[Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02
Robert Moskowitz <rgm-sec@htt-consult.com> Thu, 03 October 2019 15:46 UTC
Return-Path: <rgm-sec@htt-consult.com>
X-Original-To: cfrg@ietfa.amsl.com
Delivered-To: cfrg@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 39FC61200B6 for <cfrg@ietfa.amsl.com>; Thu, 3 Oct 2019 08:46:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Level:
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id BXDxsB-4DW4C for <cfrg@ietfa.amsl.com>; Thu, 3 Oct 2019 08:46:37 -0700 (PDT)
Received: from z9m9z.htt-consult.com (z9m9z.htt-consult.com [23.123.122.147]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3D621200B1 for <cfrg@irtf.org>; Thu, 3 Oct 2019 08:46:36 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by z9m9z.htt-consult.com (Postfix) with ESMTP id E45766211F for <cfrg@irtf.org>; Thu, 3 Oct 2019 11:46:35 -0400 (EDT)
X-Virus-Scanned: amavisd-new at htt-consult.com
Received: from z9m9z.htt-consult.com ([127.0.0.1]) by localhost (z9m9z.htt-consult.com [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 8BOwHfVTnUVH for <cfrg@irtf.org>; Thu, 3 Oct 2019 11:46:31 -0400 (EDT)
Received: from lx140e.htt-consult.com (unknown [192.168.160.12]) (using TLSv1.2 with cipher DHE-RSA-AES128-SHA (128/128 bits)) (No client certificate requested) by z9m9z.htt-consult.com (Postfix) with ESMTPSA id B545562116 for <cfrg@irtf.org>; Thu, 3 Oct 2019 11:46:29 -0400 (EDT)
To: "cfrg@irtf.org" <cfrg@irtf.org>
From: Robert Moskowitz <rgm-sec@htt-consult.com>
Message-ID: <9d0c79d6-3e98-9e24-9c32-e57e4fb23ae0@htt-consult.com>
Date: Thu, 03 Oct 2019 11:46:16 -0400
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:68.0) Gecko/20100101 Thunderbird/68.1.0
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="------------CFE086C6D61896BF5BC96504"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/cfrg/uiOtXiPMi7SN2ia57Uj6gehZvCg>
Subject: [Cfrg] Please review/comment on draft-moskowitz-hip-new-crypto-02
X-BeenThere: cfrg@irtf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Crypto Forum Research Group <cfrg.irtf.org>
List-Unsubscribe: <https://www.irtf.org/mailman/options/cfrg>, <mailto:cfrg-request@irtf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/cfrg/>
List-Post: <mailto:cfrg@irtf.org>
List-Help: <mailto:cfrg-request@irtf.org?subject=help>
List-Subscribe: <https://www.irtf.org/mailman/listinfo/cfrg>, <mailto:cfrg-request@irtf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 15:46:40 -0000
This draft adds support of EdDSA, EC25519/EC448, and Keccak hashes and cipher (Keyak) to HIP (rfc 7401). The interest to this group, is I believe this is the 1st? major adoption of Keccak (FIPS 202, sp800-185, and sp800-56Cr1) in IETF drafts. KMAC vs HMAC is perhaps the simplest change. It would seem that KMAC (sp800-185) is more efficient than HMAC and might be of advantage to high capacity situations. Then there is the KDF based on sp800-56Cr1 (called KEYMAT in HIP lingo). This is a significant change from RFC5869 and sp800-108. But I have assurances? that it meets the needed strength requirements. Finally I am perhaps 'jumping the gun' on NIST's lightweight crypto competition with specifying Keyak, but for a constrained device developer, it means one underlying engine to support. TBD is a separate draft to amend RFC7402 to add Keyak to HIP's use of ESP (and include diet-ESP). The only 'hidden' gotcha is EdDSA25519 using SHA512 rather than a cSHAKE256 with 512 bits output (see KEYMAT above). This has code-size implications to constrained system developers. Otherwise it is all 'new' crypto. ====================================== A new version of I-D, draft-moskowitz-hip-new-crypto-02.txt has been successfully submitted by Robert Moskowitz and posted to the IETF repository. Name: draft-moskowitz-hip-new-crypto Revision: 02 Title: New Cryptographic Algorithms for HIP Document date: 2019-10-03 Group: Individual Submission Pages: 12 URL:https://www.ietf.org/internet-drafts/draft-moskowitz-hip-new-crypto-02.txt Status:https://datatracker.ietf.org/doc/draft-moskowitz-hip-new-crypto/ Htmlized:https://tools.ietf.org/html/draft-moskowitz-hip-new-crypto-02 Htmlized:https://datatracker.ietf.org/doc/html/draft-moskowitz-hip-new-crypto Diff:https://www.ietf.org/rfcdiff?url2=draft-moskowitz-hip-new-crypto-02 Abstract: This document provides new cryptographic algorithms to be used with HIP. The Edwards Elliptic Curve and the Keccak sponge functions are the main focus. The HIP parameters and processing instructions impacted by these algorithms are defined. Please note that it may take a couple of minutes from the time of submission until the htmlized version and diff are available at tools.ietf.org. The IETF Secretariat
- [Cfrg] Please review/comment on draft-moskowitz-h… Robert Moskowitz
- Re: [Cfrg] Please review/comment on draft-moskowi… Scott Arciszewski
- Re: [Cfrg] Please review/comment on draft-moskowi… Robert Moskowitz
- Re: [Cfrg] Please review/comment on draft-moskowi… John Mattsson
- Re: [Cfrg] Please review/comment on draft-moskowi… Scott Arciszewski
- Re: [Cfrg] Please review/comment on draft-moskowi… Robert Moskowitz
- Re: [Cfrg] Please review/comment on draft-moskowi… Scott Arciszewski
- Re: [Cfrg] Please review/comment on draft-moskowi… John Mattsson
- Re: [Cfrg] Please review/comment on draft-moskowi… Robert Moskowitz