 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E238B12081E for ; Fri, 12 Apr 2019 12:38:09 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -0.711 X-Spam-Level: X-Spam-Status: No, score=-0.711 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=1.989, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=Mmtv5UGs; dkim=pass (1024-bit key) header.d=digicert.com header.b=njMx7v9y Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id reo-S7jJOWxg for ; Fri, 12 Apr 2019 12:38:05 -0700 (PDT) Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D36621200D5 for ; Fri, 12 Apr 2019 12:38:04 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1555097883; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=5ax9Fgc+Qf5RGbSU6N1uu94u6Y425znEiOiXC/iKtFs=; b=Mmtv5UGsFxzuVkc3vcLsm4FK6FZ940I74qilzDfbpZBeBEpQU8hcORIqZmKAKYj2us9CJGLSY4NA6rILyXE/AjiWVYi82s3Frox/qYylJ6F43U0L46txy8BmBpoLL75eAJvKrU81tN/NhVNeB7UCDvqGlIC3vdCJj1E1gShiT7E= Received: from NAM02-SN1-obe.outbound.protection.outlook.com (mail-sn1nam02lp2052.outbound.protection.outlook.com [104.47.36.52]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-245-9v-oAzlUMRKwa_2SpCa5lg-1; Fri, 12 Apr 2019 15:38:02 -0400 X-MC-Unique: 9v-oAzlUMRKwa_2SpCa5lg-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=5ax9Fgc+Qf5RGbSU6N1uu94u6Y425znEiOiXC/iKtFs=; b=njMx7v9yMkNsfByWOpumfjWlvzlH1OcK3XGb51HRKvOxiulozek95FKLxWTVsa9lxEUqcWF9r/OdC4ef6gcmhSnhorTtWovVZitu+S4ZcEdZQS3kTJl0lsO9rwIu4LNsh4w8jShQCxTJ4k9nXyqFKNyQChcFC5FgGUpQkUNcoy8= Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1841.namprd14.prod.outlook.com (10.171.177.144) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.15; Fri, 12 Apr 2019 19:37:58 +0000 Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728%6]) with mapi id 15.20.1771.019; Fri, 12 Apr 2019 19:37:58 +0000 From: Tim Hollebeek To: Russ Housley , Quynh Dang CC: SPASM , Daniel Van Geest , Jim Schaad , Scott Fluhrer Thread-Topic: [lamps] Side-channel attack on multi-level trees and key generation of LMS. Thread-Index: AQHU49VXx21KHECH1UWEyX+/NMZuuKYd5ZWAgAAMQQCAABNAAIAABCUAgAAMzgCAATq3gIADHWwAgAAIcwCAADZ0AIAWWabw Date: Fri, 12 Apr 2019 19:37:57 +0000 Message-ID: References: <048d01d4e3e6$625b4980$2711dc80$@augustcellars.com> <026b333ae64b45abb031a537366512df@XCH-RTP-006.cisco.com> <04c001d4e3ee$dc6a1b90$953e52b0$@augustcellars.com> <880932bf30944ec7a7883c99a42af9c3@XCH-RTP-006.cisco.com> <2783B663-BB48-48CA-B44C-1C269C9B2059@isara.com> <0967202E-7A00-4042-AB5F-210FAAE0792F@vigilsec.com> In-Reply-To: <0967202E-7A00-4042-AB5F-210FAAE0792F@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com; x-originating-ip: [98.111.253.32] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: e1b699a5-b770-4421-0939-08d6bf7e5dcf x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1841; x-ms-traffictypediagnostic: BN6PR14MB1841: x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(136003)(39860400002)(366004)(376002)(346002)(396003)(53754006)(199004)(189003)(44832011)(86362001)(316002)(236005)(476003)(606006)(99286004)(478600001)(966005)(66066001)(110136005)(14454004)(7696005)(53546011)(97736004)(6506007)(76176011)(229853002)(26005)(186003)(54906003)(446003)(33656002)(99936001)(71200400001)(2906002)(102836004)(71190400001)(53936002)(11346002)(81156014)(486006)(93886005)(5660300002)(106356001)(52536014)(105586002)(53946003)(9686003)(256004)(3846002)(54896002)(14444005)(7736002)(8676002)(68736007)(6436002)(6246003)(4326008)(55016002)(6306002)(6116002)(25786009)(8936002)(790700001)(81166006)(74316002); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1841; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: Y91/541A5BxeBzoBxpwlxnz0MQ/NhS7od/NTyJp+uP6l4aO0xew9L/JamfjEwVqcefNS2ot19wQZjeCQAWBRKUlMEiwOLWwrrd6Hj6oJZhcL9qHhu1tmzHcT4rnHO3q8gKCA43tulNBsBQ88L92nvSWd0RjqhcnQ1NBmo4XxDynniJ13E7n+tMqiBj50i7PXYF9qFKW87+wn80xLGp9ppbZlVeyDrxIINp6X907O/sBV8W8Mlz3HN80JSUDAk88FED6768AQbSkEF6t3n5Ku/2bFm3i0bYFLcAjMYjgAW3vns8SrHIKt3muKgz9OeXmtTYNkIQAgB1ms0DoAKrK7/RtIrrJhFCZQe8fVLJhwk+14Nk+GDck+PV++glEcPYxeefpWYzFRVur1Ah2k5pD2sxB+ij7Xc78nL1GFE/hf9QQ= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0022_01D4F145.AFD9C8F0" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: e1b699a5-b770-4421-0939-08d6bf7e5dcf X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 19:37:57.7705 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1841 Archived-At: Subject: Re: [lamps] Side-channel attack on multi-level trees and key generation of LMS. X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 19:38:10 -0000 ------=_NextPart_000_0022_01D4F145.AFD9C8F0 Content-Type: multipart/alternative; boundary="----=_NextPart_001_0023_01D4F145.AFD9C8F0" ------=_NextPart_001_0023_01D4F145.AFD9C8F0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable I agree with Russ. =20 -Tim =20 From: Spasm On Behalf Of Russ Housley Sent: Friday, March 29, 2019 10:19 AM To: Quynh Dang Cc: SPASM ; Daniel Van Geest = ; Jim Schaad ; Scott = Fluhrer Subject: Re: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 I do not agree that this fault-injection attack leads to a SHOULD for = single-level trees. =20 Russ=20 On Mar 29, 2019, at 7:04 AM, Dang, Quynh (Fed) > wrote: =20 Hi all, =20 I suggest to add that "When key generation time is not a problem for a = single-level tree which provides the desired number of OTS private keys = a user has, then the single-tree HBS is a preferred option over the = alternative multi-level tree HBSs which provide the same (or close ) = number as the desired number of the OTS private keys.=20 =20 Multi-level tree HBSs are insecure under fault-injection attack, see = "reference to the paper". Therefore, single-level tree HBSs should be = used." =20 Some text guidance for defenses against the attack is needed. I am not a = right person to provide such text. =20 Regards, Quynh.=20 _____ =20 From: Daniel Van Geest < = Daniel.VanGeest@isara.com> Sent: Friday, March 29, 2019 6:34:00 AM To: Scott Fluhrer (sfluhrer); Jim Schaad; Dang, Quynh (Fed); 'SPASM' Subject: Re: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 This is an interesting discussion. Is there anything anyone would like = added to draft-vangeest-x509-hash-sigs as a result? Also note that = anything that could be added here would also apply to cms-hash-sigs = since HSS supports multiple level trees. =20 Daniel =20 On 2019-03-27, 7:00 AM, "Spasm on behalf of Scott Fluhrer (sfluhrer)" < = spasm-bounces@ietf.org on behalf of = sfluhrer@cisco.com> wrote: =20 =20 From: Jim Schaad < = ietf@augustcellars.com>=20 Sent: Tuesday, March 26, 2019 12:14 PM To: Scott Fluhrer (sfluhrer) < = sfluhrer@cisco.com>; 'Dang, Quynh (Fed)' < = = quynh.dang=3D40nist.gov@dmarc.ietf.org>; 'SPASM' < = spasm@ietf.org> Subject: RE: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 I understand that, but again there are some trade-offs of memory vs = time. All of the simple tree saving algorithms I have thought of can = occasionally require the generation of a large portion of the tree = depending on what boundaries one is crossing in the tree, this means = that the signing time is not constant. One can also make gains by doing = some pre-computation of expected trees as one goes along. When you have = a tree of trees, one can get lots of speed up by saving the signature = for all but the bottom most tree so that only that tree needs to have = portions regenerated until you move to a new sub-tree. =20 Again, there are better algorithms known; as an example to the fractal = method I gave a link to before, if we have a H=3D25 tree (circa 32 = million leaf nodes), we can perform a walk by storing a maximum of 158 = Merkle node values, and for each signature, performing 6 leaf public key = recomputations per signature (not counting the OTS signature generation = and a handful of hash computations while we combine Merkle nodes). For = this algorithm, it always has the current authentication path entirely = in memory; the entire computation done is performing pre-computation so = we=E2=80=99re set up for the next authentication path. The BDS algorithm works even better if you have minimal storage for = internal Merkle nodes; see = = https://www-old.cdc.informatik.tu-darmstadt.de/reports/reports/BDS08.pdf = =20 =20 All of these are space/time trade-offs and one needs to understand what = the extremes are on both ends before one says that a huge single tree is = better or worse than a lot of small trees, even if the number of levels = that are created are the same. =20 Jim =20 =20 From: Scott Fluhrer (sfluhrer) < = sfluhrer@cisco.com>=20 Sent: Tuesday, March 26, 2019 4:28 PM To: Jim Schaad < = ietf@augustcellars.com>; 'Dang, Quynh (Fed)' < = = quynh.dang=3D40nist.gov@dmarc.ietf.org>; 'SPASM' < = spasm@ietf.org> Subject: RE: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 Actually, there are algorithms that are able to generate the next = authentication path by storing a comparatively small part of the tree, = and using only a relatively small number of leaf node evaluations.. For = example, = http://www.szydlo.com/fractal-jmls.pdf =20 From: Jim Schaad < = ietf@augustcellars.com>=20 Sent: Tuesday, March 26, 2019 11:13 AM To: 'Dang, Quynh (Fed)' < = = quynh.dang=3D40nist.gov@dmarc.ietf.org>; Scott Fluhrer (sfluhrer) < = sfluhrer@cisco.com>; 'SPASM' < = spasm@ietf.org> Subject: RE: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 There is one other factor to compare in terms of how big the tree is. = For a very large tree, if you do not have the resources to keep the = entire private key set (or a large subset of it) then you get into the = situation where you regenerate the entire private key tree for each and = every signature. This is part of the trade off between small key size = and fast signature generation/usage of time. =20 Jim =20 =20 From: Spasm < spasm-bounces@ietf.org> On = Behalf Of Dang, Quynh (Fed) Sent: Tuesday, March 26, 2019 3:04 PM To: Scott Fluhrer (sfluhrer) < = sfluhrer@cisco.com>; SPASM < spasm@ietf.org> Subject: Re: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 The only downside of 1 level tree is its key generation time comparing = to multi-level trees. In situations ( such as a code signing = application) where 1, 2 or 3 etc... hours of a key generation time is = not a problem, then using a big 1 level tree seems better than using a = multi-level tree.=20 =20 Therefore, some bigger height numbers for 1-level tree may be desired. =20 Quynh.=20 _____ =20 From: Scott Fluhrer (sfluhrer) < = sfluhrer@cisco.com> Sent: Tuesday, March 26, 2019 9:20:05 AM To: Dang, Quynh (Fed); SPASM Subject: RE: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 Irom: Spasm < spasm-bounces@ietf.org> On = Behalf Of Dang, Quynh (Fed) Sent: Tuesday, March 26, 2019 9:11 AM To: SPASM < spasm@ietf.org> Subject: [lamps] Side-channel attack on multi-level trees and key = generation of LMS. =20 Hi all, =20 Here is the attack I mentioned at the meeting today: = = https://eprint.iacr.org/2018/674/20180713:140821. =20 This is a fault attack (that is, you try to make the signer miscompute = something, and then use the miscomputed signature); a signer = implementation could implement protections against this (of course, = those protections are not free). =20 I just looked at the LMS's draft, the single tree with height 25 ( 2^25 = signatures) takes only 1..5 hours. =20 Clarification on this: * The test used 15 cores (and so it used a total of circa 1 = core-day) * This was done with a W=3D8 parameter set. This makes the = signature shorter (1936 bytes in this case), however it does increase = the key generation time; a W=3D4 parameter set would approximately = double the signature size, while decreasing the key generation time by = circa a factor of 8. =20 =20 Regards, Quynh.=20 =20 =20 =20 =20 _______________________________________________ Spasm mailing list Spasm@ietf.org = https://www.ietf.org/mailman/listinfo/spasm =20 ------=_NextPart_001_0023_01D4F145.AFD9C8F0 Content-Type: text/html; charset="utf-8" Content-Transfer-Encoding: quoted-printable

I agree = with Russ.

 

-Tim

 

From: Spasm = <spasm-bounces@ietf.org> On Behalf Of Russ = Housley
Sent: Friday, March 29, 2019 10:19 AM
To: = Quynh Dang <quynh.dang@nist.gov>
Cc: SPASM = <spasm@ietf.org>; Daniel Van Geest = <Daniel.VanGeest@isara.com>; Jim Schaad = <ietf@augustcellars.com>; Scott Fluhrer = <sfluhrer@cisco.com>
Subject: Re: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

I do not = agree that this fault-injection attack leads to a SHOULD for = single-level trees.

 

Russ 



 

=

From: Daniel Van Geest <Daniel.VanGeest@isara.com>
Sen= t: Friday, March 29, = 2019 6:34:00 AM
To: Scott Fluhrer (sfluhrer); Jim = Schaad; Dang, Quynh (Fed); 'SPASM'
Subject: Re: [lamps] Side-channel = attack on multi-level trees and key generation of LMS.<= /span>

 <= /o:p>

This is an interesting discussion.  Is there anything = anyone would like added to draft-vangeest-x509-hash-sigs as a = result?  Also note that anything that could be added here would = also apply to cms-hash-sigs since HSS supports multiple level = trees.

 

Daniel

 

On = 2019-03-27, 7:00 AM, "Spasm on behalf of Scott Fluhrer = (sfluhrer)" <spasm-bounces@ietf.org on behalf of sfluhrer@cisco.com> = wrote:

 

 

From: Jim Schaad <ietf@augustcellars.com> 
Sent: Tuesday, March 26, 2019 12:14 = PM
To: Scott = Fluhrer (sfluhrer) <sfluhrer@cisco.com>; 'Dang, Quynh = (Fed)' <quynh.dang=3D40nist.gov@dmarc.ietf.org&= gt;; 'SPASM' <spasm@ietf.org>
Subject: RE: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

I = understand that, but again there are some trade-offs of memory vs = time.  All of the simple tree saving algorithms I have thought of = can occasionally require the generation of a large portion of the tree = depending on what boundaries one is crossing in the tree, this means = that the signing time is not constant.  One can also make gains by = doing some pre-computation of expected trees as one goes along.  = When you have a tree of trees, one can get lots of speed up by saving = the signature for all but the bottom most tree so that only that tree = needs to have portions regenerated until you move to a new = sub-tree.

 

Again, there are better algorithms known; as an = example to the fractal method I gave a link to before, if we have a = H=3D25 tree (circa 32 million leaf nodes), we can perform a walk by = storing a maximum of 158 Merkle node values, and for each signature, = performing 6 leaf public key recomputations per signature (not counting = the OTS signature generation and a handful of hash computations while we = combine Merkle nodes).  For this algorithm, it always has the = current authentication path entirely in memory; the entire computation = done is performing pre-computation so we=E2=80=99re set up for the next = authentication path.

The BDS algorithm works even better if you have = minimal storage for internal Merkle nodes; see https://www-old.cdc.informatik.tu-darmstadt.de/rep= orts/reports/BDS08.pdf      &nbs= p;       

 

All = of these are space/time trade-offs and one needs to understand what the = extremes are on both ends before one says that a huge single tree is = better or worse than a lot of small trees, even if the number of levels = that are created are the same.

 

Jim

 

 

From: Scott Fluhrer = (sfluhrer) <sfluhrer@cisco.com> 
Sent: Tuesday, March 26, 2019 4:28 = PM
To: Jim = Schaad <ietf@augustcellars.com>; 'Dang, = Quynh (Fed)' <quynh.dang=3D40nist.gov@dmarc.ietf.org&= gt;; 'SPASM' <spasm@ietf.org>
Subject: RE: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

Actually, there are algorithms that are able to generate = the next authentication path by storing a comparatively small part of = the tree, and using only a relatively small number of leaf node = evaluations..  For example, http://www.szydlo.com/fractal-jmls.pdf<= o:p>

 

From: Jim Schaad <ietf@augustcellars.com> 
Sent: Tuesday, March 26, 2019 11:13 = AM
To: 'Dang, = Quynh (Fed)' <quynh.dang=3D40nist.gov@dmarc.ietf.org&= gt;; Scott Fluhrer (sfluhrer) <sfluhrer@cisco.com>; 'SPASM' <spasm@ietf.org>
Subject: RE: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

There = is one other factor to compare in terms of how big the tree is.  = For a very large tree, if you do not have the resources to keep the = entire private key set (or a large subset of it) then you get into the = situation where you regenerate the entire private key tree for each and = every signature.  This is part of the trade off between small key = size and fast signature generation/usage of = time.

