IETF Logo Mail Archive

Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake?

"Panos Kampanakis (pkampana)" <pkampana@cisco.com> Mon, 08 April 2019 14:21 UTC

Return-Path: <pkampana@cisco.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6ACE21203C3 for <spasm@ietfa.amsl.com>; Mon, 8 Apr 2019 07:21:37 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -14.501
X-Spam-Level:
X-Spam-Status: No, score=-14.501 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RCVD_IN_DNSWL_HI=-5, SPF_PASS=-0.001, USER_IN_DEF_DKIM_WL=-7.5] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=cisco.com header.b=Cwru0qmq; dkim=pass (1024-bit key) header.d=cisco.onmicrosoft.com header.b=Q+UNPBO1
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lx1H8cR10V32 for <spasm@ietfa.amsl.com>; Mon, 8 Apr 2019 07:21:35 -0700 (PDT)
Received: from rcdn-iport-8.cisco.com (rcdn-iport-8.cisco.com [173.37.86.79]) (using TLSv1.2 with cipher DHE-RSA-SEED-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CEE8E1201A3 for <spasm@ietf.org>; Mon, 8 Apr 2019 07:21:34 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cisco.com; i=@cisco.com; l=5252; q=dns/txt; s=iport; t=1554733294; x=1555942894; h=from:to:subject:date:message-id:references:in-reply-to: content-transfer-encoding:mime-version; bh=kNl/eFbFGKriA+diC6/ymIJE54Ko16VPxi8Do7NacMg=; b=Cwru0qmqxd3RVtY8nM/AN3g+uehJAjM0XNIXzaIMre0B3s6u24KwQzZ9 kmIZeQNXUHTcgcSTmxg9UtX6kjamoeCv59BpYtQfiS0kw0WBWs0qw9iKl yTXXHwBWm59EBRTCLGOJV1fZtaeldk/ZdII3OjY6b8NR85Ap481TYr+mB I=;
IronPort-PHdr: =?us-ascii?q?9a23=3AP75o0hNTstDzj7u2FA8l6mtXPHoupqn0MwgJ65?= =?us-ascii?q?Eul7NJdOG58o//OFDEu6w/l0fHCIPc7f8My/HbtaztQyQh2d6AqzhDFf4ETB?= =?us-ascii?q?oZkYMTlg0kDtSCDBjjL/fvdyU8FexJVURu+DewNk0GUMs=3D?=
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: =?us-ascii?q?A0CCAADYV6tc/51dJa1bChoBAQEBAQI?= =?us-ascii?q?BAQEBBwIBAQEBgVQCAQEBAQsBgT1QA2hUIAQLJ4QOg0cDjydKgg2XGIJSA1Q?= =?us-ascii?q?OAQEYDQeEQAIXhU4iNwYNAQEDAQEJAQIBAm0cDIVKAQEBAwEBASERDAEBLAw?= =?us-ascii?q?LBAIBCBEEAQEBAgImAgICJQsVCAgCBAESCIMbgV0DDQgBDqMSAooUcYEvgnk?= =?us-ascii?q?BAQWBMQGDRhiCDAMFgQslAYtGF4FAP4ERRoIeLj6CYQEBAoE0LRWCczGCJop?= =?us-ascii?q?ggjaETJQnCQKIAYwaggWJeYheiCmDKoEahQiNXAIEAgQFAg4BAQWBZSKBVnA?= =?us-ascii?q?VO4JsggoLAReDTIF/gxWFP3IBCQKBHI9FAQE?=
X-IronPort-AV: E=Sophos;i="5.60,325,1549929600"; d="scan'208";a="543031640"
Received: from rcdn-core-6.cisco.com ([173.37.93.157]) by rcdn-iport-8.cisco.com with ESMTP/TLS/DHE-RSA-SEED-SHA; 08 Apr 2019 14:21:33 +0000
Received: from XCH-ALN-015.cisco.com (xch-aln-015.cisco.com [173.36.7.25]) by rcdn-core-6.cisco.com (8.15.2/8.15.2) with ESMTPS id x38ELXCQ015432 (version=TLSv1.2 cipher=AES256-SHA bits=256 verify=FAIL); Mon, 8 Apr 2019 14:21:33 GMT
Received: from xhs-aln-001.cisco.com (173.37.135.118) by XCH-ALN-015.cisco.com (173.36.7.25) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 09:21:32 -0500
Received: from xhs-rcd-001.cisco.com (173.37.227.246) by xhs-aln-001.cisco.com (173.37.135.118) with Microsoft SMTP Server (TLS) id 15.0.1473.3; Mon, 8 Apr 2019 09:21:32 -0500
Received: from NAM02-SN1-obe.outbound.protection.outlook.com (72.163.14.9) by xhs-rcd-001.cisco.com (173.37.227.246) with Microsoft SMTP Server (TLS) id 15.0.1473.3 via Frontend Transport; Mon, 8 Apr 2019 09:21:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cisco.onmicrosoft.com; s=selector1-cisco-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=kNl/eFbFGKriA+diC6/ymIJE54Ko16VPxi8Do7NacMg=; b=Q+UNPBO16u9kgPftLbcxWzISJQUhO0VElBMqjIxS/2fTx5UBFb1kGrkYRgzUKjKzva7ECFxILKKYgtj5qXDBil4GwmgVmyLULEUFi72zKodarbzlNHxn35Wen6FP2ftlrdKTz2GcZj/ADuJRAgFv1xDUePsElECfoKR53TWmbPI=
Received: from CY4PR11MB1527.namprd11.prod.outlook.com (10.172.70.18) by CY4PR11MB2005.namprd11.prod.outlook.com (10.173.16.146) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.1771.21; Mon, 8 Apr 2019 14:21:31 +0000
