Re: [Rats] Which Asymmetric algorithms for Charra?
"Panwei (William)" <william.panwei@huawei.com> Wed, 26 August 2020 01:37 UTC
Return-Path: <william.panwei@huawei.com>
X-Original-To: rats@ietfa.amsl.com
Delivered-To: rats@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 003023A0B76 for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 18:37:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=unavailable autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id skL0DamLxjJz for <rats@ietfa.amsl.com>; Tue, 25 Aug 2020 18:37:10 -0700 (PDT)
Received: from huawei.com (lhrrgout.huawei.com [185.176.76.210]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id B75AD3A0B79 for <rats@ietf.org>; Tue, 25 Aug 2020 18:37:09 -0700 (PDT)
Received: from lhreml727-chm.china.huawei.com (unknown [172.18.7.107]) by Forcepoint Email with ESMTP id 6AA30E81594D582F0933 for <rats@ietf.org>; Wed, 26 Aug 2020 02:37:08 +0100 (IST)
Received: from nkgeml708-chm.china.huawei.com (10.98.57.160) by lhreml727-chm.china.huawei.com (10.201.108.78) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Wed, 26 Aug 2020 02:37:07 +0100
Received: from nkgeml705-chm.china.huawei.com (10.98.57.154) by nkgeml708-chm.china.huawei.com (10.98.57.160) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) id 15.1.1913.5; Wed, 26 Aug 2020 09:37:05 +0800
Received: from nkgeml705-chm.china.huawei.com ([10.98.57.154]) by nkgeml705-chm.china.huawei.com ([10.98.57.154]) with mapi id 15.01.1913.007; Wed, 26 Aug 2020 09:37:05 +0800
From: "Panwei (William)" <william.panwei@huawei.com>
To: "Eric Voit (evoit)" <evoit=40cisco.com@dmarc.ietf.org>
CC: "rats@ietf.org" <rats@ietf.org>
Thread-Topic: Which Asymmetric algorithms for Charra?
Thread-Index: AdZwFfR0sMtRnzzORw2twimiOLxijgAX+PawABmh0rACmwjsIA==
Date: Wed, 26 Aug 2020 01:37:05 +0000
Message-ID: <c166a285dbc647e59599076cc42dc7bc@huawei.com>
References: <BL0PR11MB3122651915512C2D122B35A7A1450@BL0PR11MB3122.namprd11.prod.outlook.com> <d323dbd7a24c46f0bb5074f7aad4903d@huawei.com> <BL0PR11MB3122D96A348E755D5384D032A1420@BL0PR11MB3122.namprd11.prod.outlook.com>
In-Reply-To: <BL0PR11MB3122D96A348E755D5384D032A1420@BL0PR11MB3122.namprd11.prod.outlook.com>
Accept-Language: zh-CN, en-US
Content-Language: zh-CN
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.164.120.6]
Content-Type: multipart/alternative; boundary="_000_c166a285dbc647e59599076cc42dc7bchuaweicom_"
MIME-Version: 1.0
X-CFilter-Loop: Reflected
Archived-At: <https://mailarchive.ietf.org/arch/msg/rats/9BlNpi4k68zM6v8oGapKPLCmHaY>
Subject: Re: [Rats] Which Asymmetric algorithms for Charra?
X-BeenThere: rats@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Remote ATtestation procedureS <rats.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/rats>, <mailto:rats-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/rats/>
List-Post: <mailto:rats@ietf.org>
List-Help: <mailto:rats-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/rats>, <mailto:rats-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 26 Aug 2020 01:37:12 -0000
Hi Eric, Got it. Now I have no questions. Regards & Thanks! Wei Pan From: RATS [mailto:rats-bounces@ietf.org] On Behalf Of Eric Voit (evoit) Sent: Thursday, August 13, 2020 3:20 AM To: Panwei (William) <william.panwei@huawei.com> Cc: rats@ietf.org Subject: Re: [Rats] Which Asymmetric algorithms for Charra? Hi Wei Pan, I don't think we need to define a key length for RSA. * None of our RPCs are involved with generating a new key. And we can always discover the length of the key by referencing the information from the keystore using known information (e.g., the certificate-name). * Looking at the various SHA algorithms, they are actually different algorithms (since they produce different digest sizes). * If we just match to what is in the TCG spec, we don't have to define/defend a different scoping than they have already made. Thanks, Eric From: RATS <rats-bounces@ietf.org<mailto:rats-bounces@ietf.org>> On Behalf Of Panwei (William) Sent: Wednesday, August 12, 2020 3:59 AM To: Eric Voit (evoit) <evoit@cisco.com<mailto:evoit@cisco.com>> Cc: rats@ietf.org<mailto:rats@ietf.org> Subject: Re: [Rats] Which Asymmetric algorithms for Charra? Hi Eric, Generally, I'm fine with your proposal. I have only one question below. The TCG_Algorithm_Registry_r1p32_pub defines a variety of SHA algorithms named with key length as a suffix, it also defines the ID values for the different curves used for elliptic curve cryptography. But it seems like that the TCG_Algorithm_Registry_r1p32_pub doesn't specify the key length of the RSA algorithm. So do we need to define fine-granular RSA algorithms in the YANG module? Regards & Thanks! Wei Pan From: RATS [mailto:rats-bounces@ietf.org] On Behalf Of Eric Voit (evoit) Sent: Wednesday, August 12, 2020 6:52 AM To: rats@ietf.org<mailto:rats@ietf.org> Subject: [Rats] Which Asymmetric algorithms for Charra? During the charra presentation at IETF 108, we said we were going to ask the following question to the list: "Should the algorithm set defined in YANG be reduced to just those asymmetric algorithms currently exposed in the current TPM 1.2 and 2 specifications?" This is reflected seen in https://www.ietf.org/proceedings/108/slides/slides-108-rats-sessb-charra-update-00, Slide 7. The proposal I would like to make is as follows: * The TCG tracked algorithms supportable by a TPM should be the only ones included in a charra maintained list of YANG identities. * This identity set needs to be extendable to new algorithms for any YANG models which augment charra. * TCG Algorithm Registry Revision 01.32, Table 3 at https://trustedcomputinggroup.org/wp-content/uploads/TCG-_Algorithm_Registry_r1p32_pub.pdf contains the algorithms we should encode. * There are other types of information within this table, and we might as well encode the full table within a YANG model. That way we can explicitly make the scope of a "ietf-tcg-algs.yang" model the contents this TCG table encoded in YANG. * The YANG model will indicate what TCG algorithms are deprecated by the IETF. However identities for these deprecated algorithms from the TCG table will be assigned. (e.g., SHA-1) Are there any objections/questions/comments on this proposal? I have a strawman YANG file posted at: https://github.com/ietf-rats-wg/basic-yang-module/compare/master...ericvoit:patch-4<https://github.com/ietf-rats-wg/basic-yang-module/compare/master.....ericvoit:patch-4> Henk also is thinking of encoding this same Table information within CDDL. That could be inserted as an additional informational element of the document for where people prefer CDDL. Eric Eric Voit Principal Engineer .:|:.:|:. Cisco Systems, Inc.
- [Rats] Which Asymmetric algorithms for Charra? Eric Voit (evoit)
- Re: [Rats] Which Asymmetric algorithms for Charra? Michael Richardson
- Re: [Rats] Which Asymmetric algorithms for Charra? Eric Voit (evoit)
- Re: [Rats] Which Asymmetric algorithms for Charra? Panwei (William)
- Re: [Rats] Which Asymmetric algorithms for Charra? Eric Voit (evoit)
- Re: [Rats] Which Asymmetric algorithms for Charra? Panwei (William)