 

Jim

 

 

From: Spasm <spasm-bounces@ietf.org> On Behalf Of Dang, Quynh = (Fed)
Sent: Tuesday, March 26, 2019 3:04 = PM
To: Scott = Fluhrer (sfluhrer) <sfluhrer@cisco.com>; SPASM <spasm@ietf.org>
Subject: Re: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

The only = downside of 1 level tree is its key generation time comparing to = multi-level trees. In situations ( such as a code signing = application) where 1, 2 or 3 etc... hours of a key generation = time is not a problem, then using a big 1 level tree seems better = than using a multi-level tree. <= /span>

 <= /span>

Therefore,&= nbsp; some bigger height numbers for 1-level tree may be = desired.<= /span>

 <= /span>

Quynh. = ;<= /span>

From: Scott Fluhrer = (sfluhrer) <sfluhrer@cisco.com>
Sent:<= span class=3Dapple-converted-space> Tuesday, March 26, 2019 = 9:20:05 AM
To: Dang, Quynh (Fed); = SPASM
Subject: RE: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

Irom: Spasm <spasm-bounces@ietf.org> On Behalf Of Dang, Quynh = (Fed)
Sent: Tuesday, March 26, 2019 9:11 = AM
To: SPASM = <spasm@ietf.org>
Subject: [lamps] Side-channel = attack on multi-level trees and key generation of = LMS.

 

Hi = all,<= /span>

 <= /span>

Here is = the attack I mentioned at the meeting today: https://eprint.iacr.org/2018/674/20180713:140821.<= /span>

 <= /o:p>

This is a fault attack (that is, you try to make the signer miscompute = something, and then use the miscomputed signature); a signer = implementation could implement protections against this (of course, = those protections are not free).<= /span>

 <= /span>

I just = looked at the LMS's draft, the single tree with height 25 ( 2^25 = signatures)  takes only 1..5 hours.<= /span>

 <= /o:p>

Clarification on this:<= /span>

=C2=B7=        &nb= sp; The test used 15 cores (and so it = used a total of circa 1 core-day)

=C2=B7=        &nb= sp; This was done with a W=3D8 = parameter set.  This makes the signature shorter (1936 bytes in = this case), however it does increase the key generation time; a W=3D4 = parameter set would approximately double the signature size, while = decreasing the key generation time by circa a factor of 8.

 <= /span>

 <= /span>

Regards,<= /span>

Quynh. = ;<= /span>

 <= /span>

 <= /span>

 

 

____________= ___________________________________
Spasm mailing list
Spasm@ietf.org
<= a href=3D"https://www.ietf.org/mailman/listinfo/spasm">https://www.ietf.org/mailman/listinfo/spasm

 

------=_NextPart_001_0023_01D4F145.AFD9C8F0-- ------=_NextPart_000_0022_01D4F145.AFD9C8F0 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTkwNDEyMTkzNzUwWjAvBgkqhkiG9w0BCQQxIgQgD4+AWqt5DI/Zc4Tsyku/K+xAXD2H U2YyYJ+W1t/q2EYwgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAIU4rp+QyaEYccl+yKqtCOkkvchnOErYHtZZWWLFPbokLVXIEU7LcV5jMQcYghmdzXd/Km+H 9kNHWCWJQxZQ/mvyEKamgrcHelmDbgFvipGW7VpRZoZIcBPjyu2qcCVdcy5N1o3BU11jkkB/3ttC CaPAS5pRB+bxod+7T3oyAI9yHQjilPfA8vgr5Vj7l5CS8ew2yFOtHBa508YDf895WiJvrPzM4Wxq UGWucDzBozhn3v+G0VtTgIgGZVn3Sv2/zGuGZCT8WsVp5tCLtsfF0ZT6vj5C0KuGaHAgMWtrGmqt aCPuyTpSf30+kFKzXRDagp66GXeas2iBBr5ZncjIJTAAAAAAAAA= ------=_NextPart_000_0022_01D4F145.AFD9C8F0-- From nobody Fri Apr 12 12:44:12 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B22112030E for ; Fri, 12 Apr 2019 12:44:11 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=Wq5R4Mbw; dkim=pass (1024-bit key) header.d=digicert.com header.b=XzpwtGmk Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gK4NjDQMBs2T for ; Fri, 12 Apr 2019 12:44:08 -0700 (PDT) Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 94C7A120486 for ; Fri, 12 Apr 2019 12:44:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1555098247; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=XDyd/HDCjIxuJekQriFcczKyjLZI1btTjC/DrntIXTw=; b=Wq5R4Mbwz3/TfDIGZk8cA+qr9+brqqrY2Jh16BUHieZGvb4d04yR863V8Fctjq7Wu7B34J9TalUl6uI73NbznL9FcuQwxJRmFofWz0Ss8/Qy2blbOg0tswAruuBDsEP1gPtGRZWX96FG1A+xbFGbDO0LIeBr1i9qUX0rlQXO0qY= Received: from NAM05-BY2-obe.outbound.protection.outlook.com (mail-by2nam05lp2050.outbound.protection.outlook.com [104.47.50.50]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-253-HRV64RhRPYqAkUx8IZ4COQ-1; Fri, 12 Apr 2019 15:44:05 -0400 X-MC-Unique: HRV64RhRPYqAkUx8IZ4COQ-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=XDyd/HDCjIxuJekQriFcczKyjLZI1btTjC/DrntIXTw=; b=XzpwtGmkscwBeNv4ygm91p5XxY8375FB9N5LCIUuNavps00KNzj39ekgM7D4TM9IrkXe2QKUjMUQfednOZC7ebY3yesPuXDRClsjRPRbY3MIVVW99UZHwfGzveGUwURkexmdzgQ2DkFQHT05fPUzBZFdYwEdOEQwfzgalS7XNC8= Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1123.namprd14.prod.outlook.com (10.173.160.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.15; Fri, 12 Apr 2019 19:44:03 +0000 Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728%6]) with mapi id 15.20.1771.019; Fri, 12 Apr 2019 19:44:03 +0000 From: Tim Hollebeek To: Russ Housley , SPASM Thread-Topic: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 Thread-Index: AQHU49NowkMfYPWCe0mf+LI7TVjMg6Y3Yf+AgAGlFxA= Date: Fri, 12 Apr 2019 19:44:02 +0000 Message-ID: References: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> In-Reply-To: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com; x-originating-ip: [98.111.253.32] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 7781b2f5-b4ec-445e-d1de-08d6bf7f3766 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1123; x-ms-traffictypediagnostic: BN6PR14MB1123: x-microsoft-antispam-prvs: x-forefront-prvs: 0005B05917 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(376002)(39860400002)(136003)(366004)(396003)(199004)(189003)(25786009)(9686003)(6506007)(68736007)(11346002)(52536014)(6116002)(7736002)(5660300002)(8936002)(66574012)(81166006)(33656002)(316002)(486006)(97736004)(26005)(7696005)(2906002)(186003)(3846002)(74316002)(6436002)(44832011)(476003)(81156014)(790700001)(105586002)(53936002)(86362001)(71200400001)(106356001)(606006)(478600001)(14444005)(8676002)(99936001)(102836004)(54896002)(229853002)(446003)(71190400001)(76176011)(66066001)(55016002)(6246003)(6306002)(256004)(99286004)(14454004)(53546011)(236005)(110136005); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1123; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: 27vszJgSzsV2ObzGWZ6OkRbPScXEircFWRtMPCWkRAl49f5zFvHruCoz+KnqeJE0Wd9rh+L2zLik4zMF9tV2rFh/XxrC4dKd5VG3aPvDFBGGd6k78/StAJ7EWbvNPZ1FmHBsTtW9aALuxcNZBSCYJPVwMpHR7Q8FdQKfGt2cP9dEYskZC5jasspG89HlXh/FMURHdXmCazajFrqgOqbFjBTxuFUWglXo5WUSFZANaeRXdGX6lt9WrPmqSS6OeJTK6d4ri/pSozHp4qZuFLUm+idPKlBCYIaKQezgKkWj9zgSUlNe334lJPgQKVSHiR/apKidjKpgw3XBZMtXfMHZg4nfttdYTm21wQcT+a+hQzVd2edLZMvp5TqitmsarvjE/1hVRhYMzUJj7ShQx6ZbfvS4WVGPWR8VT+H4j5zYD9A= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_0029_01D4F146.89792650" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: 7781b2f5-b4ec-445e-d1de-08d6bf7f3766 X-MS-Exchange-CrossTenant-originalarrivaltime: 12 Apr 2019 19:44:02.8278 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1123 Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 12 Apr 2019 19:44:12 -0000 ------=_NextPart_000_0029_01D4F146.89792650 Content-Type: multipart/alternative; boundary="----=_NextPart_001_002A_01D4F146.89792650" ------=_NextPart_001_002A_01D4F146.89792650 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit We support this work and would implement it. While there are some legitimate concerns about state management, we think a standard that articulates the proper procedures for addressing those concerns is the best way to resolve that. Hash-based signatures are an important and well-understood tool for providing security against attacks based on quantum computing, and failing to adopt drafts describing the right way of using them will increase the risks they are implemented unsafely, instead of reducing the risk. -Tim From: Spasm On Behalf Of Russ Housley Sent: Thursday, April 11, 2019 2:32 PM To: SPASM Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 Only three people have spoken so fare (2 support; 1 oppose). We need more participation to make a consensus call. Russ On Mar 26, 2019, at 8:56 AM, Russ Housley > wrote: We talked about the "Algorithm Identifiers for HSS and XMSS for Use in the Internet X.509 Public Key Infrastructure" document today dat the face-to-face meeting session. It was suggested that the document is read for WG adoption. Please voice your support or concerns on the list. Russ ------=_NextPart_001_002A_01D4F146.89792650 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

We support = this work and would implement it.  While there are some legitimate = concerns about state management, we think a standard that articulates = the proper procedures for addressing those concerns is the best way to = resolve that.

 

Hash-based signatures are an important and = well-understood tool for providing security against attacks based on = quantum computing, and failing to adopt drafts describing the right way = of using them will increase the risks they are implemented unsafely, = instead of reducing the risk.

 

-Tim

 

From: Spasm = <spasm-bounces@ietf.org> On Behalf Of Russ = Housley
Sent: Thursday, April 11, 2019 2:32 PM
To: = SPASM <spasm@ietf.org>
Subject: Re: [lamps] Call for = adoption of = draft-vangeest-x509-hash-sigs-03

 

Only three = people have spoken so fare (2 support; 1 oppose).  We need more = participation to make a consensus call.

 

Russ

 



On Mar 26, 2019, at 8:56 AM, Russ Housley <housley@vigilsec.com> = wrote:

 

We talked about the "Algorithm Identifiers for = HSS and XMSS for Use in the Internet X.509 Public Key = Infrastructure" <htt= ps://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> do= cument today dat the face-to-face meeting session.  It was = suggested that the document is read for WG adoption.  Please voice = your support or concerns on the list.

 

Russ

 

 

------=_NextPart_001_002A_01D4F146.89792650-- ------=_NextPart_000_0029_01D4F146.89792650 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTkwNDEyMTk0MzU1WjAvBgkqhkiG9w0BCQQxIgQg7n1sBJMPtNEJNlDWGTH1/Z+UuW0H Sonw9E+HTDakFSUwgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAJp2Ytr0Y3A1RLn4EiZ8nDVfyYP6rApLnbKPXzbKyZUZHkxWiDX/cp0rs7Ifk/OcgGs3XjIZ OcJtnx7ngu8EJBKXLdnGL3BSwHT1rtCTR49hCRgcX4jwR8Hqn/Y4X1vQ/nfcUFOtAITjf9/6/dOK Y07aiOQcU/9M2Ix1VYZJeLnqIPDxxpj7RVJVywKnKFfAKevYUFajvAk1sHAuGTfVsEIuynvlCS82 x6QOWi1BcLi9Z07/qU7oxxUuM3vUEx/M92837H6J1YKstGVeHxuZrVT/RANMIQVWTdwVk5uV2glN UpuGjcfXSBLqVSkfnksX88SCx5fyBzZ4hyuSxQyCbakAAAAAAAA= ------=_NextPart_000_0029_01D4F146.89792650-- From nobody Mon Apr 15 17:53:03 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 720771202E0 for ; Mon, 15 Apr 2019 17:53:01 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id jVbfiungbI6j for ; Mon, 15 Apr 2019 17:52:59 -0700 (PDT) Received: from mail2.augustcellars.com (augustcellars.com [50.45.239.150]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id AE9681202E3 for ; Mon, 15 Apr 2019 17:52:58 -0700 (PDT) Received: from Jude (73.180.8.170) by mail2.augustcellars.com (192.168.0.56) with Microsoft SMTP Server (TLS) id 15.0.1395.4; Mon, 15 Apr 2019 17:52:52 -0700 From: Jim Schaad To: 'SPASM' References: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> In-Reply-To: <391B7EFF-C02D-4D2D-9C19-FA18B8F9FD6A@vigilsec.com> Date: Mon, 15 Apr 2019 17:52:50 -0700 Message-ID: <009601d4f3ee$b8e3cd50$2aab67f0$@augustcellars.com> MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0097_01D4F3B4.0C856A80" X-Mailer: Microsoft Outlook 16.0 Thread-Index: AQGxeOKNdKozrHAci8pAAx4ahTvmlgIxG3TbAdG3+ASmZNTWkA== Content-Language: en-us X-Originating-IP: [73.180.8.170] Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 16 Apr 2019 00:53:02 -0000 ------=_NextPart_000_0097_01D4F3B4.0C856A80 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit I am completely indifferent to the adoption of this draft. I don't have any cases where I would use the results of this document. Jim From: Spasm On Behalf Of Russ Housley Sent: Thursday, April 11, 2019 11:32 AM To: SPASM Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 Only three people have spoken so fare (2 support; 1 oppose). We need more participation to make a consensus call. Russ On Mar 26, 2019, at 8:56 AM, Russ Housley > wrote: We talked about the "Algorithm Identifiers for HSS and XMSS for Use in the Internet X.509 Public Key Infrastructure" document today dat the face-to-face meeting session. It was suggested that the document is read for WG adoption. Please voice your support or concerns on the list. Russ ------=_NextPart_000_0097_01D4F3B4.0C856A80 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

I am = completely indifferent to the adoption of this draft.  I = don’t have any cases where I would use the results of this = document.

 

Jim

 

 

From: Spasm = <spasm-bounces@ietf.org> On Behalf Of Russ = Housley
Sent: Thursday, April 11, 2019 11:32 AM
To: = SPASM <spasm@ietf.org>
Subject: Re: [lamps] Call for = adoption of = draft-vangeest-x509-hash-sigs-03

 

Only three = people have spoken so fare (2 support; 1 oppose).  We need more = participation to make a consensus call.

 

Russ

 



On Mar 26, 2019, at 8:56 AM, Russ Housley <housley@vigilsec.com> = wrote:

 

We talked about the "Algorithm Identifiers for = HSS and XMSS for Use in the Internet X.509 Public Key = Infrastructure" <htt= ps://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> do= cument today dat the face-to-face meeting session.  It was = suggested that the document is read for WG adoption.  Please voice = your support or concerns on the list.

