IETF Logo Mail Archive

Re: [lamps] [EXTERNAL] Re: Adoption call for draft-housley-lamps-cms-sha3-hash

Mike Ounsworth <Mike.Ounsworth@entrust.com> Sat, 28 October 2023 18:08 UTC

Return-Path: <Mike.Ounsworth@entrust.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BEB21C151073 for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 11:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=entrust.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4lFJ6QXWISOA for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 11:07:59 -0700 (PDT)
Received: from mx08-0015a003.pphosted.com (mx08-0015a003.pphosted.com [185.183.30.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2BDBCC14CE47 for <spasm@ietf.org>; Sat, 28 Oct 2023 11:07:58 -0700 (PDT)
Received: from pps.filterd (m0242863.ppops.net [127.0.0.1]) by mx08-0015a003.pphosted.com (8.17.1.22/8.17.1.22) with ESMTP id 39S6hf8M026427; Sat, 28 Oct 2023 13:07:54 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=entrust.com; h= from:to:cc:subject:date:message-id:references:in-reply-to :content-type:mime-version; s=mail1; bh=/DHs5TZgFdfGukpc+uY+BUNh h9+XuQRBhAPh2Y+OObY=; b=FCEnOCRbdT3u7pAijCcasrkitjT0VanxW8OngyCI g9xMVlGcYDQgAMOmS93EV/0w61Rtc/criIyQy93Omdo3n7Su4MAExfqdDBscdLHk mMIIXWwLLeOmLE7UTpJQdFfUMXZzkea+k/kxP2SNsnF0fOHK/MjDIm3P7oP6pdx+ wvwqxZsfD04bA8PpF8+FTrQukmA3wfbD6woZ8EwlI6b1S8z57vpzIpbH9/d2HlZF arw2RWuP3aVnwydm0vvQQrn6hU8kNOnqZlgp15cxj4Lv99Sr0EFI4aZcoDfHNlIl +pjawzOsF0OAXrn9e4HdD3WDrP1aZihozanYN4re423gpQ==
Received: from nam04-bn8-obe.outbound.protection.outlook.com (mail-bn8nam04lp2041.outbound.protection.outlook.com [104.47.74.41]) by mx08-0015a003.pphosted.com (PPS) with ESMTPS id 3u0w9khtmd-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Sat, 28 Oct 2023 13:07:54 -0500 (CDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=g+tE2e9Cn6Jpt8kZ27+P28FLIhl9spUfTz+FRPCjt+ITOupK3QAfF6fIyfIywaGWnL+WYVPv+D/6xX4kimgQkWbT5zE7vN6Qb1XobHqSgh2zQZeZhNUtJQprHaBPHVRABn2LbuX1gL35SyNNNGHeUYpyd6ETuvkLdF43RUw3Wq7u810AfuUj29uO/O1wCR1tT14Lwgxy7R8sFkWp3yw000C7JG0n6ZIxlFAoNtHPsrN4NoXlVpEqlKhgcIgsFLmnuioB4FDbKPrVeTx6DbFHmnIpWV8I1brFLiXJlkjzVZAOK/tbKG98IEAYVbpVI/9XKAl2DX5vylBsx8cS9JStoQ==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=LR4CLDTTdNUnx4ebP440DfwVrfhNPvy0vK23YeBYkEk=; b=SPQKS6exYcknzcljY6uOnMcsWcbP+9kmOYaRkgIDVv+yyWcrPV64iHzkrGlhDRdULISOz62gv2j3yo5Gk+wRp7g5ZEi6H4W+Fs+b2RRxZ8/vWtap+0fcw907Zft5KDY9ancnlQfjQD4JB9c9DwkJ7PHiKQQkn0gTtnph1eNJuwkPsk7E1FZx8VZJYiJtc4aZxFpsp2hyZYGF5Cq97XPg5Ha783sOcwWq1PIESgLCJg8cJWwz5PliV69bL9pxjYihR+IyLzwNexIL0WCz/dvImyCghf53LnAOZlr1JRvepd2PdtS7hpu46KCIZUGDWQyMT7DyQZYj/a2nfkolzvjbuQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=entrust.com; dmarc=pass action=none header.from=entrust.com; dkim=pass header.d=entrust.com; arc=none
Received: from CH0PR11MB5739.namprd11.prod.outlook.com (2603:10b6:610:100::20) by IA1PR11MB7680.namprd11.prod.outlook.com (2603:10b6:208:3fb::21) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6907.33; Sat, 28 Oct 2023 18:07:50 +0000