Received: from CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef]) by CY4PR11MB1527.namprd11.prod.outlook.com ([fe80::11b1:a7a0:b5b8:bef%8]) with mapi id 15.20.1771.016; Mon, 8 Apr 2019 14:21:31 +0000
From: "Panos Kampanakis (pkampana)" <pkampana@cisco.com>
To: Sean Leonard <dev+ietf@seantek.com>, SPASM <spasm@ietf.org>
Thread-Topic: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake?
Thread-Index: AQHU6qHeoogdjLzcwEaYbIaaJw/Dc6YsBXQggAA4OACABhlfEA==
Date: Mon, 8 Apr 2019 14:21:31 +0000
Message-ID: <CY4PR11MB1527FABBA7FFF6D8219E63A9C92C0@CY4PR11MB1527.namprd11.prod.outlook.com>
References: <0d9b3a03-e20a-4daa-166a-4ef2cbeeba83@seantek.com> <CY4PR11MB1527156AE6031586C8BBE93DC9500@CY4PR11MB1527.namprd11.prod.outlook.com> <a38d76ce-a26e-7ea3-b5e4-dedd9f29490d@seantek.com>
In-Reply-To: <a38d76ce-a26e-7ea3-b5e4-dedd9f29490d@seantek.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: spf=none (sender IP is ) smtp.mailfrom=pkampana@cisco.com;
x-originating-ip: [2001:420:c0c4:1005::f1]
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 3d4cb1b7-4981-4484-3e49-08d6bc2d7f83
x-microsoft-antispam: BCL:0; PCL:0; RULEID:(2390118)(7020095)(4652040)(8989299)(4534185)(4627221)(201703031133081)(201702281549075)(8990200)(5600139)(711020)(4605104)(2017052603328)(7193020); SRVR:CY4PR11MB2005;
x-ms-traffictypediagnostic: CY4PR11MB2005:
x-ms-exchange-purlcount: 4
x-microsoft-antispam-prvs: <CY4PR11MB2005717ACC0F2AEFBE9A06DCC92C0@CY4PR11MB2005.namprd11.prod.outlook.com>
x-forefront-prvs: 0001227049
x-forefront-antispam-report: SFV:NSPM; SFS:(10009020)(979002)(366004)(346002)(136003)(39860400002)(396003)(376002)(13464003)(189003)(199004)(99286004)(186003)(446003)(74316002)(102836004)(9686003)(6306002)(55016002)(46003)(53936002)(86362001)(229853002)(53546011)(6506007)(11346002)(476003)(76176011)(7696005)(6246003)(6436002)(486006)(33656002)(478600001)(966005)(14454004)(6116002)(97736004)(105586002)(52536014)(7736002)(305945005)(2906002)(106356001)(68736007)(316002)(8676002)(110136005)(71200400001)(81166006)(8936002)(71190400001)(81156014)(25786009)(256004)(14444005)(5660300002)(969003)(989001)(999001)(1009001)(1019001); DIR:OUT; SFP:1101; SCL:1; SRVR:CY4PR11MB2005; H:CY4PR11MB1527.namprd11.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1;
received-spf: None (protection.outlook.com: cisco.com does not designate permitted sender hosts)
x-ms-exchange-senderadcheck: 1
x-microsoft-antispam-message-info: ji7Dyx0yX834tLn7s34BWHgaLW7RxbFcfqaKWYhNwYinLPu2ErKU0jUuI3l2jHaBi9bbm56hvmXfaQWRVb2KhRlQqFIqxBYvq9rGIRJl71I7NYXMoGt8Q2BLBlPMQ9DZz8tMHSdg8vbrS7PVbdj4xBncPuMwXiag2KijtiNVjOfLlkKxkZ3Iq0aWXLHKAQ15RKuOJy9NErwpt214XmtUdP/LdJW2Y+vKJ0WxKt7tPRfABK0XV2SFUaJjBEd0s951PfSAgHCUBecuSIZx564iIL2W7pZRs1M59OLoO7KhvCWsK6oYJMWlmDzSyY7Gn8KfPtEpBzchvTvTfQ4wG9plxEeUAjtXL1Qm16PHyAXwTKdskEZTeN0oHh9aurpPPnPcxwk0/1FCLD99LNzsWOfCh8XjXg6Lf5WVzP3MpQnh9PI=
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
MIME-Version: 1.0
X-MS-Exchange-CrossTenant-Network-Message-Id: 3d4cb1b7-4981-4484-3e49-08d6bc2d7f83
X-MS-Exchange-CrossTenant-originalarrivaltime: 08 Apr 2019 14:21:31.7160 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 5ae1af62-9505-4097-a69a-c1553ef7840e
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-Transport-CrossTenantHeadersStamped: CY4PR11MB2005
X-OriginatorOrg: cisco.com
X-Outbound-SMTP-Client: 173.36.7.25, xch-aln-015.cisco.com
X-Outbound-Node: rcdn-core-6.cisco.com
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/A4kzfopJ8r554dINCi_pydINq3A>
Subject: Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake?
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "This is a venue for discussion of doing Some Pkix And SMime \(spasm\) work." <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Apr 2019 14:21:38 -0000

