Re: [pkix] Question about Curve P-192
Ernst G Giessmann <giessman@informatik.hu-berlin.de> Fri, 11 May 2018 15:58 UTC
Return-Path: <giessman@informatik.hu-berlin.de>
X-Original-To: pkix@ietfa.amsl.com
Delivered-To: pkix@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E53AC12741D for <pkix@ietfa.amsl.com>; Fri, 11 May 2018 08:58:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=informatik.hu-berlin.de
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id AronaUj9M_Mo for <pkix@ietfa.amsl.com>; Fri, 11 May 2018 08:58:38 -0700 (PDT)
Received: from mailout1.informatik.hu-berlin.de (mailout1.informatik.hu-berlin.de [141.20.20.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3A3F0126CB6 for <pkix@ietf.org>; Fri, 11 May 2018 08:58:38 -0700 (PDT)
Received: from mailbox.informatik.hu-berlin.de (mailbox [141.20.20.63]) by mail.informatik.hu-berlin.de (8.15.1/8.15.1/INF-2.0-MA-SOLARIS-2.10-25) with ESMTPS id w4BFwXgL003065 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=OK) for <pkix@ietf.org>; Fri, 11 May 2018 17:58:35 +0200 (MEST)
Received: from [192.168.2.104] (p2E57CDBE.dip0.t-ipconnect.de [46.87.205.190]) (authenticated bits=0) by mailbox.informatik.hu-berlin.de (8.15.1/8.15.1/INF-2.0-MA-SOLARIS-2.10-AUTH-26-465-587) with ESMTPSA id w4BFwUVK003051 (version=TLSv1.2 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) for <pkix@ietf.org>; Fri, 11 May 2018 17:58:33 +0200 (MEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=informatik.hu-berlin.de; s=mailbox; t=1526054313; bh=ExJfsx725PcVe5ZqYDE9GNyWj3jJ+nvPEvDZzjZ2djY=; h=Subject:To:References:From:Date:In-Reply-To; b=WEzcFLgqlu2fiNgqwZq+JAcHiUdDh8HqqyGqYnARW/+Mz3XqEOU2+UUjnxfAH/cuQ 0ehxjsZjQtoF+2MAXkFWvTrAh9PG5+teaSkU6PiULW/lLkSbDpn0OZX3im2y7HdGmU UcCAMRYu1F5jiE9s+tvEoAc0ev/DhXkt38zb8elU=
To: pkix@ietf.org
References: <5481b2bb-25cc-6d1f-d255-16403f2221de@free.fr> <38461622-c7e9-58f4-acd2-5451c37408ba@informatik.hu-berlin.de> <9721F6F1-BA0F-4A86-A1C9-7910003D00E8@vigilsec.com> <810C31990B57ED40B2062BA10D43FBF501C71CBD@XMB116CNC.rim.net> <77eb0920-c6a2-2697-46d0-b0ab0366d9da@free.fr> <CANeU+ZDJYqGJZrVk2GzfJ-TZYc+=ptqj1-+8Ko0s3TvK_jHLhw@mail.gmail.com> <689887b5-b034-5c4c-648c-3854321ce2c7@free.fr>
From: Ernst G Giessmann <giessman@informatik.hu-berlin.de>
Openpgp: preference=signencrypt
Autocrypt: addr=giessman@informatik.hu-berlin.de; prefer-encrypt=mutual; keydata= xsBNBEs9Ow0BCACmbNqkEfzjXjR9MmVQxUsJVwMNeFNR//ErnstG+Giessmann//XRR+v7Ux HGaFHyzuR1aVPlRqjd7FyGt2RdjoumhVG9neqThI6B7BApKqD+z8XofzBwtmOVog/bQel/CH IbRTlKaoLz6X/5stCnYS9GUj3oqrnIoqr41DpMlipXHAEQstUSNtHa8uTa8zolCtaaKYm2gs A9k2D02M+jJBtOwFZeOfMcStxp+epnA1qygDRgWvCqEc5lyG9pQw8V8ZmGiULjQlUSmjvkNh SN+gKY2vGJcxVuLr64fCDTtCHFHin471n+MvCMdetAnzk869M4vHVyQeYhd2Jx59qc2jABdA AIHNNEVybnN0IEcgR2llc3NtYW5uIDxnaWVzc21hbkBpbmZvcm1hdGlrLmh1LWJlcmxpbi5k ZT7CwLcEEwEIAGECG6MCHgECF4AFCRLV3ecFCwkIBwMFFQgJCgsDFgIBOBpodHRwOi8vd3d3 LmluZm9ybWF0aWsuaHUtYmVybGluLmRlL35naWVzc21hbi9ncGctY3AudHh0BQJWHPUlAhkB AAoJEA4CfLKaaO8dCyQH/1LEsp0hDBMRHdC9wMAuQ0iVDvqHEvw8DZYfKEpuV9wiH4IX05Y9 dt10ldBhA8EUFM149QFkxWNG8h4iYMh9+hCUqLDpfGWTAWsfbcbxV40pDj7wDz2+HMsGZhHh e5CKCdURaIsvrYjCbLx6M5jCIfPB6xdQwOrZPvE9sq5VfgnJIrg0HRxUcrAEdnX4Gi6H9aAl KL/PxuDGI1oV67o/kJxjmUWmD3oaFq6KYj3vCZC4veuXZ1pTkZQbvOyWsJKzrP8SQ1AoWwVW EHvhr2YzvjUxfcB/WBlZ7hVisdiA7Bkc/5j+1S9eEyJYdY4GS/7hM7Aq0G+3iobpZ+Zjj3ya iY/OwEUES0caowEHwLbbq4iyK9yYgnSnyHWzeFmRdY1P86xaCv9cKVbwM01DSF6Gfd2xzE2J AJOhq+mSpF9Ay6ZEK6FShilupXT2rV42ciWZZNDCy/GNt7hEZ4oqK5UgZJwwNkL3gIRLQcGE a3BzDfOA5G8nxuCb7KMW3kc78Qy5CvxtsrlYiBPtKbLALP/DIzOm6UzcsMHvSnKtQJgPIdvP