 

Russ

 

 

------=_NextPart_000_0097_01D4F3B4.0C856A80-- From nobody Fri Apr 19 07:17:38 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8DB5B120166 for ; Fri, 19 Apr 2019 07:17:36 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.701 X-Spam-Level: X-Spam-Status: No, score=-2.701 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=bn1+QjZZ; dkim=pass (1024-bit key) header.d=digicert.com header.b=NnFD87WV Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 2HZTuCnXF48t for ; Fri, 19 Apr 2019 07:17:33 -0700 (PDT) Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A5D612014C for ; Fri, 19 Apr 2019 07:17:32 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1555683451; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=UZ/4D8S0sO9435GSB2hY6O9Jhs6XXvgrL5vDiekTFLs=; b=bn1+QjZZf38KHSrYRGiYtMWllOOV5tCKrSqONZU1siWOpwwQM4nAiiygvXSln6EUVhpNM+pi1QfddrMBESDpMGFj4a3XfTGaaUyd+GEi47MJ2leJcEzGrkAVhzZs9QIfAj5p9HHah6DUStmhVeUZCWV0YfUVmLlWIskzviMJ/2M= Received: from NAM04-SN1-obe.outbound.protection.outlook.com (mail-sn1nam04lp2055.outbound.protection.outlook.com [104.47.44.55]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-125-ZqqgnKG_NkWhDsjN4RL5oQ-1; Fri, 19 Apr 2019 10:17:28 -0400 X-MC-Unique: ZqqgnKG_NkWhDsjN4RL5oQ-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=UZ/4D8S0sO9435GSB2hY6O9Jhs6XXvgrL5vDiekTFLs=; b=NnFD87WVhI67aOsqCxSMApu+VCfx48XV4dywlzsNEQOex0HQ3/ErgKInw7snWb/V5wsyazRZBE+JNGMwFPCGKY62GnNhfi05/tkumbE0sgan8g6d29r08vzJJnoV4k4YIIw6/AZ/0Tf3njJmuQXXrFHbA8JYdmG5BnuWX2CMilw= Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1745.namprd14.prod.outlook.com (10.171.178.10) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.14; Fri, 19 Apr 2019 14:17:26 +0000 Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728%6]) with mapi id 15.20.1792.018; Fri, 19 Apr 2019 14:17:26 +0000 From: Tim Hollebeek To: SPASM Thread-Topic: IETF 104 LAMPS draft minutes Thread-Index: AdT2unNwLwqp4PqJSg2WTYzXAPnTpQ== Date: Fri, 19 Apr 2019 14:17:26 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com; x-originating-ip: [98.111.253.32] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 17404ad2-b27b-4b96-5349-08d6c4d1bfa1 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1745; x-ms-traffictypediagnostic: BN6PR14MB1745: x-microsoft-antispam-prvs: x-forefront-prvs: 0012E6D357 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(39860400002)(376002)(396003)(136003)(346002)(366004)(189003)(199004)(86362001)(14454004)(53936002)(33656002)(9686003)(7696005)(5660300002)(44832011)(99286004)(6306002)(6916009)(102836004)(66556008)(476003)(76116006)(256004)(478600001)(66476007)(54896002)(186003)(6506007)(26005)(14444005)(486006)(2906002)(52536014)(66066001)(81166006)(81156014)(68736007)(74316002)(8676002)(790700001)(316002)(3846002)(8936002)(6116002)(7736002)(71190400001)(97736004)(66616009)(25786009)(6436002)(71200400001)(55016002)(99936001)(66446008)(66946007)(73956011)(64756008); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1745; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +E44T1PjHe2ZOQaoarRnxT0McyDll8pH0CvsFBdMC9hiR3BKfTGLfAzo2NlwbY/xw1knoiIulU25ArhMrMxSKUxmwmx32wW1FV62RhFjr1lOU5rQI2CZT97dr9IBDvbxCqV7cDy9m49f9WcCvI/LtAFmnFuS2s41S0R++yVhrGmPlMUYnujTkpec/5lHFbBBgD5jv0cAIgduvDw+qy00s+Xc3oonWNYIna8KgR+mniLpCUmMPXPTsT9MGQGm6SYdjY8GmgBdXUDHtb5ViF5QVmYTYLWZGthzsvRmNsh36sjYmoWeHGHjhlY8EmWCljR+TDCtP+3rLafE40ejXOolqYDFJSSuy1RTjM8h+UqTkyhr4utEAwcmt+Dx54RE8WNnj0TJRlWO1/Sawdt0xuyxL1GDrB9kWtqsPexxrxhB/m8= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_00D8_01D4F699.0F209610" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: 17404ad2-b27b-4b96-5349-08d6c4d1bfa1 X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2019 14:17:26.0983 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1745 Archived-At: Subject: [lamps] IETF 104 LAMPS draft minutes X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 14:17:37 -0000 ------=_NextPart_000_00D8_01D4F699.0F209610 Content-Type: multipart/alternative; boundary="----=_NextPart_001_00D9_01D4F699.0F209610" ------=_NextPart_001_00D9_01D4F699.0F209610 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit The following draft minutes have been uploaded to the datatracker. If anyone has any comments or corrections, let me know. LAMPS Session at IETF 104 Tuesday, 26 March 2019 at 11:20 Minutes from notes taken by Daniel Kahn Gillmor Executive Summary There are currently five documents with the IESG, and the only active working group document is ready for WG Last Call. There were no comments on these documents. Two drafts exist related to a pending re-charter to address e-mail header protection. These drafts will be consolidated if the re-charter is approved. Two presentations were made on quantum safe certificates and signatures. Concerns about tradeoffs between number of signatures and key generation time were discussed, as well as single tree vs multi tree issues. A lightweight profile for CMP was presented and will be discussed on the list. Work needs to be coordinated with ACE. 0) Minute Taker, Jabber Scribe, Bluesheets Participants were reminded about the NOTE WELL. 1) Agenda Bash No agenda changes. 2) Documents with the IESG a) draft-ietf-lamps-rfc6844bis (Jacob and Phillip) b) draft-ietf-lamps-hash-of-root-key-cert-extn (Russ) c) draft-ietf-lamps-pkix-shake (Panos and Quynh) d) draft-ietf-lamps-cms-shakes (Quynh and Panos) e) draft-ietf-lamps-cms-hash-sig (Russ) No comments were made on any of the documents with IESG. 3) Documents in WG Last Call 4) Active Working Group Documents a) draft-ietf-lamps-cms-mix-with-psk (Russ) No comments from the mic line. Tim will start the WG Last Call on the document. 5) Documents related to the pending re-charter a) draft-luck-lamps-pep-header-protection (Bernie) DKG commented that we need to explicitly state how encryption-only e-mail messages must be handled. Massimiliano Pala (CableLabs) suggested that encryption-only messages could have guidance to display with no security indicators. Alexey Melnikov says that we need to make sure we document existing problems with legacy clients. If all other things are equal, and there are different side effects on UI for legacy clients. DKG raised concerns about MIME structure constraints, will send the concerns to the list. b) draft-melnikov-lamps-header-protection (Alexey) It was suggested that this might be a good topic for the next hackathon. Krista (pEp implementer): MIME libraries needed to be hacked. With the wrapping approach, you had an easier implementation. The "memory hole" approach required hacking the MIME library. Krista: for legacy clients, though, the visual representation of wrapped messages is worse. DKG: let's consolidate these drafts, and if the charter is updated we can make it draft-ietf-lamps-*. 6) Other Business (if time allows) a) draft-vangeest-x509-hash-sigs (Daniel) DKG: streaming API for verification is problematic -- emitting content before establishing verification encourages data misuse. Jim Schaad: It's possible that we need streaming for verification (but not an HSM concern -- agree that verification is expected to be done on normal hardware) Massimiliano: if the HSM can export hash state to the client, and get it back, then you can avoid streaming. Tim Hollebeek: injecting hash state into the HSM changes the security model of the HSM. Qunyh Dang: why do we need multiple trees? why not one flat layer? Some side-channel attacks are applicable to multi-level trees that aren't relevant to single-level trees. Can forward to the mailing list. Scott Fluhrer: one XMSS tree can only do one million signatures. LMSS is limited to 32 million. Qunyh: we could change the algorithm parameters to change the limits. Tim: those parameters affect key generation time. Russ Housley: possibly weeks to generate the key. Scott: on my multicore system took 1.5hrs to generate a 25-deep tree. Qunyh: i'm tentatively OK, will send side-channel concern to the list. b) quantum-safe certificates (Scott) Massimiliano: i'm concerned that the draft shares similarities with some IP we have. IPR: we published a disclosure -- royalty-free with reciprocity. Mike Ounsworth: (editor on this draft) will follow up with Massimiliano, we hadn't meant to slight anyone. re: IPR we're all on the same page, interested in this being completely free/open. c) lightweight profile of CMP (Hendrik) Russ: this is currently not in the charter. if folks are interested, we'd need to recharter. Massimiliano: we have use cases where there is a struggle to come up with a profile that all the devices understand. see also work in the EMU WG about provisioning credentials through EAP Sean Turner: ACE is looking at exactly this sort of thing. If we adopt this, we're stepping on toes. Please coordinate. Russ: we'll discuss on the list. d) draft-pala-composite-crypto (Max) Not presented due to time constraints. 7) Wrap Up ------=_NextPart_001_00D9_01D4F699.0F209610 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

The following draft minutes have been uploaded to the = datatracker. 

If anyone has any = comments or corrections, let me know.

 

LAMPS = Session at IETF 104

Tuesday, 26 March = 2019 at 11:20

 

Minutes from notes taken by Daniel Kahn = Gillmor

 

 

Executive = Summary

 

There are currently five documents with the IESG, and = the only active

working group = document is ready for WG Last Call.  There were no = comments

on these documents.  = Two drafts exist related to a pending re-charter

to address e-mail header protection.  These = drafts will be consolidated

if the = re-charter is approved.  Two presentations were made on = quantum

safe certificates and = signatures.  Concerns about tradeoffs between

number of signatures and key generation time were = discussed, as well as

single tree vs = multi tree issues.  A lightweight profile for CMP = was

presented and will be discussed = on the list.  Work needs to be coordinated

with ACE.

 

0)  = Minute Taker, Jabber Scribe, Bluesheets

 

Participants = were reminded about the NOTE WELL.

 

 

1)  = Agenda Bash

 

No agenda changes.

 

 

2) Documents = with the IESG

    = a)  draft-ietf-lamps-rfc6844bis (Jacob and = Phillip)

   b)  = draft-ietf-lamps-hash-of-root-key-cert-extn (Russ)

    c)  = draft-ietf-lamps-pkix-shake (Panos and Quynh)

    d)  = draft-ietf-lamps-cms-shakes (Quynh and Panos)

    e)  = draft-ietf-lamps-cms-hash-sig (Russ)

 

No comments = were made on any of the documents with IESG.

 

 

3)  = Documents in WG Last Call

 

4)  = Active Working Group Documents

    a)  = draft-ietf-lamps-cms-mix-with-psk (Russ)

 

No comments = from the mic line.  Tim will start the WG Last Call on the =

document.

 

 

5)  = Documents related to the pending re-charter

    a)  = draft-luck-lamps-pep-header-protection (Bernie)

 

DKG = commented that we need to explicitly state how encryption-only e-mail =

messages must be = handled.

 

Massimiliano Pala (CableLabs) suggested that = encryption-only messages could

have = guidance to display with no security indicators.

Alexey Melnikov says that we need to make sure we = document existing problems

with = legacy clients.  If all other things are equal, and there are = different

side effects on UI for = legacy clients.

 

DKG raised = concerns about MIME structure constraints, will send the concerns =

to the list.

 

    b)  = draft-melnikov-lamps-header-protection (Alexey)

 

It was = suggested that this might be a good topic for the next = hackathon.

 

Krista (pEp implementer): MIME libraries needed to be = hacked.  With the

wrapping = approach, you had an easier implementation.  The "memory = hole"

approach required hacking = the MIME library.

 

Krista: for = legacy clients, though, the visual representation of wrapped =

messages is worse.

 

DKG: let's = consolidate these drafts, and if the charter is updated we can make =

it = draft-ietf-lamps-*.

 

 

6)  = Other Business (if time allows)

    a)  = draft-vangeest-x509-hash-sigs (Daniel)

 

DKG: = streaming API for verification is problematic -- emitting content =

before establishing verification = encourages data misuse.

 

Jim Schaad: = It's possible that we need streaming for verification (but = not

an HSM concern -- agree that = verification is expected to be done on normal

hardware)

 

Massimiliano: if the HSM can export hash state to the = client, and get it

back, then you = can avoid streaming.

 

Tim = Hollebeek: injecting hash state into the HSM changes the security model = of

the HSM.

 

Qunyh Dang: = why do we need multiple trees?  why not one flat layer?  Some =

side-channel attacks are applicable = to multi-level trees that aren't relevant

to single-level trees.  Can forward to the = mailing list.

 

Scott Fluhrer: one XMSS tree can only do one million = signatures.  LMSS is

limited to = 32 million.

 

Qunyh: we could change the algorithm parameters to = change the limits.

 

Tim: those = parameters affect key generation time.

 

Russ = Housley: possibly weeks to generate the key.

 

Scott: on my = multicore system took 1.5hrs to generate a 25-deep = tree.

 

Qunyh: i'm tentatively OK, will send side-channel = concern to the list.

 

    b)  quantum-safe certificates = (Scott)

 

Massimiliano: i'm concerned that the draft shares = similarities with

some IP we = have.  IPR: we published a disclosure -- = royalty-free

with = reciprocity.

 

Mike Ounsworth: (editor on this draft) will follow up = with

Massimiliano, we hadn't meant to = slight anyone. re: IPR we're all

on = the same page, interested in this being completely = free/open.

 

    c)  lightweight profile of CMP = (Hendrik)

 

Russ: this is currently not in the charter.  if = folks are interested,

we'd need to = recharter.

 

Massimiliano: we have use cases where there is a = struggle to come

up with a profile = that all the devices understand.  see also work

in the EMU WG about provisioning credentials through = EAP

 

Sean Turner: ACE is looking at exactly this sort of = thing. If we

adopt this, we're = stepping on toes.  Please coordinate.

 

Russ: we'll = discuss on the list.

 

    d)  = draft-pala-composite-crypto (Max)

 

Not = presented due to time constraints.

 

7)  = Wrap Up

 

------=_NextPart_001_00D9_01D4F699.0F209610-- ------=_NextPart_000_00D8_01D4F699.0F209610 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTkwNDE5MTQxNzE0WjAvBgkqhkiG9w0BCQQxIgQgpMGLA7tvzVbQpEN6S8+Ln46Cq/Xf bSZ8quM9DfCsp0MwgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAE1Os7AwwP8jvhXwBXAyU+LPM9XUZn9PrMgRouG7OgT7fqF81/IcxI91tB7HAbd22okTi9I/ SekRtVqy08UgVaUUDqy4IPJfVQCwUkNTSDEvsqC9RJXgCrxwCa+CwMKW2vEL1Sg/ly891xKapZWX X9gKdnHwczwMFWc2p+ieBVV75wC9QlET41+W7UrP6z2vVIb29ZoQTHoVr1tVo5FHf3FaYIG0LvRo 7WlmIQhKZ1gCxbekHQeHRZpIp9uxxatHT2XlWoGJeDR1tkgXUvUih6bQnMUDFZYpZoCAeVKV4t4I ajmidgX7Ct4lBg7vajnU+Vg1GDWAjzvnkxgVTW17mDUAAAAAAAA= ------=_NextPart_000_00D8_01D4F699.0F209610-- From nobody Fri Apr 19 07:45:30 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B29E512031C for ; Fri, 19 Apr 2019 07:45:15 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=l6mV+hHV; dkim=pass (1024-bit key) header.d=digicert.com header.b=Yi6TfJ4Q Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id utXHIQfIsLU1 for ; Fri, 19 Apr 2019 07:45:09 -0700 (PDT) Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8D15512031F for ; Fri, 19 Apr 2019 07:45:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1555685106; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding:in-reply-to: references; bh=m8zo5BUAt6ws/ICOtAwj1TcKXYWwGcUgQ/3N6f5twQY=; b=l6mV+hHV4JunES80BjB7qJzoBrYDRw2gf7ENvA9jISFt+Z0XPO/vaJHg/qcj6FrBqzjVI0MRKYJPro3ZyaNCknjzmjnWkfPoGkR9AxYer9E4ReczJ+JWTjF83ssNFh/q7R7wlLnKrdqMygu78Fo+ibWWV5mJP81SGgpjsOsrNfY= Received: from NAM01-SN1-obe.outbound.protection.outlook.com (mail-sn1nam01lp2053.outbound.protection.outlook.com [104.47.32.53]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-225-ai3LBGylPoy8qDMQJSSFlw-1; Fri, 19 Apr 2019 10:45:04 -0400 X-MC-Unique: ai3LBGylPoy8qDMQJSSFlw-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=m8zo5BUAt6ws/ICOtAwj1TcKXYWwGcUgQ/3N6f5twQY=; b=Yi6TfJ4QR5QXkQ5D7VUPAALVgWV17gr/5RQrIEEN0yQb5GSfaIoH4thPZLIaOjrbFpLmi/fz+fM8ctAUI+8pvhTZbWmvCrijwaLHaB54RVp63sJSTyjlYMqssdOmqtxlRhcv1gtrhUQ4Za/j1XcLyrF9cfZEKnvj11bkM/mP3gs= Received: from BN6PR14MB1106.namprd14.prod.outlook.com (10.173.161.15) by BN6PR14MB1490.namprd14.prod.outlook.com (10.172.152.143) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1792.19; Fri, 19 Apr 2019 14:45:02 +0000 Received: from BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728]) by BN6PR14MB1106.namprd14.prod.outlook.com ([fe80::294e:1bc:bb2b:e728%6]) with mapi id 15.20.1792.018; Fri, 19 Apr 2019 14:45:02 +0000 From: Tim Hollebeek To: SPASM Thread-Topic: WG Last Call for draft-ietf-lamps-cms-mix-with-psk Thread-Index: AdT2vkCLi33zyZtBRHqpCetZGpZnKQ== Date: Fri, 19 Apr 2019 14:45:01 +0000 Message-ID: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com; x-originating-ip: [98.111.253.32] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 4ca42e8d-9436-4aa0-f2f6-08d6c4d59a9b x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(5600141)(711020)(4605104)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(2017052603328)(49563074)(7193020); SRVR:BN6PR14MB1490; x-ms-traffictypediagnostic: BN6PR14MB1490: x-microsoft-antispam-prvs: x-forefront-prvs: 0012E6D357 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(979002)(376002)(39860400002)(366004)(346002)(136003)(396003)(189003)(199004)(26005)(186003)(25786009)(71200400001)(68736007)(33656002)(99936001)(66446008)(9686003)(52536014)(99286004)(64756008)(73956011)(66946007)(476003)(44832011)(236005)(966005)(54896002)(486006)(478600001)(6306002)(66616009)(2906002)(97736004)(53936002)(66066001)(316002)(256004)(81166006)(5660300002)(790700001)(7736002)(74316002)(6436002)(4744005)(55016002)(606006)(6916009)(3846002)(102836004)(8936002)(6506007)(81156014)(8676002)(66476007)(86362001)(7696005)(66556008)(71190400001)(6116002)(76116006)(14454004)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1102; SCL:1; SRVR:BN6PR14MB1490; H:BN6PR14MB1106.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: DiKNVxRWEHavjGkjqLdOiqw2Zn96TGKCn5tYxKLcGpzOqdqEEiOmhNCVX3c9AL430paVb24xK5BKAgkCEbIzP6thE3+NFOMQ24Ek7Mza3FFyDAbBdVynYjnBNJLNA/cy7ehsXmDgAmye1gHApSst3HhpqQ3+YxJtbx9Ns17rtPvVzQedKTJoUiSMDNG5co3qvREJPxGaATivo2YCZxKhbgDzH5XFenHcA/jGl/Ln8X6xWjn4uUg8a1PMxSxyHkKYsQgq4x29XLcz1E7F7JsxG2Z5xgSPO/6Mu7xKYXPqplz4V7DDHeH6ELnaMn4kn1gFVXv3uIOtJCLXDEd3WSs47/SOES3P+TE/UIe+pYwu0KOg6/CqtXkhEv+XzWbtVK3tT8QLEjhWaN8PsF0wD22TGOjkzpgNeQxW21YYIDpHfIY= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_00E0_01D4F69C.EA1FF140" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: 4ca42e8d-9436-4aa0-f2f6-08d6c4d59a9b X-MS-Exchange-CrossTenant-originalarrivaltime: 19 Apr 2019 14:45:02.0013 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR14MB1490 Archived-At: Subject: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 14:45:24 -0000 ------=_NextPart_000_00E0_01D4F69C.EA1FF140 Content-Type: multipart/alternative; boundary="----=_NextPart_001_00E1_01D4F69C.EA1FF140" ------=_NextPart_001_00E1_01D4F69C.EA1FF140 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit This is the LAMPS WG Last Call for "Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)" . Please review the document and send your comments to the list by 6 May 2019. The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/ Thanks, Tim ------=_NextPart_001_00E1_01D4F69C.EA1FF140 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