Received: from CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9154:8630:8db3:6f4d]) by CH0PR11MB5739.namprd11.prod.outlook.com ([fe80::9154:8630:8db3:6f4d%6]) with mapi id 15.20.6933.024; Sat, 28 Oct 2023 18:07:49 +0000
From: Mike Ounsworth <Mike.Ounsworth@entrust.com>
To: Russ Housley <housley@vigilsec.com>, Panos Kampanakis <kpanos@amazon.com>
CC: LAMPS <spasm@ietf.org>
Thread-Topic: [EXTERNAL] Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash
Thread-Index: AdoI6y+y2y5ZcOeiSVKlqZs1jTYungAXnD9wABsEw4AAANSTWA==
Date: Sat, 28 Oct 2023 18:07:48 +0000
Message-ID: <CH0PR11MB573915B912FA76F9D2A8B3239FA3A@CH0PR11MB5739.namprd11.prod.outlook.com>
References: <SN7PR14MB64924398A13D7C521AEDF4B283DCA@SN7PR14MB6492.namprd14.prod.outlook.com> <bfa2812c899541cc84f7c5abb38ee435@amazon.com> <597E6452-69BF-41EE-A3EB-19AF0A01304C@vigilsec.com>
In-Reply-To: <597E6452-69BF-41EE-A3EB-19AF0A01304C@vigilsec.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-ms-publictraffictype: Email
x-ms-traffictypediagnostic: CH0PR11MB5739:EE_|IA1PR11MB7680:EE_
x-ms-office365-filtering-correlation-id: e8eb3f6d-4835-48fb-dbcd-08dbd7e0cb50
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: V6d5VcbT+5pp7vyAXKwuHLsRsImg3eH8SXIeoDaOrSF2TD2KjzqZBbp9qrzXAkygH1BBWkvMqKDKJco+sE/sMq1IgE3gcFFdKZaw6+rHdyXikUc5LvRqQ4nrqbo98ZFCzn1aurzXKcLdbZxJkFV80s3FI+aqh8XH+eo9e55PKtAV7Xr4EK7nuK3YAB+SQ81Gt7DckgstCW1XB257XHl75HusHaNLIJ+UmsFWNXgu0ZtWTqnZFHlY65o7t1n4OiD36JJyXSeK7cIVVmKXBiUGZLycVanMx3xwnlCrIKnoUklRiObOWzPE2OV2xoc+CCnHhexYkhXSSPT7dUGWOtUku6xzjYmyxheSgHaIdnWR5vwG6OP//QMvqMTnSYbNuJ6vEqWoVCdN0gE0ATKq3nWVl8CQQPwpV2tJDrPdAHFODmKmqo8IFgAHqyRO0hr9BaqordDDyWppP2oASWMI72rX0enTygLfx7K93hfPZbJGegKDhdJzoDzdreKRi75fnLogHACzpIP+wizQYDJromLZKL8WrEzHfWCtfQANOc8vTII6NFr7eKxMwuR/PTCcps+UVAQ5As99rRlyEDbG/QjHc2rO4Nih/MO4FqX3cRRQdMkeKJncSBl26iIKCfuveIE/81k7ohZ7NJukYA/k3HUPI9CiuC2WlMFiiG8vHHKf8RlXZjTIuKMOd8OnkGKPCF5w
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:CH0PR11MB5739.namprd11.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230031)(136003)(366004)(396003)(346002)(376002)(39850400004)(230273577357003)(230922051799003)(230173577357003)(451199024)(1800799009)(186009)(64100799003)(38070700009)(19627405001)(55016003)(26005)(71200400001)(2906002)(166002)(8676002)(53546011)(33656002)(122000001)(4326008)(38100700002)(52536014)(83380400001)(8936002)(7696005)(5660300002)(66476007)(316002)(9686003)(6506007)(966005)(66446008)(110136005)(478600001)(66946007)(41300700001)(86362001)(76116006)(66556008)(64756008); DIR:OUT; SFP:1102;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: +Xkm37DOopV31eBA/6WPF4aWylk7z8B5HWAcB9s9FLsFFtH/Sd3QVpH0AoRC9/OntK6IayW5YGVoB5r5EiBBEbougfZBUQmNVUtx5VvjelyAh/6R7m4Vo3n6m0V0oesCU7pfUlI/xItZKjCEt2mQuqddSAqPo7wV0gbsIf7M4VQmd0RwWYDlM0pdsdtVqhNBN+SWdVM2yaQfg8QClb5pkbb6MV9t8PpER+q5rVc9/XgnCDnlziH2KgTyi8bkmtroCvHQ265B0yvHTe249GL+pPtQ/Ga3cm/5gkxyDZsaxqFKICZ4U2rLQnAzidRPdhg5vfWRghvQg/T3tYA7vlC1HIEiNBV/mc8CRHDUdLcPVQC36RDWj8AImK3d50TIsC3P5p8Owdgr9AHXYCx0BbLXc5BT1n0pXzIavwj84f7F+VwUc+qjxMdp/egx//jz17/e1TkoTjE9O0YPpEZgj+6cPkMyD0rJy6F9kMXjCleNKtQQH7pgWzlcz4OUO9CfeX3kvRbjtUzVLF9Ef8ky0oIXiyAdqTEMF9k/W4/ljPo7KEywfukuTiMAAVina6JKEm/e9o5buMkJ6UiZI3aI5BgDmSfuUtQbeQZnoko8bzfUXkw8yt2/3kg8gGLrDaJRo5IiJswYL9CQ3xaDMcGEHobkJRmrYxDkfHuUNds4Nc1IBPK/tdSAPJVxXydfP6zt6zocO6pSLWjcmgDdaWmlvuWDXpbjhhm7JDEpupX571NUb7fwXOLJ0fSDYzQV7MsJ2FIWGG4oJe/OBjMt7zD8QYwr8korwBd5NQXAyrMFbuqsG5LjZb/BrCB7rk+xc08eZH83CwZ7ffZ50gG88u3RGQfdJ3RBbDuTmk+EmRLK3D2vOTwWthZkQmMWUZupWULAWEfUcFO7GJH+bf9CvaKB5cTh+brN9kRElJZKCopam849IGk5a+dkckxFzcA/R+Hd9ZXdwGxlEI9zuGc5hW1ULLuZL5/Wg/YsktgXPkx4e0OxMBv68sgGSoKy1YarkXoLmNHxgPM/UX6LkDX4b0uzGB7HlwS8JZw2xyZTxebFaOvKfMRG/A/IRoS1v8J9nj07W6dNW1aBzXhCQnNJTka+mD0aqfM4FsnXO7w+qqz9E62LPcW/Fv+/hWWAcGrA1TFCFkZkgll9KcIiXXbsgEmk48FiPiOjzrsC5fLb3D7YGw5jp3I589YSmQg40ZlGwObV49L+jkKgAaDg0LKL3C2D6nCjghErAt/1d4FRAIZxkH4BxixSzZP/flZexu70+26n+n7wLzFtCUoADEhev/yxtPb9rUtO8sQvDELfnbnt04H6ExN08cOE7Per4TCzFpc3AFLptsHTNTjOeqdWNc5aw3HUlzb93GJhnninQyrS0sPoriOAuhtxTbR7OU2syAwnHeHQ9I0r7oyNUk2A+8+CTci+Vz6+Nr+02kiwrk0eyx1yQ9iJ5Az27WMIq3jQ7e4LlFNhfyEPL8kqOwiZ+biE2IHUG/kznft5sl63pFozY8oA5Q5cRXR9w5hjNsVNVmGq/LxkLkdw6JaZA2Gli2fQH4pkSJGvoVFdYHa9Dro8WjV0uxvXGNSsbKLK3HkHMJMoU2KXOmz9DLprcWJQ4dca9OHuDA==
Content-Type: multipart/alternative; boundary="_000_CH0PR11MB573915B912FA76F9D2A8B3239FA3ACH0PR11MB5739namp_"
MIME-Version: 1.0
X-OriginatorOrg: entrust.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: CH0PR11MB5739.namprd11.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: e8eb3f6d-4835-48fb-dbcd-08dbd7e0cb50
X-MS-Exchange-CrossTenant-originalarrivaltime: 28 Oct 2023 18:07:48.6477 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: f46cf439-27ef-4acf-a800-15072bb7ddc1
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: Wk0uaOkx0hU/1WEm/QyG22lRqo2rYNpRQS5kvvqukKrlHYlb0xpwPEqhOKkfUq59BGfBCfhJS/kSt1jaOj8KCIr4+llq/W+fy0zGVUEesBw=
X-MS-Exchange-Transport-CrossTenantHeadersStamped: IA1PR11MB7680
X-Proofpoint-ORIG-GUID: 9iJHO4gxr9r3OBuJEFRBG7owymfY8uv7
X-Proofpoint-GUID: 9iJHO4gxr9r3OBuJEFRBG7owymfY8uv7
X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.272,Aquarius:18.0.987,Hydra:6.0.619,FMLib:17.11.176.26 definitions=2023-10-28_17,2023-10-27_01,2023-05-22_02
X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 impostorscore=0 malwarescore=0 spamscore=0 mlxlogscore=999 lowpriorityscore=0 adultscore=0 priorityscore=1501 mlxscore=0 clxscore=1011 suspectscore=0 phishscore=0 bulkscore=0 classifier=spam adjust=0 reason=mlx scancount=1 engine=8.19.0-2310240000 definitions=main-2310280147
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/EcLxI8z46ZFpyzf9marM7Q2SkEY>
Subject: Re: [lamps] [EXTERNAL] Re: Adoption call for draft-housley-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 28 Oct 2023 18:08:03 -0000