yxZQ3/I7AAqkSXWFTo8cUm715Y7HdakHEskTvu6dQq8GIEllGjFer44GNKXhKEFJanXrU9K9 Na7WzY610YkhHQGKMh/cm3bM7lOs7UDAPWquvN/Yatq83FXFts+iCxqUKf8TABEBAAHCwF8E GAEIAAkFAktHGqMCGwwACgkQDgJ8sppo7x02mwgAov9Gq53uvZG00fEykqUVtTD9ZV1ZJo3d kYuWeVjH+sqAflgsQHZV+3rBpvr8LgE9oPQT+BGLtTDX9tu+qHLIwdt/9BVHaqQ5BRYS23KP 4vM6N+12Dn1TIGppf0JG0lyrBU6plhJQofWX4in82g/SU7+d+gXaN26bT25EhA6g8cy6hPsh PsPB1wnVRGRSoYP1BXq6JPegZd0maTIIJRGbkSSxcbQidujbx35y4eQ1XQ74OlcOB6mNrX3f go3mC69o1CpclASjlX1/+bguBFR34oJth/IW9tMS7pYiEPfALHOW824B88AqtXtVTeHfAp78 8zKwT6Twt21WzoZ5hYJ+oA==
Message-ID: <a5dcd9e7-ccd2-9aa6-bcc2-20219adf43f4@informatik.hu-berlin.de>
Date: Fri, 11 May 2018 17:58:29 +0200
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0
MIME-Version: 1.0
In-Reply-To: <689887b5-b034-5c4c-648c-3854321ce2c7@free.fr>
Content-Type: multipart/alternative; boundary="------------C565284FDB8C78E25EF58355"
X-Virus-Scanned: clamav-milter 0.99.2 at mailbox
X-Virus-Status: Clean
X-Greylist: Sender succeeded STARTTLS authentication, not delayed by milter-greylist-4.6.1 (mail.informatik.hu-berlin.de [141.20.20.50]); Fri, 11 May 2018 17:58:35 +0200 (MEST)
Archived-At: <https://mailarchive.ietf.org/arch/msg/pkix/EdbVAf19GXLDG_ZW0mJg8LhsCX0>
Subject: Re: [pkix] Question about Curve P-192
X-BeenThere: pkix@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: PKIX Working Group <pkix.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/pkix>, <mailto:pkix-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/pkix/>
List-Post: <mailto:pkix@ietf.org>
List-Help: <mailto:pkix-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/pkix>, <mailto:pkix-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 11 May 2018 15:58:41 -0000
Am 2018-05-11 um 12:09 schrieb Denis: > Michael, > > I don't see how RFC 5480 can be used to obtain an *identifier* for a > cryptographic *suite* for both P-192 and > a SHA-256 hash function truncated to 192 bits. > > In between, I got a response why the leftmost bits shall be used. > > Close to the end of section 6.4NIST FIPS 186-4 > <http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf> states: > > When the length of the output of the hash function is greater than > the bit length of /n/, then the *leftmost **/n/**bits* of the hash > function > output block *shall be used* in any calculation using the hash > function output during the generation or verification of a digital > signature. > > A hash function that provides a lower security strength than the > security strength associated with the bit length of n ordinarily > *should not* > be used, since this would reduce the security strength of the > digital signature process to a level no greater than that provided > by the hash function. > Yes, and therefore you can use any hash function (in the sense of ISO), because the output of a hash function is **always** a bit string. /Ernst.
- [pkix] Question about Curve P-192 Denis
- Re: [pkix] Question about Curve P-192 Ernst G Giessmann
- Re: [pkix] Question about Curve P-192 Russ Housley
- Re: [pkix] Question about Curve P-192 Dan Brown
- Re: [pkix] Question about Curve P-192 Denis
- Re: [pkix] Question about Curve P-192 Michael StJohns
- Re: [pkix] Question about Curve P-192 Denis
- Re: [pkix] Question about Curve P-192 Dan Brown
- Re: [pkix] Question about Curve P-192 Denis
- Re: [pkix] Question about Curve P-192 Dan Brown
- Re: [pkix] Question about Curve P-192 Ernst G Giessmann
- Re: [pkix] Question about Curve P-192 Michael StJohns
- Re: [pkix] Question about Curve P-192 Ernst G Giessmann