This is the LAMPS WG Last Call for "Using = Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)” = <draft-ietf-lamps-cms-mix-with-psk>.  Please review the = document and send your comments to the list by 6 May = 2019.

 

The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/

 

Thanks,

 

Tim

 

------=_NextPart_001_00E1_01D4F69C.EA1FF140-- ------=_NextPart_000_00E0_01D4F69C.EA1FF140 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTkwNDE5MTQ0NDUwWjAvBgkqhkiG9w0BCQQxIgQgJk1Pc9PUaJr8DAmwjNiz8Aoy2GZt KkatMzG/twy0bzgwgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAKNn+D8tDLvc7PVu1Uz5pzc3mTFhGDgsRwV3YndV9cPcJ1BYj/U3H/6lkNEx1RKepgcj012g MiAQiYCedXDw710rYbpSrqupksXs1hPyv2zSwBvoZdEvk+vnSm7XPaIr2PJzB/exLkR3IQIW3KTp 6EfdIitZKfPp3Aa8Gi87WCNKPJXl21WE1MvGNs8znCd7rX+0Q/1bOMSx1aImpZ6SH5shb82fv3Kh noVLCGUjyKkES2XFTJLmqP+HBiDd601bY6gF/YyjQyIbJD5nplBShn86XRXP2ejW4nhFsmKU5wV3 MUCFolWjjPcUY8M2jvNh8vg96mfB7a+3/DHwMpNkpTkAAAAAAAA= ------=_NextPart_000_00E0_01D4F69C.EA1FF140-- From nobody Fri Apr 19 11:30:10 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EFCE0120320 for ; Fri, 19 Apr 2019 11:30:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KbmBsCShVw59 for ; Fri, 19 Apr 2019 11:30:05 -0700 (PDT) Received: from softronics.hoeneisen.ch (softronics.hoeneisen.ch [62.2.86.178]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7721B120110 for ; Fri, 19 Apr 2019 11:30:04 -0700 (PDT) Received: from localhost ([127.0.0.1]) by softronics.hoeneisen.ch with esmtp (Exim 4.86_2) (envelope-from ) id 1hHYGv-0000Gu-J4; Fri, 19 Apr 2019 20:30:01 +0200 Date: Fri, 19 Apr 2019 20:30:01 +0200 (CEST) From: Bernie Hoeneisen X-X-Sender: bhoeneis@softronics.hoeneisen.ch To: Tim Hollebeek cc: SPASM In-Reply-To: Message-ID: References: User-Agent: Alpine 2.20 (DEB 67 2015-01-07) MIME-Version: 1.0 Content-Type: multipart/mixed; BOUNDARY="37663318-512300344-1555698601=:30433" X-SA-Exim-Connect-IP: 127.0.0.1 X-SA-Exim-Mail-From: bernie@ietf.hoeneisen.ch X-SA-Exim-Scanned: No (on softronics.hoeneisen.ch); SAEximRunCond expanded to false Archived-At: Subject: Re: [lamps] IETF 104 LAMPS draft minutes X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 18:30:08 -0000 This message is in MIME format. The first part should be readable text, while the remaining parts are likely unreadable without MIME-aware tools. --37663318-512300344-1555698601=:30433 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8BIT Hi Tim Thanks for the information on the minutes. After listening to the streams, I suggest the follwing changes, which is slightly more accurate: OLD: Krista (pEp implementer): MIME libraries needed to be hacked.  With the wrapping approach, you had an easier implementation.  The "memory hole" approach required hacking the MIME library. Krista: for legacy clients, though, the visual representation of wrapped messages is worse. NEW: Krista (pEp implementer): Implemented both approaches. With the "memory hole" approach parsing was a real pain, as it required hacking the MIME library. With the wrapping approach, just move something from one node in the MIME tree to another node, implementations get a lot easier. Krista: It would be incredibly helpful, if we had some mechanism to distinguish between wrapped messages and forwarded messages. What we see in Thunderbird right now is, that it does look fairly ugly, because people are getting forwarded messages and they don't know why. cheers Bernie -- http://ucom.ch/ Modern Telephony Solutions and Tech Consulting for Internet Technology On Fri, 19 Apr 2019, Tim Hollebeek wrote: > > The following draft minutes have been uploaded to the datatracker.  > > If anyone has any comments or corrections, let me know. > >   > > LAMPS Session at IETF 104 > > Tuesday, 26 March 2019 at 11:20 > >   > > Minutes from notes taken by Daniel Kahn Gillmor > >   > >   > > Executive Summary > >   > > There are currently five documents with the IESG, and the only active > > working group document is ready for WG Last Call.  There were no comments > > on these documents.  Two drafts exist related to a pending re-charter > > to address e-mail header protection.  These drafts will be consolidated > > if the re-charter is approved.  Two presentations were made on quantum > > safe certificates and signatures.  Concerns about tradeoffs between > > number of signatures and key generation time were discussed, as well as > > single tree vs multi tree issues.  A lightweight profile for CMP was > > presented and will be discussed on the list.  Work needs to be coordinated > > with ACE. > >   > > 0)  Minute Taker, Jabber Scribe, Bluesheets > >   > > Participants were reminded about the NOTE WELL. > >   > >   > > 1)  Agenda Bash > >   > > No agenda changes. > >   > >   > > 2) Documents with the IESG > >     a)  draft-ietf-lamps-rfc6844bis (Jacob and Phillip) > >    b)  draft-ietf-lamps-hash-of-root-key-cert-extn (Russ) > >     c)  draft-ietf-lamps-pkix-shake (Panos and Quynh) > >     d)  draft-ietf-lamps-cms-shakes (Quynh and Panos) > >     e)  draft-ietf-lamps-cms-hash-sig (Russ) > >   > > No comments were made on any of the documents with IESG. > >   > >   > > 3)  Documents in WG Last Call > >   > > 4)  Active Working Group Documents > >     a)  draft-ietf-lamps-cms-mix-with-psk (Russ) > >   > > No comments from the mic line.  Tim will start the WG Last Call on the > > document. > >   > >   > > 5)  Documents related to the pending re-charter > >     a)  draft-luck-lamps-pep-header-protection (Bernie) > >   > > DKG commented that we need to explicitly state how encryption-only e-mail > > messages must be handled. > >   > > Massimiliano Pala (CableLabs) suggested that encryption-only messages could > > have guidance to display with no security indicators. > > Alexey Melnikov says that we need to make sure we document existing problems > > with legacy clients.  If all other things are equal, and there are different > > side effects on UI for legacy clients. > >   > > DKG raised concerns about MIME structure constraints, will send the concerns > > to the list. > >   > >     b)  draft-melnikov-lamps-header-protection (Alexey) > >   > > It was suggested that this might be a good topic for the next hackathon. > >   > > Krista (pEp implementer): MIME libraries needed to be hacked.  With the > > wrapping approach, you had an easier implementation.  The "memory hole" > > approach required hacking the MIME library. > >   > > Krista: for legacy clients, though, the visual representation of wrapped > > messages is worse. > >   > > DKG: let's consolidate these drafts, and if the charter is updated we can make > > it draft-ietf-lamps-*. > >   > >   > > 6)  Other Business (if time allows) > >     a)  draft-vangeest-x509-hash-sigs (Daniel) > >   > > DKG: streaming API for verification is problematic -- emitting content > > before establishing verification encourages data misuse. > >   > > Jim Schaad: It's possible that we need streaming for verification (but not > > an HSM concern -- agree that verification is expected to be done on normal > > hardware) > >   > > Massimiliano: if the HSM can export hash state to the client, and get it > > back, then you can avoid streaming. > >   > > Tim Hollebeek: injecting hash state into the HSM changes the security model of > > the HSM. > >   > > Qunyh Dang: why do we need multiple trees?  why not one flat layer?  Some > > side-channel attacks are applicable to multi-level trees that aren't relevant > > to single-level trees.  Can forward to the mailing list. > >   > > Scott Fluhrer: one XMSS tree can only do one million signatures.  LMSS is > > limited to 32 million. > >   > > Qunyh: we could change the algorithm parameters to change the limits. > >   > > Tim: those parameters affect key generation time. > >   > > Russ Housley: possibly weeks to generate the key. > >   > > Scott: on my multicore system took 1.5hrs to generate a 25-deep tree. > >   > > Qunyh: i'm tentatively OK, will send side-channel concern to the list. > >   > >     b)  quantum-safe certificates (Scott) > >   > > Massimiliano: i'm concerned that the draft shares similarities with > > some IP we have.  IPR: we published a disclosure -- royalty-free > > with reciprocity. > >   > > Mike Ounsworth: (editor on this draft) will follow up with > > Massimiliano, we hadn't meant to slight anyone. re: IPR we're all > > on the same page, interested in this being completely free/open. > >   > >     c)  lightweight profile of CMP (Hendrik) > >   > > Russ: this is currently not in the charter.  if folks are interested, > > we'd need to recharter. > >   > > Massimiliano: we have use cases where there is a struggle to come > > up with a profile that all the devices understand.  see also work > > in the EMU WG about provisioning credentials through EAP > >   > > Sean Turner: ACE is looking at exactly this sort of thing. If we > > adopt this, we're stepping on toes.  Please coordinate. > >   > > Russ: we'll discuss on the list. > >   > >     d)  draft-pala-composite-crypto (Max) > >   > > Not presented due to time constraints. > >   > > 7)  Wrap Up > >   > > > --37663318-512300344-1555698601=:30433-- From nobody Fri Apr 19 11:45:48 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9BB212015E for ; Fri, 19 Apr 2019 11:45:47 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.899 X-Spam-Level: X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S-CgsQD6zCwW for ; Fri, 19 Apr 2019 11:45:45 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C68F8120110 for ; Fri, 19 Apr 2019 11:45:44 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 64E8A300AE3 for ; Fri, 19 Apr 2019 14:27:26 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 77mGa8_RiBHI for ; Fri, 19 Apr 2019 14:27:24 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id D89B63004C7; Fri, 19 Apr 2019 14:27:23 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Russ Housley In-Reply-To: Date: Fri, 19 Apr 2019 14:45:40 -0400 Cc: Tim Hollebeek , SPASM Content-Transfer-Encoding: quoted-printable Message-Id: <6AB85C9D-085D-4F9A-9E58-50567EA87BC1@vigilsec.com> References: To: Bernie Hoeneisen X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [lamps] IETF 104 LAMPS draft minutes X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 19 Apr 2019 18:45:48 -0000 Thanks for the careful review. I have changed the two paragraphs as = follows: Krista (pEp implementer): Implemented both approaches. With the = "memory hole" approach parsing was a real pain, as it required hacking the = MIME library. With the wrapping approach, just move something from one = node in the MIME tree to another node, so implementation gets a lot = easier. Krista: It would be incredibly helpful, if we had some mechanism to distinguish between wrapped messages and forwarded messages. What we = see in Thunderbird today looks fairly ugly; people think they are getting forwarded messages, and they don't know why. Russ > On Apr 19, 2019, at 2:30 PM, Bernie Hoeneisen = wrote: >=20 > Hi Tim >=20 > Thanks for the information on the minutes. >=20 > After listening to the streams, I suggest the follwing changes, which = is > slightly more accurate: >=20 >=20 > OLD: >=20 > Krista (pEp implementer): MIME libraries needed to be hacked. With = the > wrapping approach, you had an easier implementation. The "memory = hole" > approach required hacking the MIME library. >=20 > Krista: for legacy clients, though, the visual representation of = wrapped > messages is worse. >=20 >=20 > NEW: >=20 > Krista (pEp implementer): Implemented both approaches. With the = "memory > hole" approach parsing was a real pain, as it required hacking the = MIME > library. With the wrapping approach, just move something from one = node > in the MIME tree to another node, implementations get a lot easier. >=20 > Krista: It would be incredibly helpful, if we had some mechanism to > distinguish between wrapped messages and forwarded messages. What we = see > in Thunderbird right now is, that it does look fairly ugly, because > people are getting forwarded messages and they don't know why. >=20 >=20 > cheers > Bernie >=20 > -- >=20 > http://ucom.ch/ > Modern Telephony Solutions and Tech Consulting for Internet Technology >=20 >=20 > On Fri, 19 Apr 2019, Tim Hollebeek wrote: >=20 >> The following draft minutes have been uploaded to the datatracker.=20 >> If anyone has any comments or corrections, let me know. >> =20 >> LAMPS Session at IETF 104 >> Tuesday, 26 March 2019 at 11:20 >> =20 >> Minutes from notes taken by Daniel Kahn Gillmor >> =20 >> =20 >> Executive Summary >> =20 >> There are currently five documents with the IESG, and the only active >> working group document is ready for WG Last Call. There were no = comments >> on these documents. Two drafts exist related to a pending re-charter >> to address e-mail header protection. These drafts will be = consolidated >> if the re-charter is approved. Two presentations were made on = quantum >> safe certificates and signatures. Concerns about tradeoffs between >> number of signatures and key generation time were discussed, as well = as >> single tree vs multi tree issues. A lightweight profile for CMP was >> presented and will be discussed on the list. Work needs to be = coordinated >> with ACE. >> =20 >> 0) Minute Taker, Jabber Scribe, Bluesheets >> =20 >> Participants were reminded about the NOTE WELL. >> =20 >> =20 >> 1) Agenda Bash >> =20 >> No agenda changes. >> =20 >> =20 >> 2) Documents with the IESG >> a) draft-ietf-lamps-rfc6844bis (Jacob and Phillip) >> b) draft-ietf-lamps-hash-of-root-key-cert-extn (Russ) >> c) draft-ietf-lamps-pkix-shake (Panos and Quynh) >> d) draft-ietf-lamps-cms-shakes (Quynh and Panos) >> e) draft-ietf-lamps-cms-hash-sig (Russ) >> =20 >> No comments were made on any of the documents with IESG. >> =20 >> =20 >> 3) Documents in WG Last Call >> =20 >> 4) Active Working Group Documents >> a) draft-ietf-lamps-cms-mix-with-psk (Russ) >> =20 >> No comments from the mic line. Tim will start the WG Last Call on = the >> document. >> =20 >> =20 >> 5) Documents related to the pending re-charter >> a) draft-luck-lamps-pep-header-protection (Bernie) >> =20 >> DKG commented that we need to explicitly state how encryption-only = e-mail >> messages must be handled. >> =20 >> Massimiliano Pala (CableLabs) suggested that encryption-only messages = could >> have guidance to display with no security indicators. >> Alexey Melnikov says that we need to make sure we document existing = problems >> with legacy clients. If all other things are equal, and there are = different >> side effects on UI for legacy clients. >> =20 >> DKG raised concerns about MIME structure constraints, will send the = concerns >> to the list. >> =20 >> b) draft-melnikov-lamps-header-protection (Alexey) >> =20 >> It was suggested that this might be a good topic for the next = hackathon. >> =20 >> Krista (pEp implementer): MIME libraries needed to be hacked. With = the >> wrapping approach, you had an easier implementation. The "memory = hole" >> approach required hacking the MIME library. >> =20 >> Krista: for legacy clients, though, the visual representation of = wrapped >> messages is worse. >> =20 >> DKG: let's consolidate these drafts, and if the charter is updated we = can make >> it draft-ietf-lamps-*. >> =20 >> =20 >> 6) Other Business (if time allows) >> a) draft-vangeest-x509-hash-sigs (Daniel) >> =20 >> DKG: streaming API for verification is problematic -- emitting = content >> before establishing verification encourages data misuse. >> =20 >> Jim Schaad: It's possible that we need streaming for verification = (but not >> an HSM concern -- agree that verification is expected to be done on = normal >> hardware) >> =20 >> Massimiliano: if the HSM can export hash state to the client, and get = it >> back, then you can avoid streaming. >> =20 >> Tim Hollebeek: injecting hash state into the HSM changes the security = model of >> the HSM. >> =20 >> Qunyh Dang: why do we need multiple trees? why not one flat layer? = Some >> side-channel attacks are applicable to multi-level trees that aren't = relevant >> to single-level trees. Can forward to the mailing list. >> =20 >> Scott Fluhrer: one XMSS tree can only do one million signatures. = LMSS is >> limited to 32 million. >> =20 >> Qunyh: we could change the algorithm parameters to change the limits. >> =20 >> Tim: those parameters affect key generation time. >> =20 >> Russ Housley: possibly weeks to generate the key. >> =20 >> Scott: on my multicore system took 1.5hrs to generate a 25-deep tree. >> =20 >> Qunyh: i'm tentatively OK, will send side-channel concern to the = list. >> =20 >> b) quantum-safe certificates (Scott) >> =20 >> Massimiliano: i'm concerned that the draft shares similarities with >> some IP we have. IPR: we published a disclosure -- royalty-free >> with reciprocity. >> =20 >> Mike Ounsworth: (editor on this draft) will follow up with >> Massimiliano, we hadn't meant to slight anyone. re: IPR we're all >> on the same page, interested in this being completely free/open. >> =20 >> c) lightweight profile of CMP (Hendrik) >> =20 >> Russ: this is currently not in the charter. if folks are interested, >> we'd need to recharter. >> =20 >> Massimiliano: we have use cases where there is a struggle to come >> up with a profile that all the devices understand. see also work >> in the EMU WG about provisioning credentials through EAP >> =20 >> Sean Turner: ACE is looking at exactly this sort of thing. If we >> adopt this, we're stepping on toes. Please coordinate. >> =20 >> Russ: we'll discuss on the list. >> =20 >> d) draft-pala-composite-crypto (Max) >> =20 >> Not presented due to time constraints. >> =20 >> 7) Wrap Up >> =20 > _______________________________________________ > Spasm mailing list > Spasm@ietf.org > https://www.ietf.org/mailman/listinfo/spasm From nobody Tue Apr 23 07:07:09 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A5F37120025 for ; Tue, 23 Apr 2019 07:07:07 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.001 X-Spam-Level: X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cert.org Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id FTs5U9z6JBXT for ; Tue, 23 Apr 2019 07:07:02 -0700 (PDT) Received: from taper.sei.cmu.edu (taper.sei.cmu.edu [147.72.252.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 14B2E120429 for ; Tue, 23 Apr 2019 07:07:01 -0700 (PDT) Received: from delp.sei.cmu.edu (delp.sei.cmu.edu [10.64.21.31]) by taper.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x3NE7189002643 for ; Tue, 23 Apr 2019 10:07:01 -0400 DKIM-Filter: OpenDKIM Filter v2.11.0 taper.sei.cmu.edu x3NE7189002643 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cert.org; s=yc2bmwvrj62m; t=1556028421; bh=lrmU0TvIHufGbukKikRuMxD8G60oVrHl/m70L39HzYk=; h=From:To:Subject:Date:From; b=PvEPZjKw6qD5xEMO5unMWDnuPW05fUsBJh5GHY6w3lXb1u8ca1eO3QY+z0lqhYcb5 KfZNkh3m3If1+XxMsaYvXXdGCL1w7dIzdLSuNHCWWZlImuyCDaw3Yub3O9JWSIL7W6 U0QcGtgKcoxq+kHxU571XLlriZlY8khY8IOnbdXI= Received: from CASCADE.ad.sei.cmu.edu (cascade.ad.sei.cmu.edu [10.64.28.248]) by delp.sei.cmu.edu (8.14.7/8.14.7) with ESMTP id x3NE6vOZ002678 for ; Tue, 23 Apr 2019 10:06:57 -0400 Received: from MARATHON.ad.sei.cmu.edu ([10.64.28.250]) by CASCADE.ad.sei.cmu.edu ([10.64.28.248]) with mapi id 14.03.0439.000; Tue, 23 Apr 2019 10:06:57 -0400 From: Roman Danyliw To: "spasm@ietf.org" Thread-Topic: AD Review: draft-ietf-lamps-rfc6844bis-05 Thread-Index: AdT52+VMDH5rT9ScQOaTFmdrDJCp9AAAdRhg Date: Tue, 23 Apr 2019 14:06:56 +0000 Message-ID: <359EC4B99E040048A7131E0F4E113AFC01B3343EEA@marathon> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-originating-ip: [10.64.22.6] Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 Archived-At: Subject: [lamps] AD Review: draft-ietf-lamps-rfc6844bis-05 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 14:07:08 -0000 Hello! I reviewed draft-ietf-lamps-rfc6844bis-05. This draft is ready to progress= . The easy diff from rfc6844 was greatly appreciated. A few nits: (1) Section 3. Nit. s/in RFC 1034/in [RFC1034]/ (2) Section 4.1.1. Nit. s/the the/the/ Thanks, Roman From nobody Tue Apr 23 12:59:20 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 94B8312014A; Tue, 23 Apr 2019 12:59:17 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: IETF Meeting Session Request Tool To: Cc: spasm@ietf.org, lamps-chairs@ietf.org, housley@vigilsec.com, rdd@cert.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Message-ID: <155604955753.32493.1497833114024078979.idtracker@ietfa.amsl.com> Date: Tue, 23 Apr 2019 12:59:17 -0700 Archived-At: Subject: [lamps] lamps - New Meeting Session Request for IETF 105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 19:59:18 -0000 A new meeting session request has just been submitted by Russ Housley, a Chair of the lamps working group. --------------------------------------------------------- Working Group Name: Limited Additional Mechanisms for PKIX and SMIME Area Name: Security Area Session Requester: Russ Housley Number of Sessions: 1 Length of Session(s): 1.5 Hours Number of Attendees: 50 Conflicts to Avoid: First Priority: suit curdle quic perc saag sidrops sipbrandy mls tls ipwave stir acme ace rtcweb secdispatch teep Second Priority: cfrg dprive oauth t2trg uta ipsecme Third Priority: mile sacm secevent tcpinc trans People who must be present: Russ Housley Sean Turner Alexey Melnikov Roman Danyliw Jim Schaad Tim Hollebeek Resources Requested: Special Requests: Due to travel to a family wedding, please do not schedule this session for Friday. --------------------------------------------------------- From nobody Tue Apr 23 13:07:05 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8E4C2120354 for ; Tue, 23 Apr 2019 13:07:03 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xncHB9pxSTU7 for ; Tue, 23 Apr 2019 13:07:02 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E323E120092 for ; Tue, 23 Apr 2019 13:07:01 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id A8C78300ADD for ; Tue, 23 Apr 2019 15:48:43 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 3ANwIHDeeQ8X for ; Tue, 23 Apr 2019 15:48:42 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 4DF363004E7; Tue, 23 Apr 2019 15:48:42 -0400 (EDT) From: Russ Housley Message-Id: <1074831E-2C29-46D9-B5D6-978568424FD4@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_9D67FD98-9031-4C96-917D-F1CDC75719A9" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Date: Tue, 23 Apr 2019 16:06:59 -0400 In-Reply-To: Cc: "Roman D. Danyliw" To: SPASM References: X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 20:07:03 -0000 --Apple-Mail=_9D67FD98-9031-4C96-917D-F1CDC75719A9 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii I do not see consensus to adopt this document. This is the tally: Support adoption: 3 people Oppose adoption: 2 people Indifferent: 1 person I do not think that this work has a better home in the IETF, but the = proponents have not gathered enough support at this time. We can make some time at the WG session in Montreal for the proponents = to try and convince others or offer a different way forward. Russ > On Mar 26, 2019, at 8:56 AM, Russ Housley = wrote: >=20 > We talked about the "Algorithm Identifiers for HSS and XMSS for Use in = the Internet X.509 Public Key Infrastructure" = > document = today dat the face-to-face meeting session. It was suggested that the = document is read for WG adoption. Please voice your support or concerns = on the list. >=20 > Russ --Apple-Mail=_9D67FD98-9031-4C96-917D-F1CDC75719A9 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii I = do not see consensus to adopt this document.  This is the = tally:

Support = adoption:  3 people
Oppose = adoption:  2 people
= Indifferent:  1 person

I do not think that this work has a = better home in the IETF, but the proponents have not gathered enough = support at this time.

We can make some time at the WG session in Montreal for the = proponents to try and convince others or offer a different way = forward.

Russ


= --Apple-Mail=_9D67FD98-9031-4C96-917D-F1CDC75719A9-- From nobody Tue Apr 23 13:08:34 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7A3501200E9 for ; Tue, 23 Apr 2019 13:08:33 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uEBV0lMeYv3E for ; Tue, 23 Apr 2019 13:08:31 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id C139E120092 for ; Tue, 23 Apr 2019 13:08:30 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 924F5300AE5 for ; Tue, 23 Apr 2019 15:50:12 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id oJk290iL8jFd for ; Tue, 23 Apr 2019 15:50:11 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 346F03004E7; Tue, 23 Apr 2019 15:50:11 -0400 (EDT) From: Russ Housley Message-Id: <7D1D357C-D5D4-4375-9866-BD7545141713@vigilsec.com> Content-Type: multipart/alternative; boundary="Apple-Mail=_983F4911-E7CB-46F0-BBF3-D183915C69AC" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Date: Tue, 23 Apr 2019 16:08:28 -0400 In-Reply-To: Cc: "Roman D. Danyliw" To: SPASM References: X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: Re: [lamps] Call for adoption of draft-vangeest-x509-hash-sigs-03 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 20:08:33 -0000 --Apple-Mail=_983F4911-E7CB-46F0-BBF3-D183915C69AC Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii {Correcting typo in my earlier message} I do not see consensus to adopt this document. This is the tally: Support adoption: 4 people Oppose adoption: 2 people Indifferent: 1 person I do not think that this work has a better home in the IETF, but the = proponents have not gathered enough support at this time. We can make some time at the WG session in Montreal for the proponents = to try and convince others or offer a different way forward. Russ > On Mar 26, 2019, at 8:56 AM, Russ Housley > wrote: >=20 > We talked about the "Algorithm Identifiers for HSS and XMSS for Use in = the Internet X.509 Public Key Infrastructure" = > document = today dat the face-to-face meeting session. It was suggested that the = document is read for WG adoption. Please voice your support or concerns = on the list. >=20 > Russ --Apple-Mail=_983F4911-E7CB-46F0-BBF3-D183915C69AC Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii
{Correcting typo in my = earlier message}

I do not see consensus = to adopt this document.  This is the tally:

Support adoption:  4 = people
Oppose adoption:  2 = people
Indifferent:  1 = person

I do = not think that this work has a better home in the IETF, but the = proponents have not gathered enough support at this time.

We can make some time at = the WG session in Montreal for the proponents to try and convince others = or offer a different way forward.

Russ


On Mar 26, 2019, at 8:56 AM, Russ Housley = <housley@vigilsec.com> wrote:

We = talked about the "Algorithm Identifiers for HSS and XMSS for Use in the = Internet X.509 Public Key Infrastructure" <https://www.ietf.org/id/draft-vangeest-x509-hash-sigs-03.txt> document today dat the face-to-face meeting session.  It = was suggested that the document is read for WG adoption.  Please = voice your support or concerns on the list.

