Certificate capabilities using symmetric keys
4 views
Skip to first unread message
Alan Karp
Aug 25, 2023, 6:54:08 PM8/25/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
All the certificate-based capability systems I know use asymmetric key pairs. Does anyone know of a system that uses only symmetric keys?
--------------
Alan Karp
--------------
Alan Karp
Ben Laurie
Aug 27, 2023, 12:18:23 PM8/27/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
If you don't have asymmetry, then you can't have proof of action (that is, the server could claim the client had done something it didn't do).
This may not matter, depending on your use case. So, what is your use case?
Also, I refer you to Macaroons (https://en.wikipedia.org/wiki/Macaroons_(computer_science)), which were motivated by capability use cases. They have some neat features that aren't directly mappable onto capabilities, but seem like nice additions.
--
You received this message because you are subscribed to the Google Groups "cap-talk" group.
To unsubscribe from this group and stop receiving emails from it, send an email to cap-talk+u...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z1V9ifcbpn35b3Z%3DcP2eyU7XE28yyCA9cSLfVeLmFpSjA%40mail.gmail.com.
Christine Lemmer-Webber
Oct 2, 2023, 1:47:29 PM10/2/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
I don't know of any. I'd be interested in seeing such a thing done
though.
though.
Benjamin Goering
Oct 2, 2023, 1:53:20 PM10/2/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
What security property would the symmetric part provide?
(e.g. is that a proxy for the implication that the capability details would be encrypted and not just signed for authenticity/integrity?)
Alan Karp
Oct 2, 2023, 1:58:26 PM10/2/23
to cap-...@googlegroups.com
On Mon, Oct 2, 2023 at 10:53 AM Benjamin Goering <b...@bengo.co> wrote:
What security property would the symmetric part provide?(e.g. is that a proxy for the implication that the capability details would be encrypted and not just signed for authenticity/integrity?)
Symmetric keys is one of the requirements of Tigress, https://datatracker.ietf.org/doc/draft-ietf-tigress-requirements that says:
* (Req-CredentialType) The solution shall support transfer of various Digital Credential types, based on symmetric and asymmetric cryptography, public and proprietary standards.
That's the only place the word "symmetric" appears in the document.
--------------
Alan Karp
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/6F75C35E-4BA5-4610-9D91-220ECAA84943%40bengo.co.
Christine Lemmer-Webber
Oct 2, 2023, 2:55:47 PM10/2/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
The case in which it was raised for me was Bill Frantz suggested I try
to do OCapN's handoff certificates with symmetric keys instead of
asymmetric. I couldn't figure out how to do it, but the rationale for
it would be that it might survive quantum computing based attacks on
asymmetric key systems.
to do OCapN's handoff certificates with symmetric keys instead of
asymmetric. I couldn't figure out how to do it, but the rationale for
it would be that it might survive quantum computing based attacks on
asymmetric key systems.
Benjamin Goering
Oct 2, 2023, 3:06:40 PM10/2/23
to cap-...@googlegroups.com, <friam@googlegroups.com>
Thanks Christine.
Makes me wonder how/which symmetric would be more PQS than asymmetric XMSS https://www.rfc-editor.org/rfc/rfc8391.html
> To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/87il7oetw1.fsf%40dustycloud.org.
Makes me wonder how/which symmetric would be more PQS than asymmetric XMSS https://www.rfc-editor.org/rfc/rfc8391.html
Alan Karp
Oct 2, 2023, 5:36:12 PM10/2/23
to cap-...@googlegroups.com
On Mon, Oct 2, 2023 at 12:06 PM Benjamin Goering <b...@bengo.co> wrote:
Thanks Christine.
Makes me wonder how/which symmetric would be more PQS than asymmetric XMSS https://www.rfc-editor.org/rfc/rfc8391.html
Post-quantum algorithms are relatively new and, therefore, less battle hardened. In fact, someone recently found a conventional attack against one of the 4 NIST candidates. The attacks on pre-quantum asymmetric algorithms are based on period finding, something that doesn't work for symmetric keys, which are effectively randomly chosen bits.
--------------
Alan Karp
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/E6C16FFE-DED5-47ED-93BD-67031365D519%40bengo.co.
Benjamin Goering
Oct 2, 2023, 6:01:35 PM10/2/23
to cap-...@googlegroups.com
I've been following the relevant NIST PQC list for awhile.
My understanding was MSS was less weak than others.
e.g. I see "Breaking Symmetric Cryptosystems using Quantum Period Finding" https://inria.hal.science/hal-01404196/document
> Second, we show that Simon’s algorithm can also be applied to slide
attacks, leading to an exponential speed-up of a classical symmetric
cryptanalysis technique in the quantum model.
attacks, leading to an exponential speed-up of a classical symmetric
cryptanalysis technique in the quantum model.
Ah, and I found this for why XMSS may not be prominently featured in PQC lit: it's a stateful method which doesn't meet the stateless API requirements that most are focused on improving
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CANpA1Z1AQQ%3Ds%2BdsKPW8KGQ2TcPNM5NuTwvTDsBEJ%2BWATJGnK%2BA%40mail.gmail.com.
Mark S. Miller
Oct 2, 2023, 8:07:59 PM10/2/23
to cap-...@googlegroups.com
Of historic interest (only?):
But only for online ocaps, not certs. It is at least amusing ;)
To view this discussion on the web visit https://groups.google.com/d/msgid/cap-talk/CAN%2BOhBPO7th5so6io2jXq8zOaw03vSiExLT81OLfDxquC9-yqw%40mail.gmail.com.
Cheers,
--MarkM
--MarkM
Reply all
Reply to author
Forward
0 new messages