IETF Logo Mail Archive

Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash

"Kampanakis, Panos" <kpanos@amazon.com> Sun, 29 October 2023 02:37 UTC

Return-Path: <prvs=65998350a=kpanos@amazon.com>
X-Original-To: spasm@ietfa.amsl.com
Delivered-To: spasm@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 535D9C14CEFC for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 19:37:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.3
X-Spam-Level:
X-Spam-Status: No, score=-4.3 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.001, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_FONT_LOW_CONTRAST=0.001, HTML_MESSAGE=0.001, HTTPS_HTTP_MISMATCH=0.1, RCVD_IN_DNSWL_MED=-2.3, RCVD_IN_MSPIKE_H5=0.001, RCVD_IN_MSPIKE_WL=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001, T_SCC_BODY_TEXT_LINE=-0.01, UNPARSEABLE_RELAY=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=amazon.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4cXTA1XgJzC8 for <spasm@ietfa.amsl.com>; Sat, 28 Oct 2023 19:37:29 -0700 (PDT)
Received: from smtp-fw-52004.amazon.com (smtp-fw-52004.amazon.com [52.119.213.154]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 97761C14CEFF for <spasm@ietf.org>; Sat, 28 Oct 2023 19:37:29 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=amazon.com; i=@amazon.com; q=dns/txt; s=amazon201209; t=1698547049; x=1730083049; h=from:to:cc:date:message-id:references:in-reply-to: mime-version:subject; bh=9iLCGQhycjiYxJh54IRnsUucxYAy8wNSEvYKKS3CGi4=; b=b3kLa02a7LWjlNjeCmrsxYzjD0CdjqwzxnpgELYYFmZzvXhHjB/ts6JL ia6Dfp3Wc0pcGbF8RdX9zkT0LYILWJ46xx0MDtefVdyU4OSXYs+KI9+jJ S9+G1n2+7wo9y0Cnd/MUoT6rsvFLnUKABI2MtusPK/1oIOJFlrh0GISi5 c=;
X-IronPort-AV: E=Sophos;i="6.03,260,1694736000"; d="scan'208,217";a="162949963"
Thread-Topic: [lamps] Re: Adoption call for draft-housley-lamps-cms-sha3-hash
Received: from iad12-co-svc-p1-lb1-vlan2.amazon.com (HELO email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com) ([10.43.8.2]) by smtp-border-fw-52004.iad7.amazon.com with ESMTP/TLS/ECDHE-RSA-AES256-GCM-SHA384; 29 Oct 2023 02:37:27 +0000
Received: from smtpout.prod.us-west-2.prod.farcaster.email.amazon.dev (iad7-ws-svc-p70-lb3-vlan2.iad.amazon.com [10.32.235.34]) by email-inbound-relay-iad-1e-m6i4x-9694bb9e.us-east-1.amazon.com (Postfix) with ESMTPS id D4199887FC; Sun, 29 Oct 2023 02:37:26 +0000 (UTC)
Received: from EX19MTAUWB002.ant.amazon.com [10.0.7.35:50593] by smtpin.naws.us-west-2.prod.farcaster.email.amazon.dev [10.0.11.230:2525] with esmtp (Farcaster) id f338810e-85df-4457-a7cd-e5d8ae34cbc9; Sun, 29 Oct 2023 02:37:26 +0000 (UTC)
X-Farcaster-Flow-ID: f338810e-85df-4457-a7cd-e5d8ae34cbc9
Received: from EX19D001ANA002.ant.amazon.com (10.37.240.136) by EX19MTAUWB002.ant.amazon.com (10.250.64.231) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.2.1118.39; Sun, 29 Oct 2023 02:37:25 +0000
Received: from EX19D001ANA001.ant.amazon.com (10.37.240.156) by EX19D001ANA002.ant.amazon.com (10.37.240.136) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA) id 15.2.1118.39; Sun, 29 Oct 2023 02:37:24 +0000
Received: from EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055]) by EX19D001ANA001.ant.amazon.com ([fe80::4f78:75cd:3117:8055%5]) with mapi id 15.02.1118.039; Sun, 29 Oct 2023 02:37:24 +0000
From: "Kampanakis, Panos" <kpanos@amazon.com>
To: Mike Ounsworth <Mike.Ounsworth=40entrust.com@dmarc.ietf.org>, Russ Housley <housley@vigilsec.com>
CC: LAMPS <spasm@ietf.org>
Thread-Index: AQHaCcnHHqhzqjWEE0ymcKqWx/2r1bBgDWjg
Date: Sun, 29 Oct 2023 02:37:24 +0000
Message-ID: <fb2e4bbe95964d8e9015e3787385fa53@amazon.com>
References: <SN7PR14MB64924398A13D7C521AEDF4B283DCA@SN7PR14MB6492.namprd14.prod.outlook.com> <bfa2812c899541cc84f7c5abb38ee435@amazon.com> <597E6452-69BF-41EE-A3EB-19AF0A01304C@vigilsec.com> <CH0PR11MB573915B912FA76F9D2A8B3239FA3A@CH0PR11MB5739.namprd11.prod.outlook.com>
In-Reply-To: <CH0PR11MB573915B912FA76F9D2A8B3239FA3A@CH0PR11MB5739.namprd11.prod.outlook.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [10.37.240.200]
Content-Type: multipart/alternative; boundary="_000_fb2e4bbe95964d8e9015e3787385fa53amazoncom_"
MIME-Version: 1.0
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/GsHy-ED5UNkRhuRR4yiYbD8YqZU>
Subject: Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 29 Oct 2023 02:37:34 -0000

Hi Mike,

> I guess this is a design choice that the WG can discuss. We could instead use id-shake-256 from RFC8702, which is usable as a digest algorithm as per section 3.1, but why? If what I actually want is a hash function, then why can’t I have a hash function?