Russ

= --Apple-Mail=_983F4911-E7CB-46F0-BBF3-D183915C69AC-- From nobody Tue Apr 23 14:10:49 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 099DE12021B for ; Tue, 23 Apr 2019 14:10:48 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.9 X-Spam-Level: X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id YmyyZaptw1zh for ; Tue, 23 Apr 2019 14:10:46 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 61A2812004B for ; Tue, 23 Apr 2019 14:10:46 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 196DA300AB9 for ; Tue, 23 Apr 2019 16:52:28 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id 6qWUEsgcFSri for ; Tue, 23 Apr 2019 16:52:26 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id DF1083001F1; Tue, 23 Apr 2019 16:52:26 -0400 (EDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) From: Russ Housley In-Reply-To: Date: Tue, 23 Apr 2019 17:10:43 -0400 Cc: Tim Hollebeek Content-Transfer-Encoding: quoted-printable Message-Id: <63576812-B7A5-4AA8-A366-DDA3B2ABE59B@vigilsec.com> References: <155596905782.21170.3345526053472471283.idtracker@ietfa.amsl.com> <4799209C-5C08-4E92-9203-E2A2970AA316@vigilsec.com> To: SPASM X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: [lamps] LAMPS at IETF 105 X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 23 Apr 2019 21:10:48 -0000 In the last few days before IETF 104, we got a flurry of requests to = present in the LAMPS WG. In an effort to learn about them sooner, we = are asking whether anyone has topics to discuss in July at IETF 105. = The IESG is going through the re-charter process, so we can assume that = the header protection work item will be approved by the time that we = meet in July. Russ & Tim From nobody Wed Apr 24 06:59:47 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9DE0712037A; Wed, 24 Apr 2019 06:59:23 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: The IESG To: "IETF-Announce" X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Sender: CC: rdd@cert.org, lamps-chairs@ietf.org, Russ Housley , housley@vigilsec.com, spasm@ietf.org, draft-ietf-lamps-rfc6844bis@ietf.org Content-Transfer-Encoding: 7bit Reply-To: ietf@ietf.org Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Message-ID: <155611436363.32035.5313652538019706882.idtracker@ietfa.amsl.com> Date: Wed, 24 Apr 2019 06:59:23 -0700 Archived-At: Subject: [lamps] Last Call: (DNS Certification Authority Authorization (CAA) Resource Record) to Proposed Standard X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 24 Apr 2019 13:59:25 -0000 The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'DNS Certification Authority Authorization (CAA) Resource Record' as Proposed Standard The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the ietf@ietf.org mailing lists by 2019-05-08. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract The Certification Authority Authorization (CAA) DNS Resource Record allows a DNS domain name holder to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain name. CAA Resource Records allow a public Certification Authority to implement additional controls to reduce the risk of unintended certificate mis-issue. This document defines the syntax of the CAA record and rules for processing CAA records by certificate issuers. This document obsoletes RFC 6844. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/ IESG discussion can be tracked via https://datatracker.ietf.org/doc/draft-ietf-lamps-rfc6844bis/ballot/ No IPR declarations have been submitted directly on this I-D. From nobody Thu Apr 25 08:39:35 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 42F9712008B; Thu, 25 Apr 2019 08:39:26 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <155620676616.23483.17063859372953055144@ietfa.amsl.com> Date: Thu, 25 Apr 2019 08:39:26 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-10.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 15:39:27 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additional Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-10.txt Pages : 16 Date : 2019-04-25 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-10 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-pkix-shake-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 25 08:40:39 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2F81B12033D; Thu, 25 Apr 2019 08:40:25 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit From: internet-drafts@ietf.org To: Cc: spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.0 Auto-Submitted: auto-generated Precedence: bulk Reply-To: spasm@ietf.org Message-ID: <155620682511.23402.8195171111045073817@ietfa.amsl.com> Date: Thu, 25 Apr 2019 08:40:25 -0700 Archived-At: Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-10.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 15:40:37 -0000 A New Internet-Draft is available from the on-line Internet-Drafts directories. This draft is a work item of the Limited Additional Mechanisms for PKIX and SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cryptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-10.txt Pages : 17 Date : 2019-04-25 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms, as message digests and message authentication codes. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-10 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=draft-ietf-lamps-cms-shakes-10 Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ From nobody Thu Apr 25 08:50:20 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A9B14120184 for ; Thu, 25 Apr 2019 08:50:18 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=MMg6UyHk; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=ePOpHl3T Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zdwKuwFVFzvZ for ; Thu, 25 Apr 2019 08:50:16 -0700 (PDT) Received: from rcdn-iport-9.cisco.com (rcdn-iport-9.cisco.com [173.37.86.80]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E283E120019 for ; Thu, 25 Apr 2019 08:50:15 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2363; q=dns/txt; s=iport; t=1556207415; x=1557417015; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=lKNHphIt0ERrHlilRTPgg12kypqnUbeWQSniYLntP3g=; b=MMg6UyHk60yC0huCE5NlsGUfMYBepVp9Nt5PeVNGajvfCIuxixzdGby3 SsJXY/d8H726JXD0lvdoRCOJzqr7ozQcmFpaMN6I2I0lw73SKb89q5ecF T9EUWlxR9v0JBPy9xWHBvqnx+xGiCzCS78ZX1Ml6y9P9n8HE5YdaIt2t3 8=; IronPort-PHdr: =?us-ascii?q?9a23=3AhSV/HRRdgyREra5OTXwPkPk3i9psv++ubAcI9p?= =?us-ascii?q?oqja5Pea2//pPkeVbS/uhpkESXBNfA8/wRje3QvuigQmEG7Zub+FE6OJ1XH1?= =?us-ascii?q?5g640NmhA4RsuMCEn1NvnvOjQ5FcFaXVls13q6KkNSXs35Yg6arw=3D=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BKAADw1sFc/5pdJa1mHAEBAQQBAQc?= =?us-ascii?q?EAQGBUQcBAQsBgT1QA2hVIAQLKIdWA4RSijiCV5cdgS6BJANUDgEBGAsKhEA?= =?us-ascii?q?ChjAjNAkOAQMBAQQBAQIBAm0cAQuFSgEBAQQBARAoBgEBLAwLBAIBCBEEAQE?= =?us-ascii?q?fECcLHQgCBBMIGoMBgWkDHAEOn1QCgTWIX4IggnkBAQWBNgIOQYJ+GIINCYE?= =?us-ascii?q?yAYtIF4FAP4ERRoJMPoJhAQECAQEWgSApgzmCJplejHwJAoIIhg+MNoILXoV?= =?us-ascii?q?LjGCMBIY9ik+DLwIEAgQFAg4BAQWBTziBVnAVGiGCbAmCBgsBF4NMhRSFP3I?= =?us-ascii?q?BgSiMd4JSAQE?= X-IronPort-AV: E=Sophos;i="5.60,394,1549929600"; d="scan'208";a="465695388" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-9.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Apr 2019 15:49:59 +0000 Received: from XCH-ALN-018.cisco.com (xch-aln-018.cisco.com [173.36.7.28]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x3PFnw2t030171 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Thu, 25 Apr 2019 15:49:58 GMT Received: from xhs-rcd-001.cisco.com (173.37.227.246) by XCH-ALN-018.cisco.com (173.36.7.28) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 25 Apr 2019 10:49:57 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 25 Apr 2019 10:49:57 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 25 Apr 2019 10:49:56 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=c2M14LJF+DfMwsX1gumUjf5In5etxw52j8G8p3PAOoo=; b=ePOpHl3TIQdeB43DPjjHEzV77bFVUa9t6DxhVHKWVPeTU1P7CDd23iZNAp4eN5tCB7D5jd9uYAzZD7InER0cYrZE0ESFWAvRlqaCK4Uzk1CS/9clzkR18k8e5b3utBAepglPjFmyAcKuIwmP6aww0w63LXHNhjKs9b9XxOyMmUA= Received: from MWHPR11MB1838.namprd11.prod.outlook.com (10.175.53.141) by MWHPR11MB1872.namprd11.prod.outlook.com (10.175.54.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.16; Thu, 25 Apr 2019 15:49:56 +0000 Received: from MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::69c3:e052:ecf2:8829]) by MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::69c3:e052:ecf2:8829%5]) with mapi id 15.20.1835.010; Thu, 25 Apr 2019 15:49:56 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-10.txt Thread-Index: AQHU+31RJtZulLJYTky/qD3NhuMjT6ZNBKlA Date: Thu, 25 Apr 2019 15:49:55 +0000 Message-ID: References: <155620676616.23483.17063859372953055144@ietfa.amsl.com> In-Reply-To: <155620676616.23483.17063859372953055144@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1006::22b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 24382d35-9a7e-4239-2bc7-08d6c995aa36 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:MWHPR11MB1872; x-ms-traffictypediagnostic: MWHPR11MB1872: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(346002)(366004)(136003)(39860400002)(199004)(189003)(53754006)(13464003)(46003)(8936002)(966005)(14444005)(6436002)(478600001)(74316002)(33656002)(81156014)(6116002)(2501003)(102836004)(186003)(53546011)(6506007)(229853002)(86362001)(2351001)(53936002)(316002)(97736004)(256004)(25786009)(6246003)(99286004)(14454004)(9686003)(76116006)(66574012)(305945005)(73956011)(486006)(66556008)(66476007)(66946007)(66446008)(8676002)(81166006)(52536014)(1730700003)(7736002)(68736007)(11346002)(6916009)(5660300002)(476003)(7696005)(6306002)(2906002)(64756008)(446003)(5640700003)(55016002)(71190400001)(71200400001)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1872; H:MWHPR11MB1838.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: H0jGpTeRY1vp8PCkkEiucWlsNNFmCWCwNdi4hKum1slo9XcTcjnyiqEQgGruR3gRQEWMTFAiBKloXTGZhrhPvzB+U7Ao1JSAYPI0gIqBlKEoXPuRNqR/XyTzhbJoVMm/H3Za661rEmA+i0QOfedpSwnyDeplgUR0LsXvKgmf5oyYhN0S3aMmGGcCnme5kwf9m6/KFVJPEiuvfTmvwwhdVbg/tQWVdP2TbExDP72krJVRxuuhQ6F4VDXvg/AwFsnNpAg/99pD42NXShlhR2qKTemKYGyqFGmfFydt6pMteC/uzPpsoaij1DvvNu5TkcnQK5KMtCuugfN2D8IjdtVoHL3bt5/8j8G92STnpT8Pnre8HDG2YEreClgkKN+nmxNFk9eWDlTX1mY6GsnsSKNd0Wf/bG6O9DE4W7JA8aQxX6E= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 24382d35-9a7e-4239-2bc7-08d6c995aa36 X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 15:49:56.0118 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1872 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.36.7.28, xch-aln-018.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-10.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 15:50:19 -0000 Hi all,=20 This iteration of the draft updates the IANA considerations section to requ= est for OID assignments from IANA since NIST will not be able to assign the= m in a timely manner. The diff is here https://tools.ietf.org/rfcdiff?url2= =3Ddraft-ietf-lamps-pkix-shake-10.txt=20 The draft should be ready now. Rgs, Panos -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Thursday, April 25, 2019 11:39 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-pkix-shake-10.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Internet X.509 Public Key Infrastructure: Additio= nal Algorithm Identifiers for RSASSA-PSS and ECDSA using SHAKEs Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-pkix-shake-10.txt Pages : 16 Date : 2019-04-25 Abstract: Digital signatures are used to sign messages, X.509 certificates and CRLs (Certificate Revocation Lists). This document describes the conventions for using the SHAKE function family in Internet X.509 certificates and CRLs as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms. The conventions for the associated subject public keys are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-pkix-shake/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-pkix-shake-10 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pkix-shake-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-pkix-shake-10 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Thu Apr 25 08:50:27 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EB94E120019 for ; Thu, 25 Apr 2019 08:50:19 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -14.501 X-Spam-Level: X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Xyk8OpBw; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=htpMFYkv Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bVpCYD1VwfKI for ; Thu, 25 Apr 2019 08:50:17 -0700 (PDT) Received: from rcdn-iport-3.cisco.com (rcdn-iport-3.cisco.com [173.37.86.74]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4CCD5120161 for ; Thu, 25 Apr 2019 08:50:17 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=2346; q=dns/txt; s=iport; t=1556207417; x=1557417017; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=zIjEi8o3dFJky9eVU9/GcqdmHyQKuBb8MKDzMTQYy3o=; b=Xyk8OpBwm/BIE3480jPm/J3WdXP7OTjxMK0pZzsLrdh3SSbCQtTBcTFo nDgd5L2WoFengoWLJf5ZsfTvS8K8rdckzJn7BiWEDF1ji1wvbScCbbobR c2pjLl2op9Fjz9W5wxznkRpc/BPS0UiZMCVFAIITPm9wVO2fEY7g/i7ci c=; IronPort-PHdr: =?us-ascii?q?9a23=3Ahrbn0hMxB1UMPVuwFAkl6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=3D?= X-IronPort-Anti-Spam-Filtered: true X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0BKAADw1sFc/5pdJa1mHAEBAQQBAQc?= =?us-ascii?q?EAQGBUQcBAQsBgT0kLANoVSAECyiHVgOEUoo4gleXHYEugSQDVA4BARgLCoR?= =?us-ascii?q?AAoYwIzQJDgEDAQEEAQECAQJtHAELhUoBAQEEAQEQKAYBASwMCwQCAQgRBAE?= =?us-ascii?q?BHxAnCx0IAgQTCBqDAYFpAxwBDp9UAoE1iF+CIIJ5AQEFgTYCDkGCfhiCDQm?= =?us-ascii?q?BMgGEYIZoF4FAP4ERRoJMPoJhAQECAQEWgSApgzmCJplejHwJAoIIhT5RjDa?= =?us-ascii?q?CC16FS4xgjASGPYpPgy8CBAIEBQIOAQEFgU84gVZwFRohgmwJggYLAReDTIU?= =?us-ascii?q?UhT9yAYEojHeCUgEB?= X-IronPort-AV: E=Sophos;i="5.60,394,1549929600"; d="scan'208";a="540223995" Received: from rcdn-core-3.cisco.com ([173.37.93.154]) by rcdn-iport-3.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 25 Apr 2019 15:49:58 +0000 Received: from XCH-RCD-010.cisco.com (xch-rcd-010.cisco.com [173.37.102.20]) by rcdn-core-3.cisco.com (8.15.2/8.15.2) with ESMTPS id x3PFnwhh030175 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL) for ; Thu, 25 Apr 2019 15:49:58 GMT Received: from xhs-aln-003.cisco.com (173.37.135.120) by XCH-RCD-010.cisco.com (173.37.102.20) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 25 Apr 2019 10:49:57 -0500 Received: from xhs-aln-001.cisco.com (173.37.135.118) by xhs-aln-003.cisco.com (173.37.135.120) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Thu, 25 Apr 2019 10:49:57 -0500 Received: from NAM03-DM3-obe.outbound.protection.outlook.com (173.37.151.57) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Thu, 25 Apr 2019 10:49:57 -0500 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=huA3yWQvQwIn9reiCloDKaddGoeEr3yIjgkOfxS/d30=; b=htpMFYkv+EAa4r7ChtgL3bovmY6FBYefloRc6i5rqxRHFaCJINQ+jWJEyJjcg/esJ18Yq7rRY4cHGJgp8QYQ/wl8e82zM0XoJ3kXD8PnLN5+N+xS7Xtl3YvI3RHUz3dHW83uf3bGEFiumvUVX0ykzjNOkbQHEUHZCupwKqlJo7s= Received: from MWHPR11MB1838.namprd11.prod.outlook.com (10.175.53.141) by MWHPR11MB1872.namprd11.prod.outlook.com (10.175.54.7) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1813.16; Thu, 25 Apr 2019 15:49:57 +0000 Received: from MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::69c3:e052:ecf2:8829]) by MWHPR11MB1838.namprd11.prod.outlook.com ([fe80::69c3:e052:ecf2:8829%5]) with mapi id 15.20.1835.010; Thu, 25 Apr 2019 15:49:57 +0000 From: "Panos Kampanakis (pkampana)" To: "spasm@ietf.org" Thread-Topic: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-10.txt Thread-Index: AQHU+31dDif/mw/W5EmLi5pdwn4RhKZNBV8g Date: Thu, 25 Apr 2019 15:49:56 +0000 Message-ID: References: <155620682511.23402.8195171111045073817@ietfa.amsl.com> In-Reply-To: <155620682511.23402.8195171111045073817@ietfa.amsl.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com; x-originating-ip: [2001:420:c0c4:1006::22b] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 74da3085-7010-437d-f852-08d6c995aaae x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(7193020); SRVR:MWHPR11MB1872; x-ms-traffictypediagnostic: MWHPR11MB1872: x-ms-exchange-purlcount: 6 x-microsoft-antispam-prvs: x-forefront-prvs: 0018A2705B x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(376002)(396003)(346002)(366004)(136003)(39860400002)(199004)(189003)(13464003)(46003)(8936002)(966005)(14444005)(6436002)(478600001)(74316002)(33656002)(81156014)(6116002)(2501003)(102836004)(186003)(53546011)(6506007)(229853002)(86362001)(2351001)(53936002)(316002)(97736004)(256004)(25786009)(6246003)(99286004)(14454004)(9686003)(76116006)(66574012)(305945005)(73956011)(486006)(66556008)(66476007)(66946007)(66446008)(8676002)(81166006)(52536014)(1730700003)(7736002)(68736007)(11346002)(6916009)(5660300002)(476003)(7696005)(6306002)(2906002)(64756008)(446003)(5640700003)(55016002)(71190400001)(71200400001)(76176011); DIR:OUT; SFP:1101; SCL:1; SRVR:MWHPR11MB1872; H:MWHPR11MB1838.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: sEXr8xeSnosuK+B8F6wZJBxuIoUHmvEz/qIc4aoiWcciBShRkigeO5CvyWU5Pw9T0c77zK3ZcMuc/Hx8elvrLLOgShHPXneeMQ20yJquI84WOxGy2xJLHXo8rkvBxHl2UgRMhh9dNKDzGgP4D+g9+TOMYRZrO7meZ1IxjlIWnjwgBxQn3n25JsvNIjAinBcpr8Z2xPJY9P7nwmIGL8awNeECVlorF2yQ+kBNI5VJOPq2hmJG3IVh9c+OJi/a/Mcdls7XG/PnFpiH0QPcIO3VmX49gHfKsTnmDtbjNDprvQtNyEJq5mnWyKpzSnVmqvoub9GMo+E8NjBy5dWwh9TMQxRxQRxLi6URmHsb10uR5wQrsUcOYl8+dGbpZZFCzPDgHDo13VER9o8K3Vc3E8NfA38cShum4BEok/yvr3s3h5Q= Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 74da3085-7010-437d-f852-08d6c995aaae X-MS-Exchange-CrossTenant-originalarrivaltime: 25 Apr 2019 15:49:56.4652 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR11MB1872 X-OriginatorOrg: cisco.com X-Outbound-SMTP-Client: 173.37.102.20, xch-rcd-010.cisco.com X-Outbound-Node: rcdn-core-3.cisco.com Archived-At: Subject: Re: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-10.txt X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 25 Apr 2019 15:50:20 -0000 Hello,=20 Similarly to draft-ietf-lamps-pkix-shake, this iteration of draft-ietf-lamp= s-cms-shakes updates the IANA considerations section to request for OID ass= ignments from IANA since NIST will not be able to assign them in a timely m= anner. The diff is here https://tools.ietf.org/rfcdiff?url2=3Ddraft-ietf-la= mps-cms-shakes-10.txt=20 It should be ready now. Rgs, Panos -----Original Message----- From: Spasm On Behalf Of internet-drafts@ietf.org Sent: Thursday, April 25, 2019 11:40 AM To: i-d-announce@ietf.org Cc: spasm@ietf.org Subject: [lamps] I-D Action: draft-ietf-lamps-cms-shakes-10.txt A New Internet-Draft is available from the on-line Internet-Drafts director= ies. This draft is a work item of the Limited Additional Mechanisms for PKIX and= SMIME WG of the IETF. Title : Use of the SHAKE One-way Hash Functions in the Cr= yptographic Message Syntax (CMS) Authors : Panos Kampanakis Quynh Dang Filename : draft-ietf-lamps-cms-shakes-10.txt Pages : 17 Date : 2019-04-25 Abstract: This document describes the conventions for using the SHAKE family of hash functions with the Cryptographic Message Syntax (CMS) as one-way hash functions with the RSA Probabilistic signature and ECDSA signature algorithms, as message digests and message authentication codes. The conventions for the associated signer public keys in CMS are also described. The IETF datatracker status page for this draft is: https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-shakes/ There are also htmlized versions available at: https://tools.ietf.org/html/draft-ietf-lamps-cms-shakes-10 https://datatracker.ietf.org/doc/html/draft-ietf-lamps-cms-shakes-10 A diff from the previous version is available at: https://www.ietf.org/rfcdiff?url2=3Ddraft-ietf-lamps-cms-shakes-10 Please note that it may take a couple of minutes from the time of submissio= n until the htmlized version and diff are available at tools.ietf.org. Internet-Drafts are also available by anonymous FTP at: ftp://ftp.ietf.org/internet-drafts/ _______________________________________________ Spasm mailing list Spasm@ietf.org https://www.ietf.org/mailman/listinfo/spasm From nobody Mon Apr 29 11:37:36 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 91E4F120652 for ; Mon, 29 Apr 2019 11:37:34 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -2.7 X-Spam-Level: X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=digicert.com header.b=PhJOS99W; dkim=pass (1024-bit key) header.d=digicert.com header.b=nz0xLGmY Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id s-BNJW93nTbJ for ; Mon, 29 Apr 2019 11:37:31 -0700 (PDT) Received: from us-smtp-delivery-173.mimecast.com (us-smtp-delivery-173.mimecast.com [216.205.24.173]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 57600120129 for ; Mon, 29 Apr 2019 11:37:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=mimecast20190124; t=1556563049; h=from:from:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:mime-version:mime-version: content-type:content-type:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K7EAL+PFo0iYJVkiN9DTUJl4ut3tQBDJj3glrA/pBuQ=; b=PhJOS99Waa08CF2wQ2N9xkqZDcnuZirC/uIJdCXM/zE7qciU2SU03aMB4MzGqal3j5AG6FBTbyV/MXY0nUT9EFJxhXGlXa9dVLWE3kRfQttcZ9P2n42qGPuQgEgUQja5vzawsPDunXrPyAyJOnLNEvrLSs9VKWa8JJQrX4rOli4= Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01lp2052.outbound.protection.outlook.com [104.47.33.52]) (Using TLS) by relay.mimecast.com with ESMTP id us-mta-363-5sLv1dWRMrelm9uioZyjEQ-1; Mon, 29 Apr 2019 14:37:28 -0400 X-MC-Unique: 5sLv1dWRMrelm9uioZyjEQ-1 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=digicert.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=K7EAL+PFo0iYJVkiN9DTUJl4ut3tQBDJj3glrA/pBuQ=; b=nz0xLGmY4eGEerdyniPTDByrJ1sWJbKgIifQGwlRBQ6i+Kfv4de0r+qum+YhTCNoVR7W6RWEy3k4aBMzZN6tbX2E3fCERldGt3ueNfnlsYQnuEVFampmiuYP3dkHxJdpExrtjnKSU2eGXlxuVLBnce8nX/j6xL2yjnZ2ZzquscI= Received: from MWHPR14MB1533.namprd14.prod.outlook.com (10.173.233.145) by MWHPR14MB1517.namprd14.prod.outlook.com (10.173.233.141) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1835.12; Mon, 29 Apr 2019 18:37:26 +0000 Received: from MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::fcb3:fd52:eaa1:eee3]) by MWHPR14MB1533.namprd14.prod.outlook.com ([fe80::fcb3:fd52:eaa1:eee3%2]) with mapi id 15.20.1835.016; Mon, 29 Apr 2019 18:37:26 +0000 From: Tim Hollebeek To: Tim Hollebeek , SPASM Thread-Topic: WG Last Call for draft-ietf-lamps-cms-mix-with-psk Thread-Index: AdT2vkCLi33zyZtBRHqpCetZGpZnKQH/D5/g Date: Mon, 29 Apr 2019 18:37:26 +0000 Message-ID: References: In-Reply-To: Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: yes X-MS-TNEF-Correlator: authentication-results: spf=none (sender IP is ) smtp.mailfrom=tim.hollebeek@digicert.com; x-originating-ip: [98.111.253.32] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: d8838303-e898-4f3c-5464-08d6ccd1ba44 x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600141)(711020)(4605104)(2017052603328)(49563074)(7193020); SRVR:MWHPR14MB1517; x-ms-traffictypediagnostic: MWHPR14MB1517: x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:4941; x-forefront-prvs: 0022134A87 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(346002)(366004)(39860400002)(376002)(396003)(136003)(199004)(189003)(54896002)(6506007)(44832011)(6306002)(68736007)(7696005)(476003)(11346002)(14454004)(256004)(5660300002)(102836004)(478600001)(486006)(25786009)(446003)(186003)(97736004)(53546011)(229853002)(66476007)(66066001)(86362001)(26005)(76176011)(66616009)(52536014)(110136005)(66556008)(6246003)(316002)(66946007)(73956011)(99286004)(4744005)(76116006)(9686003)(74316002)(236005)(55016002)(606006)(99936001)(71190400001)(6436002)(53936002)(66446008)(64756008)(7736002)(8936002)(8676002)(81166006)(14444005)(2906002)(3846002)(6116002)(966005)(790700001)(81156014)(71200400001)(33656002); DIR:OUT; SFP:1102; SCL:1; SRVR:MWHPR14MB1517; H:MWHPR14MB1533.namprd14.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; A:1; MX:1; received-spf: None (protection.outlook.com: digicert.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam-message-info: +hZ5s2+U79gPl1VC69tu0m2McMfQNPRpUwyk5vsxTijLObDS5DTPnMMDRNkhl9kliPlWNWsqDyeyeIEOnqdjWLES40LQZ1WgdbvWKypXvkKHvhkKL9e4SdnVDYzjCjXadV1/tfm8hSjofvUKGhgBE0GZsZqew0VQdl4hryc46hqx9fVs1xx/Lyk2v4yCdoHKDUHvr0vBPE5KcH4hF7DUijcTbfSMf1pc2qy+Oi3l8IGslCMKlf1v7O5efqm7nTlSNgJI0qq9Y6/UEQb3LVknCkarzoQtvloQHljwUKjVuMmI0x9pEGrA4D4VSlyVMq2d2gTcEIkDCSrqgo9hPJu9wTO0GYEbbCaQhlpaVRiipIT7YNW1Or18e/HdtkY5phPez+/vwY57XtpeEDrZkjoKSAEEohMVmIZXA2+lzs35LGY= Content-Type: multipart/signed; protocol="application/x-pkcs7-signature"; micalg=2.16.840.1.101.3.4.2.1; boundary="----=_NextPart_000_04EE_01D4FE99.07C59E30" MIME-Version: 1.0 X-OriginatorOrg: digicert.com X-MS-Exchange-CrossTenant-Network-Message-Id: d8838303-e898-4f3c-5464-08d6ccd1ba44 X-MS-Exchange-CrossTenant-originalarrivaltime: 29 Apr 2019 18:37:26.3464 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: cf813fa1-bde5-4e75-9479-f6aaa8b1f284 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-Transport-CrossTenantHeadersStamped: MWHPR14MB1517 Archived-At: Subject: Re: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 18:37:35 -0000 ------=_NextPart_000_04EE_01D4FE99.07C59E30 Content-Type: multipart/alternative; boundary="----=_NextPart_001_04EF_01D4FE99.07C59E30" ------=_NextPart_001_04EF_01D4FE99.07C59E30 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Reminder: The last call closes next Monday. -Tim From: Spasm On Behalf Of Tim Hollebeek Sent: Friday, April 19, 2019 10:45 AM To: SPASM Subject: [lamps] WG Last Call for draft-ietf-lamps-cms-mix-with-psk This is the LAMPS WG Last Call for "Using Pre-Shared Key (PSK) in the Cryptographic Message Syntax (CMS)" . Please review the document and send your comments to the list by 6 May 2019. The datatracker page for the document is https://datatracker.ietf.org/doc/draft-ietf-lamps-cms-mix-with-psk/ Thanks, Tim ------=_NextPart_001_04EF_01D4FE99.07C59E30 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable

Reminder: The last call closes next = Monday.

 

-Tim

 

------=_NextPart_001_04EF_01D4FE99.07C59E30-- ------=_NextPart_000_04EE_01D4FE99.07C59E30 Content-Type: application/pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCCD0sw ggO3MIICn6ADAgECAhAM5+DlF9hG/o/lYPwb8DA5MA0GCSqGSIb3DQEBBQUAMGUxCzAJBgNVBAYT AlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5jb20xJDAi BgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTAeFw0wNjExMTAwMDAwMDBaFw0zMTEx MTAwMDAwMDBaMGUxCzAJBgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsT EHd3dy5kaWdpY2VydC5jb20xJDAiBgNVBAMTG0RpZ2lDZXJ0IEFzc3VyZWQgSUQgUm9vdCBDQTCC ASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAK0OFc7kQ4BcsYfzt2D5cRKlrtwmlIiq9M71 IDkoWGAM+IDaqRWVMmE8tbEohIqK3J8KDIMXeo+QrIrneVNcMYQq9g+YMjZ2zN7dPKii72r7IfJS Yd+fINcf4rHZ/hhk0hJbX/lYGDW8R82hNvlrf9SwOD7BG8OMM9nYLxj+KA+zp4PWw25EwGE1lhb+ WZyLdm3X8aJLDSv/C3LanmDQjpA1xnhVhyChz+VtCshJfDGYM2wi6YfQMlqiuhOCEe05F52ZOnKh 5vqk2dUXMXWuhX0irj8BRob2KHnIsdrkVxfEfhwOsLSSplazvbKX7aqn8LfFqD+VFtD/oZbrCF8Y d08CAwEAAaNjMGEwDgYDVR0PAQH/BAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFEXr oq/0ksuCMS1Ri6enIZ3zbcgPMB8GA1UdIwQYMBaAFEXroq/0ksuCMS1Ri6enIZ3zbcgPMA0GCSqG SIb3DQEBBQUAA4IBAQCiDrzf4u3w43JzemSUv/dyZtgy5EJ1Yq6H6/LV2d5Ws5/MzhQouQ2XYFwS TFjk0z2DSUVYlzVpGqhH6lbGeasS2GeBhN9/CTyU5rgmLCC9PbMoifdf/yLil4Qf6WXvh+DfwWdJ s13rsgkq6ybteL59PyvztyY1bV+JAbZJW58BBZurPSXBzLZ/wvFvhsb6ZGjrgS2U60K3+owe3WLx vlBnt2y98/Efaww2BxZ/N3ypW2168RJGYIPXJwS+S86XvsNnKmgR34DnDDNmvxMNFG7zfx9jEB76 jRslbWyPpbdhAbHSoyahEHGdreLD+cOZUbcrBwjOLuZQsqf6CkUvovDyMIIFOjCCBCKgAwIBAgIQ Di7WjgxCjxTrYbReNHesEzANBgkqhkiG9w0BAQsFADBlMQswCQYDVQQGEwJVUzEVMBMGA1UEChMM RGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMSQwIgYDVQQDExtEaWdpQ2Vy dCBTSEEyIEFzc3VyZWQgSUQgQ0EwHhcNMTcxMTI4MDAwMDAwWhcNMjIwMjI1MTIwMDAwWjBWMQsw CQYDVQQGEwJVUzENMAsGA1UECBMEVXRhaDENMAsGA1UEBxMETGVoaTERMA8GA1UEChMIRGlnaUNl cnQxFjAUBgNVBAMTDVRpbSBIb2xsZWJlZWswggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB AQDKUTIS9F3d7CfkCjsf4my28pYoZJDkEAiXVqGP4jzbFkszUQNfW3PYpFUo1GnKQykl/tM0qnzw 05bfVLo1+ce0e9fyAwYfulr+HaAVCPqx+PZw9CDY6c0NYd7Fc7S0scONxKekNF4q1mUucfGuGapW sEsyix0CuR0NMuJ4I+w8qMn9MzjzI7bvduG+uVLmZIi0p6D8+2R5BOQFy0tVeQ/aLfS91fG1DTYF YkPF+a/6JlFxzywPzCth8KW2Po4w8JqQWtam/ADKrgMaOnEJs9csefTW/FWRDeGQk5t3rnyS19FP QfpyPPau4ChB5xokfRcg3VEwqfOoIIexjUhZY5X9AgMBAAGjggHzMIIB7zAfBgNVHSMEGDAWgBTn AiOAAE/Y17yUC9k/dDlJMjyKeTAdBgNVHQ4EFgQUjqBhf3GcBV6YGYSmp2iS4Wi/3N4wDAYDVR0T AQH/BAIwADAlBgNVHREEHjAcgRp0aW0uaG9sbGViZWVrQGRpZ2ljZXJ0LmNvbTAOBgNVHQ8BAf8E BAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMEMGA1UdIAQ8MDowOAYKYIZIAYb9 bAQBAjAqMCgGCCsGAQUFBwIBFhxodHRwczovL3d3dy5kaWdpY2VydC5jb20vQ1BTMIGIBgNVHR8E gYAwfjA9oDugOYY3aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFzc3VyZWRJ RENBLWcyLmNybDA9oDugOYY3aHR0cDovL2NybDQuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0U0hBMkFz c3VyZWRJRENBLWcyLmNybDB5BggrBgEFBQcBAQRtMGswJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw LmRpZ2ljZXJ0LmNvbTBDBggrBgEFBQcwAoY3aHR0cDovL2NhY2VydHMuZGlnaWNlcnQuY29tL0Rp Z2lDZXJ0U0hBMkFzc3VyZWRJRENBLmNydDANBgkqhkiG9w0BAQsFAAOCAQEAmOLw9+cVMHn8tJ0k 76baCfFZwkvfvxSAlCXo+Fcsv55/og0V065Rpb4HvVTi0e0qKCMbBxc71NWxhMvKJHt+sfSmVatX mAOPNDRvtVvJBkcd0bvzMut/r3npQqs1wezHLtAq+MlQZDjgiJB+DkNblnnphzEQSp7q/4K9oMoP KViRxBv+/kseA8GOfhHU6EVmeu9xQrBqexH1DPUrUSGpNGDyvtUaU+bBy8Kz2hQfOu6f/73wLqUx e583C9y2Gqn1xCB77yPxXqRSLLRC6FbrToJbKiFYQJ4znZZyhPYJHL0SOpWyXfVKp4PEO54A/xr5 oVyPhEQhOtasoIRCLtHZrzCCBk4wggU2oAMCAQICEASueWBmZpAaucV/pmxb3M0wDQYJKoZIhvcN AQELBQAwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3 LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgQXNzdXJlZCBJRCBSb290IENBMB4XDTEz MTEwNTEyMDAwMFoXDTI4MTEwNTEyMDAwMFowZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lD ZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hB MiBBc3N1cmVkIElEIENBMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA3PgRIz9qte/A J3kbLQWHohBDMd8O1BUbT3ekIs4+jHDwvgeO3ScqvAEdtiwKyt1pWB9B7WoFH9pjeFkeIiwr+Lp+ yTU7VvEffEJ+JbAjGcZFONc9RPkgfGCuHLBaGAS+jzv3qfCUmqYMY0m2QRdTQDK9T+ZQelAfJUXo 8Ymvzf9e/1Dz8BcR/73FifW9YrnY+45FBIVtmc3FSE39JqsCNkXqNtdfauIagkEK3OnZ9ZEXjsYh rTg8E+Yef2ac1U3ZRtr2z1KnfTskw7TBUTXGm+vU737kewPhRL16CzfgT8uCig1xGOSm4IksG/Oy czzBsJKeGH29q33FfQihLMKfcwIDAQABo4IC+DCCAvQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNV HQ8BAf8EBAMCAYYwNAYIKwYBBQUHAQEEKDAmMCQGCCsGAQUFBzABhhhodHRwOi8vb2NzcC5kaWdp Y2VydC5jb20wgYEGA1UdHwR6MHgwOqA4oDaGNGh0dHA6Ly9jcmw0LmRpZ2ljZXJ0LmNvbS9EaWdp Q2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwOqA4oDaGNGh0dHA6Ly9jcmwzLmRpZ2ljZXJ0LmNvbS9E aWdpQ2VydEFzc3VyZWRJRFJvb3RDQS5jcmwwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwME MIIBswYDVR0gBIIBqjCCAaYwggGiBgpghkgBhv1sAAIEMIIBkjAoBggrBgEFBQcCARYcaHR0cHM6 Ly93d3cuZGlnaWNlcnQuY29tL0NQUzCCAWQGCCsGAQUFBwICMIIBVh6CAVIAQQBuAHkAIAB1AHMA ZQAgAG8AZgAgAHQAaABpAHMAIABDAGUAcgB0AGkAZgBpAGMAYQB0AGUAIABjAG8AbgBzAHQAaQB0 AHUAdABlAHMAIABhAGMAYwBlAHAAdABhAG4AYwBlACAAbwBmACAAdABoAGUAIABEAGkAZwBpAEMA ZQByAHQAIABDAFAALwBDAFAAUwAgAGEAbgBkACAAdABoAGUAIABSAGUAbAB5AGkAbgBnACAAUABh AHIAdAB5ACAAQQBnAHIAZQBlAG0AZQBuAHQAIAB3AGgAaQBjAGgAIABsAGkAbQBpAHQAIABsAGkA YQBiAGkAbABpAHQAeQAgAGEAbgBkACAAYQByAGUAIABpAG4AYwBvAHIAcABvAHIAYQB0AGUAZAAg AGgAZQByAGUAaQBuACAAYgB5ACAAcgBlAGYAZQByAGUAbgBjAGUALjAdBgNVHQ4EFgQU5wIjgABP 2Ne8lAvZP3Q5STI8inkwHwYDVR0jBBgwFoAUReuir/SSy4IxLVGLp6chnfNtyA8wDQYJKoZIhvcN AQELBQADggEBAE7UiSe5/R2Hd34PKAWQ8QovyTs+vZOckMav+pFRhzJUa+jKwXFRXJmOtfrgYhmZ pgeafBMn2+UCooQS2RX2CkRXxDSPbXMfOtagAT3e44LkRWuy6yX9gF4dOZC+W0L2zpFg4/mgVgxI EM4zaHvNk6vwastPWA+5e10bBIGepyLiV0kn7pKTCL5pCFMCOi5dyBn0UIBOAtmwXZG0k4f5lpaB VUCOZu2C2LsoX+1MYe0GWCgZUxFEvEcgKbIEbNiJVJk7ddtneCweknjGVT1YEhEybr1DDE0023vG QtvsvqubYUwGkuOO3yEqUFcEwGCiNdUknmY3CUnP1fhls+DibsIxggO/MIIDuwIBATB5MGUxCzAJ BgNVBAYTAlVTMRUwEwYDVQQKEwxEaWdpQ2VydCBJbmMxGTAXBgNVBAsTEHd3dy5kaWdpY2VydC5j b20xJDAiBgNVBAMTG0RpZ2lDZXJ0IFNIQTIgQXNzdXJlZCBJRCBDQQIQDi7WjgxCjxTrYbReNHes EzANBglghkgBZQMEAgEFAKCCAhcwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG9w0B CQUxDxcNMTkwNDI5MTgzNzExWjAvBgkqhkiG9w0BCQQxIgQgzZzIjT+nx20qTCQUb399Rdf8BT4z uNZ8nohJje61i04wgYgGCSsGAQQBgjcQBDF7MHkwZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERp Z2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2ljZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQg U0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOthtF40d6wTMIGKBgsqhkiG9w0BCRACCzF7oHkw ZTELMAkGA1UEBhMCVVMxFTATBgNVBAoTDERpZ2lDZXJ0IEluYzEZMBcGA1UECxMQd3d3LmRpZ2lj ZXJ0LmNvbTEkMCIGA1UEAxMbRGlnaUNlcnQgU0hBMiBBc3N1cmVkIElEIENBAhAOLtaODEKPFOth tF40d6wTMIGTBgkqhkiG9w0BCQ8xgYUwgYIwCwYJYIZIAWUDBAEqMAsGCWCGSAFlAwQBFjAKBggq hkiG9w0DBzALBglghkgBZQMEAQIwDgYIKoZIhvcNAwICAgCAMA0GCCqGSIb3DQMCAgFAMAsGCWCG SAFlAwQCATALBglghkgBZQMEAgMwCwYJYIZIAWUDBAICMAcGBSsOAwIaMA0GCSqGSIb3DQEBAQUA BIIBAMi7BqZO1how+0SeXygAB3E23NurWotbxxO/mImVDbEdAI+DBE7Oi0P4wtjGr3juzh03rUMF crA5ZunDVlo31cElq/WUGMyF8YwnwFsoF8bPBD+3g1up/J/h8wejpWFSTmGCFbI56JWmBGtAlKsP 5yQORoichUWYa8FS0FdwFXGVQPCvFpMEUnYvFINhR7Ps+NrDc6dx/l4hUWVW2TsoykWyzNCq52be CUPy5jeVQW/ox4kQ4WD1azpcLCwTkiyCvjN6ooOXtsoelSt2ZXLmdJQhRMq1iaDS8VG8RdM0IxSl 3fKHJbyQ0hlIEiPp0Ii4EkH7HRZUXV4ia3qbml+t6BsAAAAAAAA= ------=_NextPart_000_04EE_01D4FE99.07C59E30-- From nobody Mon Apr 29 15:35:22 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 3D881120153 for ; Mon, 29 Apr 2019 15:35:21 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -1.898 X-Spam-Level: X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 63Urmq5LyzgF for ; Mon, 29 Apr 2019 15:35:18 -0700 (PDT) Received: from mail.smeinc.net (mail.smeinc.net [209.135.209.11]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 242A41200EA for ; Mon, 29 Apr 2019 15:35:18 -0700 (PDT) Received: from localhost (localhost [127.0.0.1]) by mail.smeinc.net (Postfix) with ESMTP id 10AF7300AA2 for ; Mon, 29 Apr 2019 18:17:00 -0400 (EDT) X-Virus-Scanned: amavisd-new at mail.smeinc.net Received: from mail.smeinc.net ([127.0.0.1]) by localhost (mail.smeinc.net [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id Fgs7lHqaqVoS for ; Mon, 29 Apr 2019 18:16:58 -0400 (EDT) Received: from a860b60074bd.fios-router.home (unknown [138.88.156.37]) by mail.smeinc.net (Postfix) with ESMTPSA id 427223004C7 for ; Mon, 29 Apr 2019 18:16:58 -0400 (EDT) From: Russ Housley Content-Type: multipart/alternative; boundary="Apple-Mail=_AF3A3D52-75C9-4BA3-8470-55BAA069957A" Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.8\)) Message-Id: <710BFEBF-B7CE-458B-8B37-8C98428B2800@vigilsec.com> References: <20190429215902.902E0B81E91@rfc-editor.org> To: SPASM Date: Mon, 29 Apr 2019 18:35:15 -0400 X-Mailer: Apple Mail (2.3445.104.8) Archived-At: Subject: [lamps] RFC 8554 on Leighton-Micali Hash-Based Signatures X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 29 Apr 2019 22:35:21 -0000 --Apple-Mail=_AF3A3D52-75C9-4BA3-8470-55BAA069957A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii FYI, the LMS/HSS signature algorithm has been published an an = informational RFC. Russ > From: rfc-editor@rfc-editor.org > Subject: [IRTF-Announce] RFC 8554 on Leighton-Micali Hash-Based = Signatures > Date: April 29, 2019 at 5:59:02 PM EDT > To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org, = irtf-announce@irtf.org > Cc: drafts-update-ref@iana.org, cfrg@irtf.org, = rfc-editor@rfc-editor.org >=20 > A new Request for Comments is now available in online RFC libraries. >=20 >=20 > RFC 8554 >=20 > Title: Leighton-Micali Hash-Based Signatures=20 > Author: D. McGrew, > M. Curcio, > S. Fluhrer > Status: Informational > Stream: IRTF > Date: April 2019 > Mailbox: mcgrew@cisco.com,=20 > micurcio@cisco.com,=20 > sfluhrer@cisco.com > Pages: 61 > Characters: 135954 > Updates/Obsoletes/SeeAlso: None >=20 > I-D Tag: draft-mcgrew-hash-sigs-15.txt >=20 > URL: https://www.rfc-editor.org/info/rfc8554 >=20 > DOI: 10.17487/RFC8554 >=20 > This note describes a digital-signature system based on cryptographic > hash functions, following the seminal work in this area of Lamport, > Diffie, Winternitz, and Merkle, as adapted by Leighton and Micali in > 1995. It specifies a one-time signature scheme and a general > signature scheme. These systems provide asymmetric authentication > without using large integer mathematics and can achieve a high > security level. They are suitable for compact implementations, are > relatively simple to implement, and are naturally resistant to > side-channel attacks. Unlike many other signature systems, hash-based > signatures would still be secure even if it proves feasible for an > attacker to build a quantum computer. >=20 > This document is a product of the Crypto Forum Research Group (CFRG) > in the IRTF. This has been reviewed by many researchers, both in the > research group and outside of it. The Acknowledgements section lists > many of them. >=20 >=20 > INFORMATIONAL: This memo provides information for the Internet = community. > It does not specify an Internet standard of any kind. Distribution of > this memo is unlimited. >=20 > This announcement is sent to the IETF-Announce, rfc-dist and = IRTF-Announce lists.To subscribe or unsubscribe, see > https://www.ietf.org/mailman/listinfo/ietf-announce > https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist > https://www.irtf.org/mailman/listinfo/irtf-announce >=20 > For searching the RFC series, see https://www.rfc-editor.org/search > For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk >=20 > Requests for special distribution should be addressed to either the > author of the RFC in question, or to rfc-editor@rfc-editor.org. = Unless > specifically noted otherwise on the RFC itself, all RFCs are for > unlimited distribution. >=20 >=20 > The RFC Editor Team > Association Management Solutions, LLC >=20 --Apple-Mail=_AF3A3D52-75C9-4BA3-8470-55BAA069957A Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=us-ascii FYI, = the LMS/HSS signature algorithm has been published an an informational = RFC.