Panos,

Specifically, draft-ietf-lamps-pq-composite-kem instantiates RSA-KEM (RFC5990bis) with:
keyDerivationFunction  kda-kdf3 with id-sha3-256
See:
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-kem-02#name-rsa-kem-parameters

Therefore, I need an OID for id-sha3-256.

I guess this is a design choice that the WG can discuss. We could instead use id-shake-256 from RFC8702, which is usable as a digest algorithm as per section 3.1, but why? If what I actually want is a hash function, then why can’t I have a hash function?

- Mike Ounsworth
________________________________
From: Spasm <spasm-bounces@ietf.org> on behalf of Russ Housley <housley@vigilsec.com>
Sent: Saturday, October 28, 2023 10:44:57 AM
To: Panos Kampanakis <kpanos@amazon.com>
Cc: LAMPS <spasm@ietf.org>
Subject: [EXTERNAL] Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash

Panos: Mike Ounsworth needs these OIDs to be available, and the easiest solution was to just publish the previously abandoned I-D. Russ On Oct 27, 2023, at 11: 00 PM, Kampanakis, Panos <kpanos=40amazon. com@ dmarc. ietf. org> wrote: Hi Russ,

Panos:

Mike Ounsworth needs these OIDs to be available, and the easiest solution was to just publish the previously abandoned I-D.

Russ



On Oct 27, 2023, at 11:00 PM, Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org> wrote:

Hi Russ,

I was under the impression that SHAKEs for CMS and X.509 would suffice for introducing the Keccak family to these standards. SHAKEs have the same security and better performance. I thought that was the reason draft-turner-lamps-adding-sha3-to-pkix never made it.

Is there a reason why someone would use SHA-3 in CMS instead of SHAKE128 or SHAKE256 (RFC8702)?



From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Tim Hollebeek
Sent: Friday, October 27, 2023 11:39 AM
To: SPASM <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: [EXTERNAL] [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.

Hello,

Russ has asked for an adoption call for this short document that explains how to
use SHA-3 with CMS.  Since people may be traveling to IETF 118, we’ll do a three
week adoption call.


https://datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGArWDMhf$>

Abstract

   This document describes the conventions for using the four one-way
   hash functions in the SHA3 family with the Cryptographic Message
   Syntax (CMS).

Please indicate whether you support adoption, and optionally indicate why, on
the list by 17 November 2023.

For the chairs,

-Tim

_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGMDI1k9b$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email