I suggest to discuss this in IETF-118. SHAKEs are XOFs but can be used just fine as hashes with constant output size. Their performance is better, and generally that is the reason they have be favored and more adopted than SHA-3 (in the same family).




From: Spasm <spasm-bounces@ietf.org> On Behalf Of Mike Ounsworth
Sent: Saturday, October 28, 2023 2:08 PM
To: Russ Housley <housley@vigilsec.com>; Kampanakis, Panos <kpanos@amazon.com>
Cc: LAMPS <spasm@ietf.org>
Subject: RE: [EXTERNAL] [lamps] [EXTERNAL] Re: Adoption call for draft-housley-lamps-cms-sha3-hash


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Panos,

Specifically, draft-ietf-lamps-pq-composite-kem instantiates RSA-KEM (RFC5990bis) with:
keyDerivationFunction  kda-kdf3 with id-sha3-256
See:
https://datatracker.ietf.org/doc/html/draft-ietf-lamps-pq-composite-kem-02#name-rsa-kem-parameters

Therefore, I need an OID for id-sha3-256.

I guess this is a design choice that the WG can discuss. We could instead use id-shake-256 from RFC8702, which is usable as a digest algorithm as per section 3.1, but why? If what I actually want is a hash function, then why can’t I have a hash function?

- Mike Ounsworth
________________________________
From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> on behalf of Russ Housley <housley@vigilsec.com<mailto:housley@vigilsec.com>>
Sent: Saturday, October 28, 2023 10:44:57 AM
To: Panos Kampanakis <kpanos@amazon.com<mailto:kpanos@amazon.com>>
Cc: LAMPS <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: [EXTERNAL] Re: [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash

Panos: Mike Ounsworth needs these OIDs to be available, and the easiest solution was to just publish the previously abandoned I-D. Russ On Oct 27, 2023, at 11: 00 PM, Kampanakis, Panos <kpanos=40amazon. com@ dmarc. ietf. org> wrote: Hi Russ,

Panos:

Mike Ounsworth needs these OIDs to be available, and the easiest solution was to just publish the previously abandoned I-D.

Russ


On Oct 27, 2023, at 11:00 PM, Kampanakis, Panos <kpanos=40amazon.com@dmarc.ietf.org<mailto:kpanos=40amazon.com@dmarc.ietf.org>> wrote:

Hi Russ,

I was under the impression that SHAKEs for CMS and X.509 would suffice for introducing the Keccak family to these standards. SHAKEs have the same security and better performance. I thought that was the reason draft-turner-lamps-adding-sha3-to-pkix never made it.

Is there a reason why someone would use SHA-3 in CMS instead of SHAKE128 or SHAKE256 (RFC8702)?



From: Spasm <spasm-bounces@ietf.org<mailto:spasm-bounces@ietf.org>> On Behalf Of Tim Hollebeek
Sent: Friday, October 27, 2023 11:39 AM
To: SPASM <spasm@ietf.org<mailto:spasm@ietf.org>>
Subject: [EXTERNAL] [lamps] Adoption call for draft-housley-lamps-cms-sha3-hash


CAUTION: This email originated from outside of the organization. Do not click links or open attachments unless you can confirm the sender and know the content is safe.


Hello,

Russ has asked for an adoption call for this short document that explains how to
use SHA-3 with CMS.  Since people may be traveling to IETF 118, we’ll do a three
week adoption call.


https://datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00<https://urldefense.com/v3/__https:/datatracker.ietf.org/doc/html/draft-housley-lamps-cms-sha3-hash-00__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGArWDMhf$>

Abstract

   This document describes the conventions for using the four one-way
   hash functions in the SHA3 family with the Cryptographic Message
   Syntax (CMS).

Please indicate whether you support adoption, and optionally indicate why, on
the list by 17 November 2023.

For the chairs,

-Tim

_______________________________________________
Spasm mailing list
Spasm@ietf.org<mailto:Spasm@ietf.org>
https://www.ietf.org/mailman/listinfo/spasm<https://urldefense.com/v3/__https:/www.ietf.org/mailman/listinfo/spasm__;!!FJ-Y8qCqXTj2!btMHx3oQg1XcdsmiDk3zQn-HVGxUExFHzJp0v2bwunfFVR3P8235FQ_QH4pzRkyD49fJSywzek8dgSw-P9DqGMDI1k9b$>

Any email and files/attachments transmitted with it are intended solely for the use of the individual or entity to whom they are addressed. If this message has been sent to you in error, you must not copy, distribute or disclose of the information it contains. Please notify Entrust immediately and delete the message from your system.

v2.23.0 | Report a Bug | By Email