Russ


From: rfc-editor@rfc-editor.org
Subject: = [IRTF-Announce] = RFC 8554 on Leighton-Micali Hash-Based Signatures
Date: = April 29, 2019 at 5:59:02 PM = EDT
To: = ietf-announce@ietf.org, rfc-dist@rfc-editor.org, irtf-announce@irtf.org
Cc: drafts-update-ref@iana.org, cfrg@irtf.org, rfc-editor@rfc-editor.org

A new Request for Comments is = now available in online RFC libraries.


       RFC 8554

=        Title: =      Leighton-Micali Hash-Based Signatures
       Author: =     D. McGrew,
=             &n= bsp;      M. Curcio,
=             &n= bsp;      S. Fluhrer
=        Status: =     Informational
=        Stream: =     IRTF
=        Date: =       April 2019
=        Mailbox:    mcgrew@cisco.com,
=             &n= bsp;      micurcio@cisco.com, =
=             &n= bsp;      sfluhrer@cisco.com
       Pages: =      61
=        Characters: 135954
=        Updates/Obsoletes/SeeAlso: =   None

=        I-D Tag: =    draft-mcgrew-hash-sigs-15.txt

       URL: =        https://www.rfc-editor.org/info/rfc8554

       DOI: =        10.17487/RFC8554

This note describes a digital-signature system = based on cryptographic
hash functions, following the = seminal work in this area of Lamport,
Diffie, Winternitz, = and Merkle, as adapted by Leighton and Micali in
1995. =  It specifies a one-time signature scheme and a general
signature scheme.  These systems provide asymmetric = authentication
without using large integer mathematics and = can achieve a high
security level.  They are suitable = for compact implementations, are
relatively simple to = implement, and are naturally resistant to
side-channel = attacks.  Unlike many other signature systems, hash-based
signatures would still be secure even if it proves feasible = for an
attacker to build a quantum computer.

This document is a product of the Crypto Forum = Research Group (CFRG)
in the IRTF.  This has been = reviewed by many researchers, both in the
research group = and outside of it.  The Acknowledgements section lists
many of them.


INFORMATIONAL: This memo provides information for the = Internet community.
It does not specify an Internet = standard of any kind. Distribution of
this memo is = unlimited.

This announcement is sent to the = IETF-Announce, rfc-dist and IRTF-Announce lists.To subscribe or = unsubscribe, see
 https://www.ietf.org/mailman/listinfo/ietf-announce
 https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist  https://www.irtf.org/mailman/listinfo/irtf-announce

For searching the RFC series, see https://www.rfc-editor.org/search
For = downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk
Requests for special distribution should be addressed to = either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are = for
unlimited distribution.

The RFC Editor Team
Association Management = Solutions, LLC


= --Apple-Mail=_AF3A3D52-75C9-4BA3-8470-55BAA069957A-- From nobody Tue Apr 30 14:05:04 2019 Return-Path: X-Original-To: spasm@ietf.org Delivered-To: spasm@ietfa.amsl.com Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BD12D12007C; Tue, 30 Apr 2019 14:04:53 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 8bit From: =?utf-8?q?=C3=89ric_Vyncke_via_Datatracker?= To: "The IESG" Cc: lamps-chairs@ietf.org, spasm@ietf.org X-Test-IDTracker: no X-IETF-IDTracker: 6.95.1 Auto-Submitted: auto-generated Precedence: bulk Reply-To: =?utf-8?q?=C3=89ric_Vyncke?= Message-ID: <155665829376.7576.13399672661852441049.idtracker@ietfa.amsl.com> Date: Tue, 30 Apr 2019 14:04:53 -0700 Archived-At: Subject: [lamps] =?utf-8?q?=C3=89ric_Vyncke=27s_No_Objection_on_charter-i?= =?utf-8?q?etf-lamps-03-00?= X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 Apr 2019 21:04:54 -0000 Éric Vyncke has entered the following ballot position for charter-ietf-lamps-03-00: No Objection When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/charter-ietf-lamps/ There are no remarks associated with this position. From nobody Tue Apr 30 18:08:12 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 318811201D3; Tue, 30 Apr 2019 18:08:10 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id CeiWx_VTj4qx; Tue, 30 Apr 2019 18:08:07 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8EAA61201CF; Tue, 30 Apr 2019 18:08:07 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 207EEB81B19; Tue, 30 Apr 2019 18:07:56 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, spasm@ietf.org Content-type: text/plain; charset=UTF-8 Message-Id: <20190501010756.207EEB81B19@rfc-editor.org> Date: Tue, 30 Apr 2019 18:07:56 -0700 (PDT) Archived-At: Subject: [lamps] =?utf-8?q?RFC_8550_on_Secure/Multipurpose_Internet_Mail_?= =?utf-8?q?Extensions_=28S/MIME=29_Version_4=2E0_Certificate_Handling?= X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 01:08:10 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8550 Title: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Certificate Handling Author: J. Schaad, B. Ramsdell, S. Turner Status: Standards Track Stream: IETF Date: April 2019 Mailbox: ietf@augustcellars.com, blaker@gmail.com, sean@sn3rd.com Pages: 29 Characters: 63210 Obsoletes: RFC 5750 I-D Tag: draft-ietf-lamps-rfc5750-bis-08.txt URL: https://www.rfc-editor.org/info/rfc8550 DOI: 10.17487/RFC8550 This document specifies conventions for X.509 certificate usage by Secure/Multipurpose Internet Mail Extensions (S/MIME) v4.0 agents. S/MIME provides a method to send and receive secure MIME messages, and certificates are an integral part of S/MIME agent processing. S/MIME agents validate certificates as described in RFC 5280 ("Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile"). S/MIME agents must meet the certificate-processing requirements in this document as well as those in RFC 5280. This document obsoletes RFC 5750. This document is a product of the Limited Additional Mechanisms for PKIX and SMIME Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC From nobody Tue Apr 30 18:08:38 2019 Return-Path: X-Original-To: spasm@ietfa.amsl.com Delivered-To: spasm@ietfa.amsl.com Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A917F1202C9; Tue, 30 Apr 2019 18:08:23 -0700 (PDT) X-Virus-Scanned: amavisd-new at amsl.com X-Spam-Flag: NO X-Spam-Score: -4.201 X-Spam-Level: X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 04_pjc6V29Cj; Tue, 30 Apr 2019 18:08:22 -0700 (PDT) Received: from rfc-editor.org (rfc-editor.org [4.31.198.49]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 37E5212042D; Tue, 30 Apr 2019 18:08:21 -0700 (PDT) Received: by rfc-editor.org (Postfix, from userid 30) id 69922B81C25; Tue, 30 Apr 2019 18:08:09 -0700 (PDT) To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org X-PHP-Originating-Script: 1005:ams_util_lib.php From: rfc-editor@rfc-editor.org Cc: rfc-editor@rfc-editor.org, drafts-update-ref@iana.org, spasm@ietf.org Content-type: text/plain; charset=UTF-8 Message-Id: <20190501010809.69922B81C25@rfc-editor.org> Date: Tue, 30 Apr 2019 18:08:09 -0700 (PDT) Archived-At: Subject: [lamps] =?utf-8?q?RFC_8551_on_Secure/Multipurpose_Internet_Mail_?= =?utf-8?q?Extensions_=28S/MIME=29_Version_4=2E0_Message_Specification?= X-BeenThere: spasm@ietf.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 May 2019 01:08:31 -0000 A new Request for Comments is now available in online RFC libraries. RFC 8551 Title: Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 Message Specification Author: J. Schaad, B. Ramsdell, S. Turner Status: Standards Track Stream: IETF Date: April 2019 Mailbox: ietf@augustcellars.com, blaker@gmail.com, sean@sn3rd.com Pages: 63 Characters: 136849 Obsoletes: RFC 5751 I-D Tag: draft-ietf-lamps-rfc5751-bis-11.txt URL: https://www.rfc-editor.org/info/rfc8551 DOI: 10.17487/RFC8551 This document defines Secure/Multipurpose Internet Mail Extensions (S/MIME) version 4.0. S/MIME provides a consistent way to send and receive secure MIME data. Digital signatures provide authentication, message integrity, and non-repudiation with proof of origin. Encryption provides data confidentiality. Compression can be used to reduce data size. This document obsoletes RFC 5751. This document is a product of the Limited Additional Mechanisms for PKIX and SMIME Working Group of the IETF. This is now a Proposed Standard. STANDARDS TRACK: This document specifies an Internet Standards Track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the Official Internet Protocol Standards (https://www.rfc-editor.org/standards) for the standardization state and status of this protocol. Distribution of this memo is unlimited. This announcement is sent to the IETF-Announce and rfc-dist lists. To subscribe or unsubscribe, see https://www.ietf.org/mailman/listinfo/ietf-announce https://mailman.rfc-editor.org/mailman/listinfo/rfc-dist For searching the RFC series, see https://www.rfc-editor.org/search For downloading RFCs, see https://www.rfc-editor.org/retrieve/bulk Requests for special distribution should be addressed to either the author of the RFC in question, or to rfc-editor@rfc-editor.org. Unless specifically noted otherwise on the RFC itself, all RFCs are for unlimited distribution. The RFC Editor Team Association Management Solutions, LLC