Thanks Sean. 
I updated the draft to accommodate your comment. The commit that addresses it is here https://github.com/csosto-pk/adding-shake-to-pkix/commit/b67c4641172f671b271ecec02f46cde2b9205b23 

I will reupload the draft at the end of this week probably unless there are more comments while in IESG review. 

Panos


-----Original Message-----
From: Spasm <spasm-bounces@ietf.org> On Behalf Of Sean Leonard
Sent: Thursday, April 04, 2019 1:12 PM
To: Panos Kampanakis (pkampana) <pkampana@cisco.com>om>; SPASM <spasm@ietf.org>
Subject: Re: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake?

Hi Panos,

On 4/4/2019 7:50 AM, Panos Kampanakis (pkampana) wrote:
> Hi Sean,
>
>> I have a need to identify SHAKE128 and SHAKE256 algorithms by text strings.
> The OIDs for SHAKEs are defined by NIST https://csrc.nist.gov/projects/computer-security-objects-register/algorithm-registration#Hash That, along with the new OIDs in the draft-ietf-lamps-pkix-shake draft, are enough for introducing SHAKEs in X.509 which is what this draft is doing.
>
> Does your need relate to PKIX at all?

Yes, and no. The need relates to protocols that depend on PKIX.

RFC 8122 is "Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP)". So basically it is SDP, and is a product of the MMUSIC WG (in ART).

Sometimes people need to identify hash algorithms with text strings. RFC
8122 (obsoletes RFC 4572) defines such a registry. No need to reinvent the wheel.

There is no change to OIDs. The textual registration requires that the OIDs already be allocated for identification.

The alternate plan is to draft a Standards Track RFC specifically for the purpose of making the textual registration, referring to draft-ietf-lamps-pkix-shake. That seems like unnecessary work, but I will do it if that is what is required.

Best regards,

Sean

>
> Rgs,
> Panos
>
>
> -----Original Message-----
> From: Spasm <spasm-bounces@ietf.org> On Behalf Of Sean Leonard
> Sent: Thursday, April 04, 2019 12:48 AM
> To: SPASM <spasm@ietf.org>
> Subject: [lamps] Need SHAKE text strings, add to draft-ietf-lamps-pkix-shake?
>
> I have a need to identify SHAKE128 and SHAKE256 algorithms by text strings.
>
> There is an IANA registry aptly named “Hash Function Textual Names”:
> <https://www.iana.org/assignments/hash-function-text-names/hash-function-text-names.xhtml>.
>
> I request the following change to draft-ietf-lamps-pkix-shake:
>
> Change 6. IANA Considerations to read:
>
> ~~~
>
>      IANA is directed to update the Hash Function Textual Names
>      registry [RFC8122] with two additional entries for SHAKE128
>      and SHAKE256. Table 1 contains the new values of this registry.
>
>          +--------------------+-------------------------+-----------+
>          | Hash Function Name |          OID            | Reference |
>          +--------------------+-------------------------+-----------+
>          |     "shake256"     | 2.16.840.1.101.3.4.2.11 |  [THIS]   |
>          |     "shake512"     | 2.16.840.1.101.3.4.2.12 |  [THIS]   |
>          +--------------------+-------------------------+-----------+
>
>
>               Table 1: IANA Hash Function Textual Names Registry
>
>
> ~~~
>
> Furthermore, RFC 8122 says that the registering Standards Track RFC has to update RFC 3279. So, the status of draft-ietf-lamps-pkix-shake is supposed to be changed to Updates: RFC 3279.
>
> Thank you,
>
> Sean
>
> _______________________________________________
> Spasm mailing list
> Spasm@ietf.org
> https://www.ietf.org/mailman/listinfo/spasm

_______________________________________________
Spasm mailing list
Spasm@ietf.org
https://www.ietf.org/mailman/listinfo/spasm

v2.8.10 | Report a Bug | By Email